DATABASE RESOURCES PRICING ABOUT US

{"id": "SMNTC-110274", "vendorId": null, "type": "symantec", "bulletinFamily": "software", "title": "Linux Kernel CVE-2019-17075 Denial of Service Vulnerability", "description": "### Description\n\nLinux Kernel is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions. Linux kernel versions through 5.3.2 are vulnerable.\n\n### Technologies Affected\n\n * Linux kernel 2.6.0 \n * Linux kernel 2.6.1 \n * Linux kernel 2.6.11 .11 \n * Linux kernel 2.6.11 .12 \n * Linux kernel 2.6.11 .4 \n * Linux kernel 2.6.11 .5 \n * Linux kernel 2.6.11 .6 \n * Linux kernel 2.6.11 .7 \n * Linux kernel 2.6.11 .8 \n * Linux kernel 2.6.11 \n * Linux kernel 2.6.11.1 \n * Linux kernel 2.6.11.10 \n * Linux kernel 2.6.11.11 \n * Linux kernel 2.6.11.12 \n * Linux kernel 2.6.11.2 \n * Linux kernel 2.6.11.3 \n * Linux kernel 2.6.11.4 \n * Linux kernel 2.6.11.5 \n * Linux kernel 2.6.11.6 \n * Linux kernel 2.6.11.7 \n * Linux kernel 2.6.11.8 \n * Linux kernel 2.6.11.9 \n * Linux kernel 2.6.12 .1 \n * Linux kernel 2.6.12 .12 \n * Linux kernel 2.6.12 .2 \n * Linux kernel 2.6.12 .22 \n * Linux kernel 2.6.12 .3 \n * Linux kernel 2.6.12 .4 \n * Linux kernel 2.6.12 .5 \n * Linux kernel 2.6.12 .6 \n * Linux kernel 2.6.12 \n * Linux kernel 2.6.12.1 \n * Linux kernel 2.6.12.2 \n * Linux kernel 2.6.12.3 \n * Linux kernel 2.6.12.4 \n * Linux kernel 2.6.12.5 \n * Linux kernel 2.6.12.6 \n * Linux kernel 2.6.13 .1 \n * Linux kernel 2.6.13 .2 \n * Linux kernel 2.6.13 .3 \n * Linux kernel 2.6.13 .4 \n * Linux kernel 2.6.13 \n * Linux kernel 2.6.13.2 \n * Linux kernel 2.6.13.3 \n * Linux kernel 2.6.13.4 \n * Linux kernel 2.6.13.5 \n * Linux kernel 2.6.14 .1 \n * Linux kernel 2.6.14 .2 \n * Linux kernel 2.6.14 .3 \n * Linux kernel 2.6.14 \n * Linux kernel 2.6.14.1 \n * Linux kernel 2.6.14.2 \n * Linux kernel 2.6.14.3 \n * Linux kernel 2.6.14.4 \n * Linux kernel 2.6.14.5 \n * Linux kernel 2.6.14.6 \n * Linux kernel 2.6.14.7 \n * Linux kernel 2.6.15 .4 \n * Linux kernel 2.6.15 \n * Linux kernel 2.6.15.1 \n * Linux kernel 2.6.15.11 \n * Linux kernel 2.6.15.2 \n * Linux kernel 2.6.15.3 \n * Linux kernel 2.6.15.4 \n * Linux kernel 2.6.15.5 \n * Linux kernel 2.6.15.6 \n * Linux kernel 2.6.15.7 \n * Linux kernel 2.6.16 .1 \n * Linux kernel 2.6.16 .11 \n * Linux kernel 2.6.16 .12 \n * Linux kernel 2.6.16 .19 \n * Linux kernel 2.6.16 .23 \n * Linux kernel 2.6.16 .7 \n * Linux kernel 2.6.16 .9 \n * Linux kernel 2.6.16 13 \n * Linux kernel 2.6.16 27 \n * Linux kernel 2.6.16 \n * Linux kernel 2.6.16.10 \n * Linux kernel 2.6.16.11 \n * Linux kernel 2.6.16.12 \n * Linux kernel 2.6.16.13 \n * Linux kernel 2.6.16.14 \n * Linux kernel 2.6.16.15 \n * Linux kernel 2.6.16.16 \n * Linux kernel 2.6.16.17 \n * Linux kernel 2.6.16.18 \n * Linux kernel 2.6.16.19 \n * Linux kernel 2.6.16.2 \n * Linux kernel 2.6.16.20 \n * Linux kernel 2.6.16.21 \n * Linux kernel 2.6.16.22 \n * Linux kernel 2.6.16.24 \n * Linux kernel 2.6.16.25 \n * Linux kernel 2.6.16.26 \n * Linux kernel 2.6.16.27 \n * Linux kernel 2.6.16.28 \n * Linux kernel 2.6.16.29 \n * Linux kernel 2.6.16.3 \n * Linux kernel 2.6.16.30 \n * Linux kernel 2.6.16.31 \n * Linux kernel 2.6.16.32 \n * Linux kernel 2.6.16.33 \n * Linux kernel 2.6.16.34 \n * Linux kernel 2.6.16.35 \n * Linux kernel 2.6.16.36 \n * Linux kernel 2.6.16.37 \n * Linux kernel 2.6.16.38 \n * Linux kernel 2.6.16.39 \n * Linux kernel 2.6.16.4 \n * Linux kernel 2.6.16.40 \n * Linux kernel 2.6.16.41 \n * Linux kernel 2.6.16.43 \n * Linux kernel 2.6.16.44 \n * Linux kernel 2.6.16.45 \n * Linux kernel 2.6.16.46 \n * Linux kernel 2.6.16.47 \n * Linux kernel 2.6.16.48 \n * Linux kernel 2.6.16.49 \n * Linux kernel 2.6.16.5 \n * Linux kernel 2.6.16.50 \n * Linux kernel 2.6.16.51 \n * Linux kernel 2.6.16.52 \n * Linux kernel 2.6.16.53 \n * Linux kernel 2.6.16.6 \n * Linux kernel 2.6.16.7 \n * Linux kernel 2.6.16.8 \n * Linux kernel 2.6.16.9 \n * Linux kernel 2.6.17 .8 \n * Linux kernel 2.6.17 \n * Linux kernel 2.6.17.1 \n * Linux kernel 2.6.17.10 \n * Linux kernel 2.6.17.11 \n * Linux kernel 2.6.17.12 \n * Linux kernel 2.6.17.13 \n * Linux kernel 2.6.17.14 \n * Linux kernel 2.6.17.2 \n * Linux kernel 2.6.17.3 \n * Linux kernel 2.6.17.4 \n * Linux kernel 2.6.17.5 \n * Linux kernel 2.6.17.6 \n * Linux kernel 2.6.17.7 \n * Linux kernel 2.6.17.9 \n * Linux kernel 2.6.18 .1 \n * Linux kernel 2.6.18 \n * Linux kernel 2.6.18.2 \n * Linux kernel 2.6.18.3 \n * Linux kernel 2.6.18.4 \n * Linux kernel 2.6.18.5 \n * Linux kernel 2.6.18.6 \n * Linux kernel 2.6.18.7 \n * Linux kernel 2.6.18.8 \n * Linux kernel 2.6.19 \n * Linux kernel 2.6.19.1 \n * Linux kernel 2.6.19.2 \n * Linux kernel 2.6.19.3 \n * Linux kernel 2.6.19.4 \n * Linux kernel 2.6.2 \n * Linux kernel 2.6.20 \n * Linux kernel 2.6.20-2 \n * Linux kernel 2.6.20.1 \n * Linux kernel 2.6.20.10 \n * Linux kernel 2.6.20.11 \n * Linux kernel 2.6.20.12 \n * Linux kernel 2.6.20.13 \n * Linux kernel 2.6.20.14 \n * Linux kernel 2.6.20.15 \n * Linux kernel 2.6.20.2 \n * Linux kernel 2.6.20.3 \n * Linux kernel 2.6.20.4 \n * Linux kernel 2.6.20.5 \n * Linux kernel 2.6.20.6 \n * Linux kernel 2.6.20.7 \n * Linux kernel 2.6.20.8 \n * Linux kernel 2.6.20.9 \n * Linux kernel 2.6.21 .1 \n * Linux kernel 2.6.21 4 \n * Linux kernel 2.6.21 \n * Linux kernel 2.6.21.2 \n * Linux kernel 2.6.21.3 \n * Linux kernel 2.6.21.6 \n * Linux kernel 2.6.21.7 \n * Linux kernel 2.6.22 \n * Linux kernel 2.6.22.1 \n * Linux kernel 2.6.22.11 \n * Linux kernel 2.6.22.12 \n * Linux kernel 2.6.22.13 \n * Linux kernel 2.6.22.14 \n * Linux kernel 2.6.22.15 \n * Linux kernel 2.6.22.16 \n * Linux kernel 2.6.22.17 \n * Linux kernel 2.6.23.1 \n * Linux kernel 2.6.23.10 \n * Linux kernel 2.6.23.14 \n * Linux kernel 2.6.23.2 \n * Linux kernel 2.6.23.3 \n * Linux kernel 2.6.23.4 \n * Linux kernel 2.6.23.5 \n * Linux kernel 2.6.23.6 \n * Linux kernel 2.6.24 \n * Linux kernel 2.6.24.1 \n * Linux kernel 2.6.24.2 \n * Linux kernel 2.6.25 19 \n * Linux kernel 2.6.25.1 \n * Linux kernel 2.6.25.2 \n * Linux kernel 2.6.25.3 \n * Linux kernel 2.6.25.4 \n * Linux kernel 2.6.25.6 \n * Linux kernel 2.6.25.7 \n * Linux kernel 2.6.25.8 \n * Linux kernel 2.6.25.9 \n * Linux kernel 2.6.26 7 \n * Linux kernel 2.6.26 \n * Linux kernel 2.6.26.3 \n * Linux kernel 2.6.26.4 \n * Linux kernel 2.6.26.5 \n * Linux kernel 2.6.26.6 \n * Linux kernel 2.6.27.12 \n * Linux kernel 2.6.27.13 \n * Linux kernel 2.6.27.14 \n * Linux kernel 2.6.27.24 \n * Linux kernel 2.6.27.46 \n * Linux kernel 2.6.27.8 \n * Linux kernel 2.6.28.1 \n * Linux kernel 2.6.28.2 \n * Linux kernel 2.6.28.3 \n * Linux kernel 2.6.28.4 \n * Linux kernel 2.6.28.5 \n * Linux kernel 2.6.28.6 \n * Linux kernel 2.6.28.8 \n * Linux kernel 2.6.29 \n * Linux kernel 2.6.29.1 \n * Linux kernel 2.6.29.4 \n * Linux kernel 2.6.3 \n * Linux kernel 2.6.30 \n * Linux kernel 2.6.30.1 \n * Linux kernel 2.6.30.10 \n * Linux kernel 2.6.30.3 \n * Linux kernel 2.6.30.4 \n * Linux kernel 2.6.30.5 \n * Linux kernel 2.6.31 \n * Linux kernel 2.6.31.1 \n * Linux kernel 2.6.31.11 \n * Linux kernel 2.6.31.13 \n * Linux kernel 2.6.31.2 \n * Linux kernel 2.6.31.4 \n * Linux kernel 2.6.31.5 \n * Linux kernel 2.6.31.6 \n * Linux kernel 2.6.32 \n * Linux kernel 2.6.32.1 \n * Linux kernel 2.6.32.10 \n * Linux kernel 2.6.32.11 \n * Linux kernel 2.6.32.12 \n * Linux kernel 2.6.32.13 \n * Linux kernel 2.6.32.14 \n * Linux kernel 2.6.32.15 \n * Linux kernel 2.6.32.16 \n * Linux kernel 2.6.32.17 \n * Linux kernel 2.6.32.18 \n * Linux kernel 2.6.32.2 \n * Linux kernel 2.6.32.22 \n * Linux kernel 2.6.32.28 \n * Linux kernel 2.6.32.3 \n * Linux kernel 2.6.32.4 \n * Linux kernel 2.6.32.5 \n * Linux kernel 2.6.32.6 \n * Linux kernel 2.6.32.60 \n * Linux kernel 2.6.32.61 \n * Linux kernel 2.6.32.62 \n * Linux kernel 2.6.32.7 \n * Linux kernel 2.6.32.8 \n * Linux kernel 2.6.32.9 \n * Linux kernel 3.0 \n * Linux kernel 3.0.1 \n * Linux kernel 3.0.18 \n * Linux kernel 3.0.2 \n * Linux kernel 3.0.34 \n * Linux kernel 3.0.37 \n * Linux kernel 3.0.4 \n * Linux kernel 3.0.5 \n * Linux kernel 3.0.58 \n * Linux kernel 3.0.59 \n * Linux kernel 3.0.60 \n * Linux kernel 3.0.62 \n * Linux kernel 3.0.65 \n * Linux kernel 3.0.66 \n * Linux kernel 3.0.69 \n * Linux kernel 3.0.72 \n * Linux kernel 3.0.75 \n * Linux kernel 3.0.98 \n * Linux kernel 3.1 \n * Linux kernel 3.1.8 \n * Linux kernel 3.10 \n * Linux kernel 3.10.0 \n * Linux kernel 3.10.10 \n * Linux kernel 3.10.14 \n * Linux kernel 3.10.17 \n * Linux kernel 3.10.20 \n * Linux kernel 3.10.21 \n * Linux kernel 3.10.22 \n * Linux kernel 3.10.23 \n * Linux kernel 3.10.26 \n * Linux kernel 3.10.27 \n * Linux kernel 3.10.30 \n * Linux kernel 3.10.31 \n * Linux kernel 3.10.36 \n * Linux kernel 3.10.37 \n * Linux kernel 3.10.38 \n * Linux kernel 3.10.41 \n * Linux kernel 3.10.43 \n * Linux kernel 3.10.45 \n * Linux kernel 3.10.5 \n * Linux kernel 3.10.7 \n * Linux kernel 3.10.73 \n * Linux kernel 3.10.81 \n * Linux kernel 3.10.9 \n * Linux kernel 3.10.90 \n * Linux kernel 3.11 \n * Linux kernel 3.11.3 \n * Linux kernel 3.11.6 \n * Linux kernel 3.11.9 \n * Linux kernel 3.12 \n * Linux kernel 3.12.1 \n * Linux kernel 3.12.11 \n * Linux kernel 3.12.12 \n * Linux kernel 3.12.14 \n * Linux kernel 3.12.15 \n * Linux kernel 3.12.16 \n * Linux kernel 3.12.17 \n * Linux kernel 3.12.18 \n * Linux kernel 3.12.2 \n * Linux kernel 3.12.21 \n * Linux kernel 3.12.22 \n * Linux kernel 3.12.3 \n * Linux kernel 3.12.4 \n * Linux kernel 3.12.40 \n * Linux kernel 3.12.44 \n * Linux kernel 3.12.48 \n * Linux kernel 3.12.49 \n * Linux kernel 3.12.7 \n * Linux kernel 3.13 \n * Linux kernel 3.13.0 \n * Linux kernel 3.13.1 \n * Linux kernel 3.13.11 \n * Linux kernel 3.13.3 \n * Linux kernel 3.13.4 \n * Linux kernel 3.13.5 \n * Linux kernel 3.13.6 \n * Linux kernel 3.13.7 \n * Linux kernel 3.13.9 \n * Linux kernel 3.14 \n * Linux kernel 3.14-1 \n * Linux kernel 3.14-4 \n * Linux kernel 3.14.2 \n * Linux kernel 3.14.3 \n * Linux kernel 3.14.37 \n * Linux kernel 3.14.4 \n * Linux kernel 3.14.45 \n * Linux kernel 3.14.5 \n * Linux kernel 3.14.54 \n * Linux kernel 3.14.7 \n * Linux kernel 3.14.73 \n * Linux kernel 3.14.79 \n * Linux kernel 3.15 \n * Linux kernel 3.15.10 \n * Linux kernel 3.15.2 \n * Linux kernel 3.15.5 \n * Linux kernel 3.16 \n * Linux kernel 3.16.0-28 \n * Linux kernel 3.16.1 \n * Linux kernel 3.16.2 \n * Linux kernel 3.16.36 \n * Linux kernel 3.16.6 \n * Linux kernel 3.16.7 \n * Linux kernel 3.17 \n * Linux kernel 3.17.2 \n * Linux kernel 3.17.4 \n * Linux kernel 3.17.6 \n * Linux kernel 3.18 \n * Linux kernel 3.18.1 \n * Linux kernel 3.18.11 \n * Linux kernel 3.18.17 \n * Linux kernel 3.18.2 \n * Linux kernel 3.18.22 \n * Linux kernel 3.18.3 \n * Linux kernel 3.18.7 \n * Linux kernel 3.18.8 \n * Linux kernel 3.18.9 \n * Linux kernel 3.19 \n * Linux kernel 3.19.3 \n * Linux kernel 3.2 \n * Linux kernel 3.2.1 \n * Linux kernel 3.2.12 \n * Linux kernel 3.2.13 \n * Linux kernel 3.2.2 \n * Linux kernel 3.2.23 \n * Linux kernel 3.2.24 \n * Linux kernel 3.2.38 \n * Linux kernel 3.2.42 \n * Linux kernel 3.2.44 \n * Linux kernel 3.2.50 \n * Linux kernel 3.2.51 \n * Linux kernel 3.2.52 \n * Linux kernel 3.2.53 \n * Linux kernel 3.2.54 \n * Linux kernel 3.2.55 \n * Linux kernel 3.2.56 \n * Linux kernel 3.2.57 \n * Linux kernel 3.2.60 \n * Linux kernel 3.2.62 \n * Linux kernel 3.2.63 \n * Linux kernel 3.2.72 \n * Linux kernel 3.2.78 \n * Linux kernel 3.2.81 \n * Linux kernel 3.2.82 \n * Linux kernel 3.2.9 \n * Linux kernel 3.3 \n * Linux kernel 3.3.2 \n * Linux kernel 3.3.4 \n * Linux kernel 3.3.5 \n * Linux kernel 3.4 \n * Linux kernel 3.4.1 \n * Linux kernel 3.4.10 \n * Linux kernel 3.4.11 \n * Linux kernel 3.4.12 \n * Linux kernel 3.4.13 \n * Linux kernel 3.4.14 \n * Linux kernel 3.4.15 \n * Linux kernel 3.4.16 \n * Linux kernel 3.4.17 \n * Linux kernel 3.4.18 \n * Linux kernel 3.4.19 \n * Linux kernel 3.4.2 \n * Linux kernel 3.4.20 \n * Linux kernel 3.4.21 \n * Linux kernel 3.4.25 \n * Linux kernel 3.4.26 \n * Linux kernel 3.4.27 \n * Linux kernel 3.4.29 \n * Linux kernel 3.4.3 \n * Linux kernel 3.4.31 \n * Linux kernel 3.4.32 \n * Linux kernel 3.4.36 \n * Linux kernel 3.4.4 \n * Linux kernel 3.4.42 \n * Linux kernel 3.4.5 \n * Linux kernel 3.4.58 \n * Linux kernel 3.4.6 \n * Linux kernel 3.4.64 \n * Linux kernel 3.4.67 \n * Linux kernel 3.4.7 \n * Linux kernel 3.4.70 \n * Linux kernel 3.4.71 \n * Linux kernel 3.4.72 \n * Linux kernel 3.4.73 \n * Linux kernel 3.4.76 \n * Linux kernel 3.4.8 \n * Linux kernel 3.4.80 \n * Linux kernel 3.4.81 \n * Linux kernel 3.4.86 \n * Linux kernel 3.4.87 \n * Linux kernel 3.4.88 \n * Linux kernel 3.4.9 \n * Linux kernel 3.4.93 \n * Linux kernel 3.5 \n * Linux kernel 3.5.1 \n * Linux kernel 3.5.2 \n * Linux kernel 3.5.3 \n * Linux kernel 3.5.4 \n * Linux kernel 3.5.5 \n * Linux kernel 3.5.6 \n * Linux kernel 3.5.7 \n * Linux kernel 3.6 \n * Linux kernel 3.6.1 \n * Linux kernel 3.6.10 \n * Linux kernel 3.6.11 \n * Linux kernel 3.6.2 \n * Linux kernel 3.6.3 \n * Linux kernel 3.6.4 \n * Linux kernel 3.6.5 \n * Linux kernel 3.6.6 \n * Linux kernel 3.6.7 \n * Linux kernel 3.6.8 \n * Linux kernel 3.6.9 \n * Linux kernel 3.7 \n * Linux kernel 3.7.1 \n * Linux kernel 3.7.10 \n * Linux kernel 3.7.2 \n * Linux kernel 3.7.3 \n * Linux kernel 3.7.4 \n * Linux kernel 3.7.5 \n * Linux kernel 3.7.6 \n * Linux kernel 3.7.7 \n * Linux kernel 3.7.8 \n * Linux kernel 3.7.9 \n * Linux kernel 3.8 \n * Linux kernel 3.8.1 \n * Linux kernel 3.8.2 \n * Linux kernel 3.8.4 \n * Linux kernel 3.8.5 \n * Linux kernel 3.8.6 \n * Linux kernel 3.8.9 \n * Linux kernel 3.9 \n * Linux kernel 3.9.4 \n * Linux kernel 3.9.8 \n * Linux kernel 4.0 \n * Linux kernel 4.0.5 \n * Linux kernel 4.0.6 \n * Linux kernel 4.1 \n * Linux kernel 4.1.1 \n * Linux kernel 4.1.15 \n * Linux kernel 4.1.4 \n * Linux kernel 4.10.0 \n * Linux kernel 4.10.1 \n * Linux kernel 4.10.10 \n * Linux kernel 4.10.11 \n * Linux kernel 4.10.12 \n * Linux kernel 4.10.13 \n * Linux kernel 4.10.2 \n * Linux kernel 4.10.3 \n * Linux kernel 4.10.4 \n * Linux kernel 4.15 \n * Linux kernel 4.15.11 \n * Linux kernel 4.15.14 \n * Linux kernel 4.15.16 \n * Linux kernel 4.15.4 \n * Linux kernel 4.15.7 \n * Linux kernel 4.15.8 \n * Linux kernel 4.15.9 \n * Linux kernel 4.16 \n * Linux kernel 4.16.11 \n * Linux kernel 4.16.3 \n * Linux kernel 4.16.6 \n * Linux kernel 4.16.9 \n * Linux kernel 4.17 \n * Linux kernel 4.17.1 \n * Linux kernel 4.17.10 \n * Linux kernel 4.17.11 \n * Linux kernel 4.17.2 \n * Linux kernel 4.17.3 \n * Linux kernel 4.17.4 \n * Linux kernel 4.17.7 \n * Linux kernel 4.18 \n * Linux kernel 4.18.1 \n * Linux kernel 4.18.11 \n * Linux kernel 4.18.12 \n * Linux kernel 4.18.16 \n * Linux kernel 4.18.5 \n * Linux kernel 4.18.6 \n * Linux kernel 4.18.9 \n * Linux kernel 4.19 \n * Linux kernel 4.19.13 \n * Linux kernel 4.19.19 \n * Linux kernel 4.19.2 \n * Linux kernel 4.19.23 \n * Linux kernel 4.19.3 \n * Linux kernel 4.19.6 \n * Linux kernel 4.19.8 \n * Linux kernel 4.2 \n * Linux kernel 4.2.3 \n * Linux kernel 4.2.8 \n * Linux kernel 4.20.10 \n * Linux kernel 4.20.12 \n * Linux kernel 4.20.14 \n * Linux kernel 4.20.2 \n * Linux kernel 4.20.5 \n * Linux kernel 4.20.6 \n * Linux kernel 4.20.8 \n * Linux kernel 4.3.3 \n * Linux kernel 5.0 \n * Linux kernel 5.0.1 \n * Linux kernel 5.0.10 \n * Linux kernel 5.0.11 \n * Linux kernel 5.0.14 \n * Linux kernel 5.0.15 \n * Linux kernel 5.0.17 \n * Linux kernel 5.0.2 \n * Linux kernel 5.0.3 \n * Linux kernel 5.0.4 \n * Linux kernel 5.0.5 \n * Linux kernel 5.0.6 \n * Linux kernel 5.0.7 \n * Linux kernel 5.0.8 \n * Linux kernel 5.0.9 \n * Linux kernel 5.0rc6 \n * Linux kernel 5.1-rc1 \n * Linux kernel 5.1-rc5 \n * Linux kernel 5.1-rc6 \n * Linux kernel 5.1.12 \n * Linux kernel 5.1.13 \n * Linux kernel 5.1.14 \n * Linux kernel 5.1.15 \n * Linux kernel 5.1.17 \n * Linux kernel 5.1.2 \n * Linux kernel 5.1.3 \n * Linux kernel 5.1.5 \n * Linux kernel 5.1.6 \n * Linux kernel 5.1.7 \n * Linux kernel 5.1.8 \n * Linux kernel 5.1.9 \n * Linux kernel 5.2.1 \n * Linux kernel 5.2.13 \n * Linux kernel 5.2.14 \n * Linux kernel 5.2.17 \n * Linux kernel 5.2.2 \n * Linux kernel 5.2.3 \n * Linux kernel 5.2.6 \n * Linux kernel 5.2.8 \n * Linux kernel 5.2.9 \n * Linux kernel 5.3 \n * Linux kernel 5.3.2 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nFilter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo limit the potential damage that successful exploits may achieve, run all nonadministrative software as an unprivileged user.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "published": "2019-10-01T00:00:00", "modified": "2019-10-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110274", "reporter": "Symantec Security Response", "references": ["https://lore.kernel.org/lkml/20191001165611.GA3542072@kroah.com/", "http://www.kernel.org/"], "cvelist": ["CVE-2019-17075"], "immutableFields": [], "lastseen": "2021-06-08T19:02:08", "viewCount": 22, "enchantments": {"dependencies": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:7D5F114602BB1B4781BFC57065F20675"]}, {"type": "cve", "idList": ["CVE-2019-17075"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2114-1:93D37"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-17075"]}, {"type": "ibm", "idList": ["B68653AE8B3B701FAB183C54D344C9C2EE03602A2C7365EC7CF172320BA1AA2E"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2114.NASL", "EULEROS_SA-2019-2283.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2020-1042.NASL", "EULEROS_SA-2020-1197.NASL", "EULEROS_SA-2021-1056.NASL", "NEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL", "ORACLELINUX_ELSA-2020-5845.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "SLACKWARE_SSA_2019-311-01.NASL", "UBUNTU_USN-4208-1.NASL", "UBUNTU_USN-4210-1.NASL", "UBUNTU_USN-4211-1.NASL", "UBUNTU_USN-4226-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844256", "OPENVAS:1361412562310844257", "OPENVAS:1361412562310844258", "OPENVAS:1361412562310844283", "OPENVAS:1361412562310892114", "OPENVAS:1361412562311220192283", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562311220201042", "OPENVAS:1361412562311220201197"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5845", "ELSA-2020-5866"]}, {"type": "osv", "idList": ["OSV:DLA-2114-1"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-17075"]}, {"type": "slackware", "idList": ["SSA-2019-311-01"]}, {"type": "ubuntu", "idList": ["USN-4208-1", "USN-4210-1", "USN-4211-1", "USN-4211-2", "USN-4226-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-17075"]}]}, "score": {"value": 1.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:7D5F114602BB1B4781BFC57065F20675"]}, {"type": "cve", "idList": ["CVE-2019-17075"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2114-1:93D37"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2019-17075"]}, {"type": "ibm", "idList": ["B68653AE8B3B701FAB183C54D344C9C2EE03602A2C7365EC7CF172320BA1AA2E"]}, {"type": "nessus", "idList": ["BLUECOAT_PROXY_AV_VERSION.NASL", "DEBIAN_DLA-2114.NASL", "EULEROS_SA-2019-2283.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2020-1197.NASL", "SLACKWARE_SSA_2019-311-01.NASL", "UBUNTU_USN-4208-1.NASL", "UBUNTU_USN-4210-1.NASL", "UBUNTU_USN-4211-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310844256", "OPENVAS:1361412562310844257", "OPENVAS:1361412562310844258", "OPENVAS:1361412562310892114", "OPENVAS:1361412562311220201197"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5845"]}, {"type": "slackware", "idList": ["SSA-2019-311-01"]}, {"type": "ubuntu", "idList": ["USN-4208-1", "USN-4210-1", "USN-4211-1", "USN-4211-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-17075"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2019-17075", "epss": "0.009430000", "percentile": "0.807290000", "modified": "2023-03-15"}], "vulnersScore": 1.2}, "_state": {"dependencies": 1678909994, "score": 1683996360, "affected_software_major_version": 0, "epss": 1678939848}, "_internal": {"score_hash": "cdb71177ffaa83996928170da1719634"}, "affectedSoftware": [{"name": "linux kernel", "operator": "eq", "version": "3.19.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.31.13"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.66"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.14"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.43"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.15"}, {"name": "linux kernel", "operator": "eq", "version": "4.0.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.12"}, {"name": "linux kernel", "operator": "eq", "version": "3.14.79"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.25"}, {"name": "linux kernel", "operator": "eq", "version": "3.15.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.24.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.6"}, {"name": "linux kernel", "operator": "eq", "version": "4.18"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.90"}, {"name": "linux kernel", "operator": "eq", "version": "5.2.14"}, {"name": "linux kernel", "operator": "eq", "version": "4.18.16"}, {"name": "linux kernel", "operator": "eq", "version": "3.5.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.20"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.17"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16 .23"}, {"name": "linux kernel", "operator": "eq", "version": "3.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.3.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.13.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.30"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.13"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.23.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.40"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.8"}, {"name": "linux kernel", "operator": "eq", "version": "3.8"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.19.1"}, {"name": "linux kernel", "operator": "eq", "version": "4.15.7"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.31"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.14"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17 .8"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.26"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.23.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.31"}, {"name": "linux kernel", "operator": "eq", "version": "4.10.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.14"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.25.7"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.58"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.23.14"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.21"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.21.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11 .6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.26"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.21"}, {"name": "linux kernel", "operator": "eq", "version": "3.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.48"}, {"name": "linux kernel", "operator": "eq", "version": "3.13"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.76"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.36"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.40"}, {"name": "linux kernel", "operator": "eq", "version": "5.1-rc1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11 .5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.29"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.13 .4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.23.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14.1"}, {"name": "linux kernel", "operator": "eq", "version": "3.7.10"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.29"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.34"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.22.1"}, {"name": "linux kernel", "operator": "eq", "version": "4.16.11"}, {"name": "linux kernel", "operator": "eq", "version": "4.1.1"}, {"name": "linux kernel", "operator": "eq", "version": "3.7.5"}, {"name": "linux kernel", "operator": "eq", "version": "5.2.17"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12 .4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.28.6"}, {"name": "linux kernel", "operator": "eq", "version": "4.16.3"}, {"name": "linux kernel", "operator": "eq", "version": "4.15.8"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.11"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.62"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.24.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.7.9"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.7"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12 .1"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.4"}, {"name": "linux kernel", "operator": "eq", "version": "4.16.9"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.64"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.1"}, {"name": "linux kernel", "operator": "eq", "version": "3.18.9"}, {"name": "linux kernel", "operator": "eq", "version": "3.7.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.29.1"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.26"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.30"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.28"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.9"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.38"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12.1"}, {"name": "linux kernel", "operator": "eq", "version": "3.13.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.9"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.23.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.21.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.13"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.30.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.18.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.70"}, {"name": "linux kernel", "operator": "eq", "version": "4.18.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.62"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.27.8"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.27.12"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.17"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.21.7"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.10"}, {"name": "linux kernel", "operator": "eq", "version": "3.14-1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.12"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.26.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.38"}, {"name": "linux kernel", "operator": "eq", "version": "3.15.2"}, {"name": "linux kernel", "operator": "eq", "version": "4.0.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.16"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.22"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14.7"}, {"name": "linux kernel", "operator": "eq", "version": "3.14.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.16.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.27.24"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.30.10"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.19"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.10"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.47"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.15.1"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.10"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.49"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.11"}, {"name": "linux kernel", "operator": "eq", "version": "5.2.13"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.98"}, {"name": "linux kernel", "operator": "eq", "version": "4.15.11"}, {"name": "linux kernel", "operator": "eq", "version": "3.18.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.22.16"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.18"}, {"name": "linux kernel", "operator": "eq", "version": "4.10.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.52"}, {"name": "linux kernel", "operator": "eq", "version": "4.17.3"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.19"}, {"name": "linux kernel", "operator": "eq", "version": "3.5.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.15.11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16 27"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.82"}, {"name": "linux kernel", "operator": "eq", "version": "3.7"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.3.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.11.9"}, {"name": "linux kernel", "operator": "eq", "version": "4.19.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.26 7"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.13.2"}, {"name": "linux kernel", "operator": "eq", "version": "4.17.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.13.11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.60"}, {"name": "linux kernel", "operator": "eq", "version": "4.20.8"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.17"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.3"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.17"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.30.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.18"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.28.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.23.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.28.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.63"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.19.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.22"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.7"}, {"name": "linux kernel", "operator": "eq", "version": "5.1-rc6"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.26"}, {"name": "linux kernel", "operator": "eq", "version": "3.16.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.28.8"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.86"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.71"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.14.45"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.7"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.9"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.62"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.9"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.14"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.30.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.37"}, {"name": "linux kernel", "operator": "eq", "version": "5.2.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.11"}, {"name": "linux kernel", "operator": "eq", "version": "3.5.1"}, {"name": "linux kernel", "operator": "eq", "version": "4.2.8"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.12"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.24"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.33"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11 .12"}, {"name": "linux kernel", "operator": "eq", "version": "4.16"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.28"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.15 .4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.13 .2"}, {"name": "linux kernel", "operator": "eq", "version": "3.15.10"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.18 .1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.32"}, {"name": "linux kernel", "operator": "eq", "version": "3.16"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.15"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.17"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.23.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.8.9"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.21"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.26.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.46"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16 .12"}, {"name": "linux kernel", "operator": "eq", "version": "3.18.22"}, {"name": "linux kernel", "operator": "eq", "version": "4.18.12"}, {"name": "linux kernel", "operator": "eq", "version": "5.3.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.44"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.13.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20-2"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.49"}, {"name": "linux kernel", "operator": "eq", "version": "3.5.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.31.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.41"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.60"}, {"name": "linux kernel", "operator": "eq", "version": "4.17.10"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.10"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16 .7"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32"}, {"name": "linux kernel", "operator": "eq", "version": "3.18.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.51"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.14"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.51"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.54"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.14.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.14.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.28.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.45"}, {"name": "linux kernel", "operator": "eq", "version": "4.15"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.14"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.15"}, {"name": "linux kernel", "operator": "eq", "version": "4.18.11"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.14"}, {"name": "linux kernel", "operator": "eq", "version": "3.14.73"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.8"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.13 .3"}, {"name": "linux kernel", "operator": "eq", "version": "3.16.0-28"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.7"}, {"name": "linux kernel", "operator": "eq", "version": "4.20.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.75"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.73"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.30.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.15.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.18.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.52"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14"}, {"name": "linux kernel", "operator": "eq", "version": "3.16.7"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.80"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.27.46"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.24"}, {"name": "linux kernel", "operator": "eq", "version": "3.3.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.41"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.44"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.10"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.16"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12 .3"}, {"name": "linux kernel", "operator": "eq", "version": "4.20.14"}, {"name": "linux kernel", "operator": "eq", "version": "3.7.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.19.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.1"}, {"name": "linux kernel", "operator": "eq", "version": "4.18.9"}, {"name": "linux kernel", "operator": "eq", "version": "3.1"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.69"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.45"}, {"name": "linux kernel", "operator": "eq", "version": "4.19.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.16.2"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.0"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12 .12"}, {"name": "linux kernel", "operator": "eq", "version": "3.12"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.7"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12 .22"}, {"name": "linux kernel", "operator": "eq", "version": "3.7.6"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.9.4"}, {"name": "linux kernel", "operator": "eq", "version": "4.20.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.18.7"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.34"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.25"}, {"name": "linux kernel", "operator": "eq", "version": "4.19.19"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.15"}, {"name": "linux kernel", "operator": "eq", "version": "3.9.8"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.9"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12 .5"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.93"}, {"name": "linux kernel", "operator": "eq", "version": "3.19"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.13"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.12"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.15"}, {"name": "linux kernel", "operator": "eq", "version": "3.0"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.12"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.50"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.39"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.2"}, {"name": "linux kernel", "operator": "eq", "version": "4.10.10"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.13"}, {"name": "linux kernel", "operator": "eq", "version": "3.7.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.27.13"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.13"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.21 .1"}, {"name": "linux kernel", "operator": "eq", "version": "4.18.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.22.12"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.38"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.18.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.18.7"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.8"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.18"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.48"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.24"}, {"name": "linux kernel", "operator": "eq", "version": "4.2.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.7"}, {"name": "linux kernel", "operator": "eq", "version": "4.19.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14.6"}, {"name": "linux kernel", "operator": "eq", "version": "5.0rc6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.26.6"}, {"name": "linux kernel", "operator": "eq", "version": "5.2.8"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.9"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.18.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.9"}, {"name": "linux kernel", "operator": "eq", "version": "3.13.0"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.26.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.20"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.15.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.21"}, {"name": "linux kernel", "operator": "eq", "version": "4.17.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.22.15"}, {"name": "linux kernel", "operator": "eq", "version": "5.2.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.21"}, {"name": "linux kernel", "operator": "eq", "version": "3.7.7"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.72"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.14"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.9"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.15"}, {"name": "linux kernel", "operator": "eq", "version": "4.19"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.9"}, {"name": "linux kernel", "operator": "eq", "version": "3.8.6"}, {"name": "linux kernel", "operator": "eq", "version": "4.20.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.21.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.11.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.57"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16 .9"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.15"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.3"}, {"name": "linux kernel", "operator": "eq", "version": "4.17.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.14.54"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.22.17"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.81"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.25.1"}, {"name": "linux kernel", "operator": "eq", "version": "4.10.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16 .11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.10"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.18"}, {"name": "linux kernel", "operator": "eq", "version": "4.17.7"}, {"name": "linux kernel", "operator": "eq", "version": "4.10.12"}, {"name": "linux kernel", "operator": "eq", "version": "3.7.8"}, {"name": "linux kernel", "operator": "eq", "version": "4.19.23"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.8"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12 .6"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.14"}, {"name": "linux kernel", "operator": "eq", "version": "4.18.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.7"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.31.11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.15.7"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.1"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.12"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.88"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11 .11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.8"}, {"name": "linux kernel", "operator": "eq", "version": "3.10"}, {"name": "linux kernel", "operator": "eq", "version": "3.8.1"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.31"}, {"name": "linux kernel", "operator": "eq", "version": "3.13.9"}, {"name": "linux kernel", "operator": "eq", "version": "3.8.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.16.36"}, {"name": "linux kernel", "operator": "eq", "version": "4.15.14"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.22.14"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.31.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.31"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.18"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.42"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.18.4"}, {"name": "linux kernel", "operator": "eq", "version": "4.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.43"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.12"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.35"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.27"}, {"name": "linux kernel", "operator": "eq", "version": "5.1-rc5"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.22.11"}, {"name": "linux kernel", "operator": "eq", "version": "4.16.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.0"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.19.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.65"}, {"name": "linux kernel", "operator": "eq", "version": "3.18.11"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.1.8"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.25.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.15.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.15.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.8.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.27"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.25 19"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.22"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.2"}, {"name": "linux kernel", "operator": "eq", "version": "5.2.1"}, {"name": "linux kernel", "operator": "eq", "version": "3.18"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.53"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.31.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.58"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14 .1"}, {"name": "linux kernel", "operator": "eq", "version": "4.15.16"}, {"name": "linux kernel", "operator": "eq", "version": "4.19.13"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.7"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.17.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.14-4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11 .7"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.16"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11 .8"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.28.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14 .2"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.53"}, {"name": "linux kernel", "operator": "eq", "version": "4.0"}, {"name": "linux kernel", "operator": "eq", "version": "3.13.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11 .4"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.22"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.73"}, {"name": "linux kernel", "operator": "eq", "version": "5.2.9"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.15.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.78"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.31.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.25.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.13.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.23"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.8"}, {"name": "linux kernel", "operator": "eq", "version": "4.17"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.37"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.9"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16 .1"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.72"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16 13"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12 .2"}, {"name": "linux kernel", "operator": "eq", "version": "3.14"}, {"name": "linux kernel", "operator": "eq", "version": "3.17"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.72"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.23.10"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.36"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.27.14"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.44"}, {"name": "linux kernel", "operator": "eq", "version": "5.0"}, {"name": "linux kernel", "operator": "eq", "version": "3.9"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.60"}, {"name": "linux kernel", "operator": "eq", "version": "4.10.0"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.10"}, {"name": "linux kernel", "operator": "eq", "version": "4.19.8"}, {"name": "linux kernel", "operator": "eq", "version": "4.1.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.5.4"}, {"name": "linux kernel", "operator": "eq", "version": "4.10.1"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.56"}, {"name": "linux kernel", "operator": "eq", "version": "3.18.17"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.25.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.55"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.13.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.14.37"}, {"name": "linux kernel", "operator": "eq", "version": "4.15.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.50"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.13"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.12"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.67"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.61"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.12"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.30"}, {"name": "linux kernel", "operator": "eq", "version": "3.17.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.2"}, {"name": "linux kernel", "operator": "eq", "version": "4.1.15"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.81"}, {"name": "linux kernel", "operator": "eq", "version": "5.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.13"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.17"}, {"name": "linux kernel", "operator": "eq", "version": "4.10.13"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.15"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.4"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.87"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.17"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.25.8"}, {"name": "linux kernel", "operator": "eq", "version": "3.10.36"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.18"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.16"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.5"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.8"}, {"name": "linux kernel", "operator": "eq", "version": "4.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.20"}, {"name": "linux kernel", "operator": "eq", "version": "3.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.5.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.7"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.18.8"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.32"}, {"name": "linux kernel", "operator": "eq", "version": "3.11.3"}, {"name": "linux kernel", "operator": "eq", "version": "4.10.11"}, {"name": "linux kernel", "operator": "eq", "version": "3.17.6"}, {"name": "linux kernel", "operator": "eq", "version": "3.11"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.22"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.15"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.14 .3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.13 .1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.25.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.7"}, {"name": "linux kernel", "operator": "eq", "version": "3.6.8"}, {"name": "linux kernel", "operator": "eq", "version": "3.12.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.20.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.28.4"}, {"name": "linux kernel", "operator": "eq", "version": "3.14.7"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.81"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.37"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.19"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.32.1"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16 .19"}, {"name": "linux kernel", "operator": "eq", "version": "3.5.7"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.10"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.11.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.7.2"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.59"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.29"}, {"name": "linux kernel", "operator": "eq", "version": "3.13.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.14.3"}, {"name": "linux kernel", "operator": "eq", "version": "3.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.13.7"}, {"name": "linux kernel", "operator": "eq", "version": "4.3.3"}, {"name": "linux kernel", "operator": "eq", "version": "5.1.9"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.29.4"}, {"name": "linux kernel", "operator": "eq", "version": "4.20.10"}, {"name": "linux kernel", "operator": "eq", "version": "3.4.5"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.42"}, {"name": "linux kernel", "operator": "eq", "version": "4.17.11"}, {"name": "linux kernel", "operator": "eq", "version": "3.2.23"}, {"name": "linux kernel", "operator": "eq", "version": "3.8.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.13.3"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.7"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.18.6"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.31.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.22.13"}, {"name": "linux kernel", "operator": "eq", "version": "3.18.8"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.10"}, {"name": "linux kernel", "operator": "eq", "version": "4.15.9"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.12.3"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.21 4"}, {"name": "linux kernel", "operator": "eq", "version": "3.0.1"}, {"name": "linux kernel", "operator": "eq", "version": "5.2.2"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.17.13"}, {"name": "linux kernel", "operator": "eq", "version": "4.20.12"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.16.27"}, {"name": "linux kernel", "operator": "eq", "version": "2.6.25.9"}, {"name": "linux kernel", "operator": "eq", "version": "5.0.11"}]}

{"ubuntucve": [{"lastseen": "2023-08-09T18:35:22", "description": "An issue was discovered in write_tpt_entry in\ndrivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The\ncxgb4 driver is directly calling dma_map_single (a DMA function) from a\nstack variable. This could allow an attacker to trigger a Denial of\nService, exploitable if this driver is used on an architecture for which\nthis stack/DMA interaction has security relevance.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-01T00:00:00", "type": "ubuntucve", "title": "CVE-2019-17075", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17075"], "modified": "2019-10-01T00:00:00", "id": "UB:CVE-2019-17075", "href": "https://ubuntu.com/security/CVE-2019-17075", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2023-06-13T14:48:56", "description": "An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-01T21:15:00", "type": "cve", "title": "CVE-2019-17075", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17075"], "modified": "2021-06-14T18:15:00", "cpe": ["cpe:/o:linux:linux_kernel:5.3.2"], "id": "CVE-2019-17075", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17075", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:5.3.2:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2023-06-13T14:58:26", "description": "A denial of service (DoS) was found in the write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the cxgb4' Chelsio T4/T5 RDMA Driver. Some of the architectures performing the DMA operation directly from the stack variable (instead of the heap) allows an attacker in the network to cause some security threat.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options don&#x27;t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-25T09:52:52", "type": "redhatcve", "title": "CVE-2019-17075", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17075"], "modified": "2023-04-06T05:59:30", "id": "RH:CVE-2019-17075", "href": "https://access.redhat.com/security/cve/cve-2019-17075", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-06-13T18:12:02", "description": "An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-10-01T21:15:00", "type": "debiancve", "title": "CVE-2019-17075", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17075"], "modified": "2019-10-01T21:15:00", "id": "DEBIANCVE:CVE-2019-17075", "href": "https://security-tracker.debian.org/tracker/CVE-2019-17075", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2023-05-24T14:32:33", "description": "Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4211-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-17075", "CVE-2019-17133"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4211-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4211-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131565);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2018-20784\", \"CVE-2019-17075\", \"CVE-2019-17133\");\n script_xref(name:\"USN\", value:\"4211-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4211-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Zhipeng Xie discovered that an infinite loop could be triggered in the\nCFS Linux kernel process scheduler. A local attacker could possibly\nuse this to cause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux\nkernel did not properly validate SSID lengths. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the\nLinux kernel performed DMA from a kernel stack. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4211-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20784\", \"CVE-2019-17075\", \"CVE-2019-17133\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4211-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1063-kvm\", pkgver:\"4.4.0-1063.70\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1099-aws\", pkgver:\"4.4.0-1099.110\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1126-raspi2\", pkgver:\"4.4.0-1126.135\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1130-snapdragon\", pkgver:\"4.4.0-1130.138\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-170-generic\", pkgver:\"4.4.0-170.199\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-170-generic-lpae\", pkgver:\"4.4.0-170.199\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-170-lowlatency\", pkgver:\"4.4.0-170.199\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1099.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.170.178\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.170.178\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1063.63\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.170.178\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1126.126\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1130.122\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.170.178\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:50", "description": "It was discovered that a buffer overflow existed in the 802.11 Wi-Fi configuration interface for the Linux kernel when handling beacon settings. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-16746)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, (USN-4210-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16746", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-19060", "CVE-2019-19065", "CVE-2019-19075"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4210-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131564", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4210-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131564);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-16746\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-19060\", \"CVE-2019-19065\", \"CVE-2019-19075\");\n script_xref(name:\"USN\", value:\"4210-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, (USN-4210-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a buffer overflow existed in the 802.11 Wi-Fi\nconfiguration interface for the Linux kernel when handling beacon\nsettings. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-16746)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux\nkernel did not properly validate SSID lengths. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-19060)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2019-19065)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless\ncontroller driver for the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2019-19075)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the\nLinux kernel performed DMA from a kernel stack. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4210-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-16746\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-19060\", \"CVE-2019-19065\", \"CVE-2019-19075\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4210-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1030-oracle\", pkgver:\"4.15.0-1030.33~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1050-gcp\", pkgver:\"4.15.0-1050.53\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1056-aws\", pkgver:\"4.15.0-1056.58~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-72-generic\", pkgver:\"4.15.0-72.81~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-72-generic-lpae\", pkgver:\"4.15.0-72.81~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-72-lowlatency\", pkgver:\"4.15.0-72.81~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1056.56\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1050.64\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.72.92\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.72.92\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1050.64\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.72.92\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.72.92\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1030.23\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.15.0.72.92\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1030-oracle\", pkgver:\"4.15.0-1030.33\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1049-gke\", pkgver:\"4.15.0-1049.52\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1051-kvm\", pkgver:\"4.15.0-1051.51\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1052-raspi2\", pkgver:\"4.15.0-1052.56\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1056-aws\", pkgver:\"4.15.0-1056.58\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1065-oem\", pkgver:\"4.15.0-1065.75\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1069-snapdragon\", pkgver:\"4.15.0-1069.76\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-72-generic\", pkgver:\"4.15.0-72.81\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-72-generic-lpae\", pkgver:\"4.15.0-72.81\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-72-lowlatency\", pkgver:\"4.15.0-72.81\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1056.57\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws-lts-18.04\", pkgver:\"4.15.0.1056.57\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.72.74\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.72.74\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1049.52\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-4.15\", pkgver:\"4.15.0.1049.52\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1051.51\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.72.74\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1065.69\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1030.35\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle-lts-18.04\", pkgver:\"4.15.0.1030.35\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1052.50\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.1069.72\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.15.0.72.74\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-gcp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:09", "description": "Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux kernel did not properly handle reference counting during memory mapping operations when used in conjunction with AUFS. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15794)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nIt was discovered that the ARM Komeda display driver for the Linux kernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-18810)\n\nIt was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19048)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060, CVE-2019-19061)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065)\n\nIt was discovered that the AMD Audio CoProcessor Driver for the Linux kernel did not properly deallocate memory in certain error conditions.\nA local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). (CVE-2019-19067)\n\nIt was discovered in the Qualcomm FastRPC Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19069)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075)\n\nIt was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions.\nA local attack could use this to cause a denial of service (memory exhaustion). (CVE-2019-19083)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle (USN-4208-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-15794", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-18810", "CVE-2019-19048", "CVE-2019-19060", "CVE-2019-19061", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19069", "CVE-2019-19075", "CVE-2019-19083"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4208-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131562", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4208-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131562);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-15794\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-18810\", \"CVE-2019-19048\", \"CVE-2019-19060\", \"CVE-2019-19061\", \"CVE-2019-19065\", \"CVE-2019-19067\", \"CVE-2019-19069\", \"CVE-2019-19075\", \"CVE-2019-19083\");\n script_xref(name:\"USN\", value:\"4208-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 19.10 : linux, linux-aws, linux-gcp, linux-gcp-5.3, linux-kvm, linux-oracle (USN-4208-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the\nLinux kernel did not properly handle reference counting during memory\nmapping operations when used in conjunction with AUFS. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2019-15794)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux\nkernel did not properly validate SSID lengths. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nIt was discovered that the ARM Komeda display driver for the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-18810)\n\nIt was discovered that the VirtualBox guest driver implementation in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2019-19048)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-19060, CVE-2019-19061)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2019-19065)\n\nIt was discovered that the AMD Audio CoProcessor Driver for the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker with the ability to load modules could use this to\ncause a denial of service (memory exhaustion). (CVE-2019-19067)\n\nIt was discovered in the Qualcomm FastRPC Driver for the Linux kernel\ndid not properly deallocate memory in certain error conditions. A\nlocal attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-19069)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless\ncontroller driver for the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2019-19075)\n\nIt was discovered that the AMD Display Engine Driver in the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attack could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-19083)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the\nLinux kernel performed DMA from a kernel stack. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4208-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2023 Canonical, Inc. / NASL script (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-15794\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-18810\", \"CVE-2019-19048\", \"CVE-2019-19060\", \"CVE-2019-19061\", \"CVE-2019-19065\", \"CVE-2019-19067\", \"CVE-2019-19069\", \"CVE-2019-19075\", \"CVE-2019-19083\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4208-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.3.0-1009-gcp\", pkgver:\"5.3.0-1009.10~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp-edge\", pkgver:\"5.3.0.1009.9\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1007-oracle\", pkgver:\"5.3.0-1007.8\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1008-aws\", pkgver:\"5.3.0-1008.9\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1008-kvm\", pkgver:\"5.3.0-1008.9\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-1009-gcp\", pkgver:\"5.3.0-1009.10\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-24-generic\", pkgver:\"5.3.0-24.26\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-24-generic-lpae\", pkgver:\"5.3.0-24.26\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-24-lowlatency\", pkgver:\"5.3.0-24.26\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-5.3.0-24-snapdragon\", pkgver:\"5.3.0-24.26\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-aws\", pkgver:\"5.3.0.1008.10\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-gcp\", pkgver:\"5.3.0.1009.10\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-generic\", pkgver:\"5.3.0.24.28\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.3.0.24.28\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-gke\", pkgver:\"5.3.0.1009.10\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-kvm\", pkgver:\"5.3.0.1008.10\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.3.0.24.28\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-oracle\", pkgver:\"5.3.0.1007.8\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-snapdragon\", pkgver:\"5.3.0.24.28\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"linux-image-virtual\", pkgver:\"5.3.0.24.28\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.3-aws / linux-image-5.3-gcp / linux-image-5.3-generic / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:31:00", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.(CVE-2019-18809)\n\n - A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.(CVE-2019-18813)\n\n - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16234)\n\n - Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.(CVE-2019-16746)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)\n\n - ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.(CVE-2019-17052)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.(CVE-2019-17053)\n\n - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.(CVE-2019-17054)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.(CVE-2019-17055)\n\n - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.(CVE-2019-17056)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2283)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0136", "CVE-2019-16234", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18806", "CVE-2019-18809", "CVE-2019-18813"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2283.NASL", "href": "https://www.tenable.com/plugins/nessus/131349", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131349);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2019-0136\",\n \"CVE-2019-16234\",\n \"CVE-2019-16746\",\n \"CVE-2019-17052\",\n \"CVE-2019-17053\",\n \"CVE-2019-17054\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18806\",\n \"CVE-2019-18809\",\n \"CVE-2019-18813\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2283)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A memory leak in the af9005_identify_state() function\n in drivers/media/usb/dvb-usb/af9005.c in the Linux\n kernel through 5.3.9 allows attackers to cause a denial\n of service (memory consumption), aka\n CID-2289adbfa559.(CVE-2019-18809)\n\n - A memory leak in the dwc3_pci_probe() function in\n drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through\n 5.3.9 allows attackers to cause a denial of service\n (memory consumption) by triggering\n platform_device_add_properties() failures, aka\n CID-9bbfceea12a8.(CVE-2019-18813)\n\n - A memory leak in the ql_alloc_large_buffers() function\n in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux\n kernel before 5.3.5 allows local users to cause a\n denial of service (memory consumption) by triggering\n pci_dma_mapping_error() failures, aka\n CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the\n Linux kernel 5.2.14 does not check the alloc_workqueue\n return value, leading to a NULL pointer\n dereference.(CVE-2019-16234)\n\n - Insufficient access control in the Intel(R)\n PROSet/Wireless WiFi Software driver before version\n 21.10 may allow an unauthenticated user to potentially\n enable denial of service via adjacent\n access.(CVE-2019-0136)\n\n - An issue was discovered in net/wireless/nl80211.c in\n the Linux kernel through 5.2.17. It does not check the\n length of variable elements in a beacon head, leading\n to a buffer overflow.(CVE-2019-16746)\n\n - In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow.(CVE-2019-17133)\n\n - rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer overflow.(CVE-2019-17666)\n\n - An issue was discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance.(CVE-2019-17075)\n\n - ax25_create in net/ax25/af_ax25.c in the AF_AX25\n network module in the Linux kernel through 5.3.2 does\n not enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-0614e2b73768.(CVE-2019-17052)\n\n - ieee802154_create in net/ieee802154/socket.c in the\n AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means\n that unprivileged users can create a raw socket, aka\n CID-e69dbd4619e7.(CVE-2019-17053)\n\n - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK\n network module in the Linux kernel through 5.3.2 does\n not enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-6cc03e8aa36c.(CVE-2019-17054)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the\n AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that\n unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21.(CVE-2019-17055)\n\n - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC\n network module in the Linux kernel through 5.3.2 does\n not enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-3a359798b176.(CVE-2019-17056)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2283\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?751dbe06\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h529.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:31:46", "description": "New kernel packages are available for Slackware 14.2 to fix security issues.", "cvss3": {}, "published": "2019-11-08T00:00:00", "type": "nessus", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10905", "CVE-2016-10906", "CVE-2018-20976", "CVE-2019-10638", "CVE-2019-14814", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15505", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-2215", "CVE-2019-3900"], "modified": "2022-12-06T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-huge", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "cpe:/o:slackware:slackware_linux:14.2"], "id": "SLACKWARE_SSA_2019-311-01.NASL", "href": "https://www.tenable.com/plugins/nessus/130751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2019-311-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130751);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2016-10905\", \"CVE-2016-10906\", \"CVE-2018-20976\", \"CVE-2019-10638\", \"CVE-2019-14814\", \"CVE-2019-14816\", \"CVE-2019-14821\", \"CVE-2019-14835\", \"CVE-2019-15098\", \"CVE-2019-15117\", \"CVE-2019-15118\", \"CVE-2019-15505\", \"CVE-2019-16746\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-2215\", \"CVE-2019-3900\");\n script_xref(name:\"SSA\", value:\"2019-311-01\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Slackware 14.2 : Slackware 14.2 kernel (SSA:2019-311-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New kernel packages are available for Slackware 14.2 to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.756390\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c772912b\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android Binder Use-After-Free Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic\", pkgver:\"4.4.199\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic-smp\", pkgver:\"4.4.199_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-headers\", pkgver:\"4.4.199_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge\", pkgver:\"4.4.199\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge-smp\", pkgver:\"4.4.199_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules\", pkgver:\"4.4.199\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules-smp\", pkgver:\"4.4.199_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-source\", pkgver:\"4.4.199_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.4.199\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.4.199\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.4.199\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.4.199\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.4.199\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:06", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.\n (CVE-2011-1079)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.\n (CVE-2016-10905)\n\n - An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. (CVE-2017-18550)\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.\n (CVE-2017-18595)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. (CVE-2018-12207)\n\n - An issue was discovered in the Linux kernel before 4.20.\n There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (CVE-2018-20855)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. (CVE-2018-20976)\n\n - In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.\n (CVE-2018-7191)\n\n - Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-0155)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (CVE-2019-11487)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. (CVE-2019-12382)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb- init.c driver. (CVE-2019-15213)\n\n - An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.\n (CVE-2019-15538)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. (CVE-2019-16413)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. (CVE-2019-17075)\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack.\n Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. (CVE-2019-3874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1079", "CVE-2013-4343", "CVE-2016-10905", "CVE-2017-18550", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20836", "CVE-2018-20855", "CVE-2018-20976", "CVE-2018-7191", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-11487", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-15213", "CVE-2019-15538", "CVE-2019-15807", "CVE-2019-15916", "CVE-2019-16413", "CVE-2019-17075", "CVE-2019-3874"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0264_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/132490", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0264. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132490);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2011-1079\",\n \"CVE-2016-10905\",\n \"CVE-2017-18550\",\n \"CVE-2017-18595\",\n \"CVE-2018-7191\",\n \"CVE-2018-12207\",\n \"CVE-2018-20836\",\n \"CVE-2018-20855\",\n \"CVE-2018-20976\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-3874\",\n \"CVE-2019-11135\",\n \"CVE-2019-11487\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-15213\",\n \"CVE-2019-15538\",\n \"CVE-2019-15807\",\n \"CVE-2019-15916\",\n \"CVE-2019-16413\",\n \"CVE-2019-17075\"\n );\n script_bugtraq_id(\n 46616,\n 107488,\n 108054,\n 108196,\n 108299,\n 108380,\n 108474\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0264)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - The bnep_sock_ioctl function in\n net/bluetooth/bnep/sock.c in the Linux kernel before\n 2.6.39 does not ensure that a certain device field ends\n with a '\\0' character, which allows local users to\n obtain potentially sensitive information from kernel\n stack memory, or cause a denial of service (BUG and\n system crash), via a BNEPCONNADD command.\n (CVE-2011-1079)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux\n kernel before 4.8. A use-after-free is caused by the\n functions gfs2_clear_rgrpd and read_rindex_entry.\n (CVE-2016-10905)\n\n - An issue was discovered in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel\n before 4.13. There is potential exposure of kernel stack\n memory because aac_get_hba_info does not initialize the\n hbainfo structure. (CVE-2017-18550)\n\n - An issue was discovered in the Linux kernel before\n 4.14.11. A double free may be caused by the function\n allocate_trace_buffer in the file kernel/trace/trace.c.\n (CVE-2017-18595)\n\n - Improper invalidation for page table updates by a\n virtual guest operating system for multiple Intel(R)\n Processors may allow an authenticated user to\n potentially enable denial of service of the host system\n via local access. (CVE-2018-12207)\n\n - An issue was discovered in the Linux kernel before 4.20.\n There is a race condition in smp_task_timedout() and\n smp_task_done() in drivers/scsi/libsas/sas_expander.c,\n leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In create_qp_common in\n drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp\n was never initialized, resulting in a leak of stack\n memory to userspace. (CVE-2018-20855)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the\n Linux kernel before 4.18. A use after free exists,\n related to xfs_fs_fill_super failure. (CVE-2018-20976)\n\n - In the tun subsystem in the Linux kernel before 4.13.14,\n dev_get_valid_name is not called before\n register_netdevice. This allows local users to cause a\n denial of service (NULL pointer dereference and panic)\n via an ioctl(TUNSETIFF) call with a dev name containing\n a / character. This is similar to CVE-2013-4343.\n (CVE-2018-7191)\n\n - Insufficient access control in subsystem for Intel (R)\n processor graphics in 6th, 7th, 8th and 9th Generation\n Intel(R) Core(TM) Processor Families; Intel(R)\n Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900\n Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100\n Processor Families may allow an authenticated user to\n potentially enable denial of service via local access.\n (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R)\n processor graphics in 6th, 7th, 8th and 9th Generation\n Intel(R) Core(TM) Processor Families; Intel(R)\n Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900\n Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and\n E-2200 Processor Families; Intel(R) Graphics Driver for\n Windows before 26.20.100.6813 (DCH) or 26.20.100.6812\n and before 21.20.x.5077 (aka15.45.5077), i915 Linux\n Driver for Intel(R) Processor Graphics before versions\n 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-0155)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount\n reference count overflow, with resultant use-after-free\n issues, if about 140 GiB of RAM exists. This is related\n to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h,\n kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can\n occur with FUSE requests. (CVE-2019-11487)\n\n - The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c in the Linux kernel before\n 5.0.15 allows a local user to obtain potentially\n sensitive information from kernel stack memory via a\n HIDPCONNADD command, because a name field may not end\n with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in\n drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c in the Linux kernel\n through 5.1.5. There is an unchecked kstrdup of fwstr,\n which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a\n vulnerability because kstrdup() returning NULL is\n handled sufficiently and there is no chance for a NULL\n pointer dereference. (CVE-2019-12382)\n\n - An issue was discovered in the Linux kernel before\n 5.2.3. There is a use-after-free caused by a malicious\n USB device in the drivers/media/usb/dvb-usb/dvb-usb-\n init.c driver. (CVE-2019-15213)\n\n - An issue was discovered in xfs_setattr_nonsize in\n fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS\n partially wedges when a chgrp fails on account of being\n out of disk quota. xfs_setattr_nonsize is failing to\n unlock the ILOCK after the xfs_qm_vop_chown_reserve call\n fails. This is primarily a local DoS attack vector, but\n it might result as well in remote DoS if the XFS\n filesystem is exported for instance via NFS.\n (CVE-2019-15538)\n\n - In the Linux kernel before 5.1.13, there is a memory\n leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and\n denial of service. (CVE-2019-15807)\n\n - An issue was discovered in the Linux kernel before\n 5.0.1. There is a memory leak in\n register_queue_kobjects() in net/core/net-sysfs.c, which\n will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. The 9p filesystem did not protect i_size_write()\n properly, which causes an i_size_read() infinite loop\n and denial of service on SMP systems. (CVE-2019-16413)\n\n - An issue was discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance. (CVE-2019-17075)\n\n - The SCTP socket buffer used by a userspace application\n is not accounted by the cgroups subsystem. An attacker\n can use this flaw to cause a denial of service attack.\n Kernel 3.10.x and 4.18.x branches are believed to be\n vulnerable. (CVE-2019-3874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0264\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-core-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.550.gf46e763.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.31.547.g724a2ff\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:49", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux kernel before 2.6.39 does not ensure that a certain device field ends with a '\\0' character, which allows local users to obtain potentially sensitive information from kernel stack memory, or cause a denial of service (BUG and system crash), via a BNEPCONNADD command.\n (CVE-2011-1079)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry.\n (CVE-2016-10905)\n\n - An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. (CVE-2017-18550)\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.\n (CVE-2017-18595)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. (CVE-2018-12207)\n\n - An issue was discovered in the Linux kernel before 4.20.\n There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace. (CVE-2018-20855)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure. (CVE-2018-20976)\n\n - In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.\n (CVE-2018-7191)\n\n - Insufficient access control in subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100 Processor Families may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R) processor graphics in 6th, 7th, 8th and 9th Generation Intel(R) Core(TM) Processor Families; Intel(R) Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900 Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and E-2200 Processor Families; Intel(R) Graphics Driver for Windows before 26.20.100.6813 (DCH) or 26.20.100.6812 and before 21.20.x.5077 (aka15.45.5077), i915 Linux Driver for Intel(R) Processor Graphics before versions 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-0155)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (CVE-2019-11487)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in drm_load_edid_firmware in drivers/gpu/drm/drm_edid_load.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a vulnerability because kstrdup() returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. (CVE-2019-12382)\n\n - An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb- init.c driver. (CVE-2019-15213)\n\n - An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a local DoS attack vector, but it might result as well in remote DoS if the XFS filesystem is exported for instance via NFS.\n (CVE-2019-15538)\n\n - In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service. (CVE-2019-15807)\n\n - An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core/net-sysfs.c, which will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems. (CVE-2019-16413)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. (CVE-2019-17075)\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack.\n Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. (CVE-2019-3874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1079", "CVE-2013-4343", "CVE-2016-10905", "CVE-2017-18550", "CVE-2017-18595", "CVE-2018-12207", "CVE-2018-20836", "CVE-2018-20855", "CVE-2018-20976", "CVE-2018-7191", "CVE-2019-0154", "CVE-2019-0155", "CVE-2019-11135", "CVE-2019-11487", "CVE-2019-11884", "CVE-2019-12382", "CVE-2019-15213", "CVE-2019-15538", "CVE-2019-15807", "CVE-2019-15916", "CVE-2019-16413", "CVE-2019-17075", "CVE-2019-3874"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0266_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/132499", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0266. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132499);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\n \"CVE-2011-1079\",\n \"CVE-2016-10905\",\n \"CVE-2017-18550\",\n \"CVE-2017-18595\",\n \"CVE-2018-7191\",\n \"CVE-2018-12207\",\n \"CVE-2018-20836\",\n \"CVE-2018-20855\",\n \"CVE-2018-20976\",\n \"CVE-2019-0154\",\n \"CVE-2019-0155\",\n \"CVE-2019-3874\",\n \"CVE-2019-11135\",\n \"CVE-2019-11487\",\n \"CVE-2019-11884\",\n \"CVE-2019-12382\",\n \"CVE-2019-15213\",\n \"CVE-2019-15538\",\n \"CVE-2019-15807\",\n \"CVE-2019-15916\",\n \"CVE-2019-16413\",\n \"CVE-2019-17075\"\n );\n script_bugtraq_id(\n 46616,\n 107488,\n 108054,\n 108196,\n 108299,\n 108380,\n 108474\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2019-0266)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - The bnep_sock_ioctl function in\n net/bluetooth/bnep/sock.c in the Linux kernel before\n 2.6.39 does not ensure that a certain device field ends\n with a '\\0' character, which allows local users to\n obtain potentially sensitive information from kernel\n stack memory, or cause a denial of service (BUG and\n system crash), via a BNEPCONNADD command.\n (CVE-2011-1079)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux\n kernel before 4.8. A use-after-free is caused by the\n functions gfs2_clear_rgrpd and read_rindex_entry.\n (CVE-2016-10905)\n\n - An issue was discovered in\n drivers/scsi/aacraid/commctrl.c in the Linux kernel\n before 4.13. There is potential exposure of kernel stack\n memory because aac_get_hba_info does not initialize the\n hbainfo structure. (CVE-2017-18550)\n\n - An issue was discovered in the Linux kernel before\n 4.14.11. A double free may be caused by the function\n allocate_trace_buffer in the file kernel/trace/trace.c.\n (CVE-2017-18595)\n\n - Improper invalidation for page table updates by a\n virtual guest operating system for multiple Intel(R)\n Processors may allow an authenticated user to\n potentially enable denial of service of the host system\n via local access. (CVE-2018-12207)\n\n - An issue was discovered in the Linux kernel before 4.20.\n There is a race condition in smp_task_timedout() and\n smp_task_done() in drivers/scsi/libsas/sas_expander.c,\n leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before\n 4.18.7. In create_qp_common in\n drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp\n was never initialized, resulting in a leak of stack\n memory to userspace. (CVE-2018-20855)\n\n - An issue was discovered in fs/xfs/xfs_super.c in the\n Linux kernel before 4.18. A use after free exists,\n related to xfs_fs_fill_super failure. (CVE-2018-20976)\n\n - In the tun subsystem in the Linux kernel before 4.13.14,\n dev_get_valid_name is not called before\n register_netdevice. This allows local users to cause a\n denial of service (NULL pointer dereference and panic)\n via an ioctl(TUNSETIFF) call with a dev name containing\n a / character. This is similar to CVE-2013-4343.\n (CVE-2018-7191)\n\n - Insufficient access control in subsystem for Intel (R)\n processor graphics in 6th, 7th, 8th and 9th Generation\n Intel(R) Core(TM) Processor Families; Intel(R)\n Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900\n Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6 and E-2100\n Processor Families may allow an authenticated user to\n potentially enable denial of service via local access.\n (CVE-2019-0154)\n\n - Insufficient access control in a subsystem for Intel (R)\n processor graphics in 6th, 7th, 8th and 9th Generation\n Intel(R) Core(TM) Processor Families; Intel(R)\n Pentium(R) Processor J, N, Silver and Gold Series;\n Intel(R) Celeron(R) Processor J, N, G3900 and G4900\n Series; Intel(R) Atom(R) Processor A and E3900 Series;\n Intel(R) Xeon(R) Processor E3-1500 v5 and v6, E-2100 and\n E-2200 Processor Families; Intel(R) Graphics Driver for\n Windows before 26.20.100.6813 (DCH) or 26.20.100.6812\n and before 21.20.x.5077 (aka15.45.5077), i915 Linux\n Driver for Intel(R) Processor Graphics before versions\n 5.4-rc7, 5.3.11, 4.19.84, 4.14.154, 4.9.201, 4.4.201 may\n allow an authenticated user to potentially enable\n escalation of privilege via local access.\n (CVE-2019-0155)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing\n speculative execution may allow an authenticated user to\n potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11135)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount\n reference count overflow, with resultant use-after-free\n issues, if about 140 GiB of RAM exists. This is related\n to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h,\n kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can\n occur with FUSE requests. (CVE-2019-11487)\n\n - The do_hidp_sock_ioctl function in\n net/bluetooth/hidp/sock.c in the Linux kernel before\n 5.0.15 allows a local user to obtain potentially\n sensitive information from kernel stack memory via a\n HIDPCONNADD command, because a name field may not end\n with a '\\0' character. (CVE-2019-11884)\n\n - ** DISPUTED ** An issue was discovered in\n drm_load_edid_firmware in\n drivers/gpu/drm/drm_edid_load.c in the Linux kernel\n through 5.1.5. There is an unchecked kstrdup of fwstr,\n which might allow an attacker to cause a denial of\n service (NULL pointer dereference and system crash).\n NOTE: The vendor disputes this issues as not being a\n vulnerability because kstrdup() returning NULL is\n handled sufficiently and there is no chance for a NULL\n pointer dereference. (CVE-2019-12382)\n\n - An issue was discovered in the Linux kernel before\n 5.2.3. There is a use-after-free caused by a malicious\n USB device in the drivers/media/usb/dvb-usb/dvb-usb-\n init.c driver. (CVE-2019-15213)\n\n - An issue was discovered in xfs_setattr_nonsize in\n fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS\n partially wedges when a chgrp fails on account of being\n out of disk quota. xfs_setattr_nonsize is failing to\n unlock the ILOCK after the xfs_qm_vop_chown_reserve call\n fails. This is primarily a local DoS attack vector, but\n it might result as well in remote DoS if the XFS\n filesystem is exported for instance via NFS.\n (CVE-2019-15538)\n\n - In the Linux kernel before 5.1.13, there is a memory\n leak in drivers/scsi/libsas/sas_expander.c when SAS\n expander discovery fails. This will cause a BUG and\n denial of service. (CVE-2019-15807)\n\n - An issue was discovered in the Linux kernel before\n 5.0.1. There is a memory leak in\n register_queue_kobjects() in net/core/net-sysfs.c, which\n will cause denial of service. (CVE-2019-15916)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. The 9p filesystem did not protect i_size_write()\n properly, which causes an i_size_read() infinite loop\n and denial of service on SMP systems. (CVE-2019-16413)\n\n - An issue was discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance. (CVE-2019-17075)\n\n - The SCTP socket buffer used by a userspace application\n is not accounted by the cgroups subsystem. An attacker\n can use this flaw to cause a denial of service attack.\n Kernel 3.10.x and 4.18.x branches are believed to be\n vulnerable. (CVE-2019-3874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0266\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20836\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.28.389.gdaa53e1\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:02:01", "description": "Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. (CVE-2019-10220)\n\nIt was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901)\n\nIt was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14896, CVE-2019-14897)\n\nIt was discovered that the Fujitsu ES network device driver for the Linux kernel did not properly check for errors in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service. (CVE-2019-16231)\n\nIt was discovered that the QLogic Fibre Channel driver in the Linux kernel did not properly check for error, leading to a NULL pointer dereference. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2019-16233)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nAnthony Steinhauser discovered that the Linux kernel did not properly perform Spectre_RSB mitigations to all processors for PowerPC architecture systems in some situations. A local attacker could use this to expose sensitive information. (CVE-2019-18660)\n\nIt was discovered that the Mellanox Technologies Innova driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19045)\n\nIt was discovered that the VirtualBox guest driver implementation in the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19048)\n\nIt was discovered that Geschwister Schneider USB CAN interface driver in the Linux kernel did not properly deallocate memory in certain failure conditions. A physically proximate attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19052)\n\nIt was discovered that the netlink-based 802.11 configuration interface in the Linux kernel did not deallocate memory in certain error conditions. A local attacker could possibly use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19055)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19060)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19065)\n\nIt was discovered that the AMD Audio CoProcessor Driver for the Linux kernel did not properly deallocate memory in certain error conditions.\nA local attacker with the ability to load modules could use this to cause a denial of service (memory exhaustion). (CVE-2019-19067)\n\nIt was discovered that the event tracing subsystem of the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2019-19072)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller driver for the Linux kernel did not properly deallocate memory in certain error conditions. A local attacker could use this to cause a denial of service (memory exhaustion). (CVE-2019-19075)\n\nIt was discovered that the AMD Display Engine Driver in the Linux kernel did not properly deallocate memory in certain error conditions.\nA local attack could use this to cause a denial of service (memory exhaustion). (CVE-2019-19083)\n\nIt was discovered that the driver for memoryless force-feedback input devices in the Linux kernel contained a use-after-free vulnerability.\nA physically proximate attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code.\n(CVE-2019-19524)\n\nIt was discovered that the NXP PN533 NFC USB driver in the Linux kernel did not properly free resources after a late probe error, leading to a use- after-free vulnerability. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19526)\n\nIt was discovered that the Microchip CAN BUS Analyzer driver in the Linux kernel contained a use-after-free vulnerability on device disconnect. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-19529)\n\nIt was discovered that multiple USB HID device drivers in the Linux kernel did not properly validate device metadata on attachment, leading to out-of- bounds writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-19532)\n\nIt was discovered that the PEAK-System Technik USB driver in the Linux kernel did not properly sanitize memory before sending it to the device. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2019-19534)\n\nIt was discovered that in some situations the fair scheduler in the Linux kernel did not permit a process to use its full quota time slice. A local attacker could use this to cause a denial of service.\n(CVE-2019-19922)\n\nIt was discovered that the binder IPC implementation in the Linux kernel did not properly perform bounds checking in some situations, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-2214)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075)\n\nIt was discovered that the DesignWare USB3 controller driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could possibly use this to cause a denial of service (memory exhaustion). (CVE-2019-18813).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-01-07T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, (USN-4226-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-10220", "CVE-2019-14895", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-14901", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-18660", "CVE-2019-18813", "CVE-2019-19045", "CVE-2019-19048", "CVE-2019-19052", "CVE-2019-19055", "CVE-2019-19060", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19072", "CVE-2019-19075", "CVE-2019-19083", "CVE-2019-19524", "CVE-2019-19526", "CVE-2019-19529", "CVE-2019-19532", "CVE-2019-19534", "CVE-2019-19922", "CVE-2019-2214"], "modified": "2023-05-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04"], "id": "UBUNTU_USN-4226-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132690", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4226-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132690);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/11\");\n\n script_cve_id(\"CVE-2019-10220\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-16231\", \"CVE-2019-16233\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-18660\", \"CVE-2019-18813\", \"CVE-2019-19045\", \"CVE-2019-19048\", \"CVE-2019-19052\", \"CVE-2019-19055\", \"CVE-2019-19060\", \"CVE-2019-19065\", \"CVE-2019-19067\", \"CVE-2019-19072\", \"CVE-2019-19075\", \"CVE-2019-19083\", \"CVE-2019-19524\", \"CVE-2019-19526\", \"CVE-2019-19529\", \"CVE-2019-19532\", \"CVE-2019-19534\", \"CVE-2019-19922\", \"CVE-2019-2214\");\n script_xref(name:\"USN\", value:\"4226-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 19.04 : linux, linux-aws, linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, (USN-4226-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Michael Hanselmann discovered that the CIFS implementation in the\nLinux kernel did not sanitize paths returned by an SMB server. An\nattacker controlling an SMB server could use this to overwrite\narbitrary files. (CVE-2019-10220)\n\nIt was discovered that a heap-based buffer overflow existed in the\nMarvell WiFi-Ex Driver for the Linux kernel. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2019-14895, CVE-2019-14901)\n\nIt was discovered that a heap-based buffer overflow existed in the\nMarvell Libertas WLAN Driver for the Linux kernel. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2019-14896,\nCVE-2019-14897)\n\nIt was discovered that the Fujitsu ES network device driver for the\nLinux kernel did not properly check for errors in some situations,\nleading to a NULL pointer dereference. A local attacker could use this\nto cause a denial of service. (CVE-2019-16231)\n\nIt was discovered that the QLogic Fibre Channel driver in the Linux\nkernel did not properly check for error, leading to a NULL pointer\ndereference. A local attacker could possibly use this to cause a\ndenial of service (system crash). (CVE-2019-16233)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux\nkernel did not properly validate SSID lengths. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nAnthony Steinhauser discovered that the Linux kernel did not properly\nperform Spectre_RSB mitigations to all processors for PowerPC\narchitecture systems in some situations. A local attacker could use\nthis to expose sensitive information. (CVE-2019-18660)\n\nIt was discovered that the Mellanox Technologies Innova driver in the\nLinux kernel did not properly deallocate memory in certain failure\nconditions. A local attacker could use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2019-19045)\n\nIt was discovered that the VirtualBox guest driver implementation in\nthe Linux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2019-19048)\n\nIt was discovered that Geschwister Schneider USB CAN interface driver\nin the Linux kernel did not properly deallocate memory in certain\nfailure conditions. A physically proximate attacker could use this to\ncause a denial of service (kernel memory exhaustion). (CVE-2019-19052)\n\nIt was discovered that the netlink-based 802.11 configuration\ninterface in the Linux kernel did not deallocate memory in certain\nerror conditions. A local attacker could possibly use this to cause a\ndenial of service (kernel memory exhaustion). (CVE-2019-19055)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-19060)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2019-19065)\n\nIt was discovered that the AMD Audio CoProcessor Driver for the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attacker with the ability to load modules could use this to\ncause a denial of service (memory exhaustion). (CVE-2019-19067)\n\nIt was discovered that the event tracing subsystem of the Linux kernel\ndid not properly deallocate memory in certain error conditions. A\nlocal attacker could use this to cause a denial of service (kernel\nmemory exhaustion). (CVE-2019-19072)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless\ncontroller driver for the Linux kernel did not properly deallocate\nmemory in certain error conditions. A local attacker could use this to\ncause a denial of service (memory exhaustion). (CVE-2019-19075)\n\nIt was discovered that the AMD Display Engine Driver in the Linux\nkernel did not properly deallocate memory in certain error conditions.\nA local attack could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-19083)\n\nIt was discovered that the driver for memoryless force-feedback input\ndevices in the Linux kernel contained a use-after-free vulnerability.\nA physically proximate attacker could possibly use this to cause a\ndenial of service (system crash) or execute arbitrary code.\n(CVE-2019-19524)\n\nIt was discovered that the NXP PN533 NFC USB driver in the Linux\nkernel did not properly free resources after a late probe error,\nleading to a use- after-free vulnerability. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2019-19526)\n\nIt was discovered that the Microchip CAN BUS Analyzer driver in the\nLinux kernel contained a use-after-free vulnerability on device\ndisconnect. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-19529)\n\nIt was discovered that multiple USB HID device drivers in the Linux\nkernel did not properly validate device metadata on attachment,\nleading to out-of- bounds writes. A physically proximate attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-19532)\n\nIt was discovered that the PEAK-System Technik USB driver in the Linux\nkernel did not properly sanitize memory before sending it to the\ndevice. A physically proximate attacker could use this to expose\nsensitive information (kernel memory). (CVE-2019-19534)\n\nIt was discovered that in some situations the fair scheduler in the\nLinux kernel did not permit a process to use its full quota time\nslice. A local attacker could use this to cause a denial of service.\n(CVE-2019-19922)\n\nIt was discovered that the binder IPC implementation in the Linux\nkernel did not properly perform bounds checking in some situations,\nleading to an out-of-bounds write. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-2214)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the\nLinux kernel performed DMA from a kernel stack. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-17075)\n\nIt was discovered that the DesignWare USB3 controller driver in the\nLinux kernel did not properly deallocate memory in some error\nconditions. A local attacker could possibly use this to cause a denial\nof service (memory exhaustion). (CVE-2019-18813).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4226-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|19\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04 / 19.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-10220\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-16231\", \"CVE-2019-16233\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-18660\", \"CVE-2019-18813\", \"CVE-2019-19045\", \"CVE-2019-19048\", \"CVE-2019-19052\", \"CVE-2019-19055\", \"CVE-2019-19060\", \"CVE-2019-19065\", \"CVE-2019-19067\", \"CVE-2019-19072\", \"CVE-2019-19075\", \"CVE-2019-19083\", \"CVE-2019-19524\", \"CVE-2019-19526\", \"CVE-2019-19529\", \"CVE-2019-19532\", \"CVE-2019-19534\", \"CVE-2019-19922\", \"CVE-2019-2214\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4226-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1009-oracle\", pkgver:\"5.0.0-1009.14~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1023-aws\", pkgver:\"5.0.0-1023.26~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1027-gke\", pkgver:\"5.0.0-1027.28~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1028-azure\", pkgver:\"5.0.0-1028.30~18.04.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-5.0.0-1033-oem-osp1\", pkgver:\"5.0.0-1033.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws-edge\", pkgver:\"5.0.0.1023.37\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1028.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-5.0\", pkgver:\"5.0.0.1027.16\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem-osp1\", pkgver:\"5.0.0.1033.37\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle-edge\", pkgver:\"5.0.0.1009.8\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1009-oracle\", pkgver:\"5.0.0-1009.14\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1023-aws\", pkgver:\"5.0.0-1023.26\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1024-kvm\", pkgver:\"5.0.0-1024.26\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1024-raspi2\", pkgver:\"5.0.0-1024.25\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1028-azure\", pkgver:\"5.0.0-1028.30\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-1028-gcp\", pkgver:\"5.0.0-1028.29\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-38-generic\", pkgver:\"5.0.0-38.41\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-38-generic-lpae\", pkgver:\"5.0.0-38.41\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-5.0.0-38-lowlatency\", pkgver:\"5.0.0-38.41\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-aws\", pkgver:\"5.0.0.1023.25\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-azure\", pkgver:\"5.0.0.1028.28\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gcp\", pkgver:\"5.0.0.1028.53\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic\", pkgver:\"5.0.0.38.40\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"5.0.0.38.40\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-gke\", pkgver:\"5.0.0.1028.53\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-kvm\", pkgver:\"5.0.0.1024.25\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"5.0.0.38.40\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-oracle\", pkgver:\"5.0.0.1009.35\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-raspi2\", pkgver:\"5.0.0.1024.22\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"linux-image-virtual\", pkgver:\"5.0.0.38.40\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-5.0-aws / linux-image-5.0-azure / linux-image-5.0-gcp / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:18:56", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5845 advisory.\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after- free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after- free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (CVE-2019-11487)\n\n - In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (CVE-2019-10638)\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. (CVE-2019-3874)\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace. (CVE-2019-10639)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words, although this slice expiration would typically be seen with benign workloads, it is possible that an attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray requests. An attack does not affect the stability of the kernel; it only causes mismanagement of application execution.) (CVE-2019-19922)\n\n - A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. (CVE-2020-10767)\n\n - In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. (CVE-2019-19535)\n\n - An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067. (CVE-2019-20812)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. (CVE-2019-18885)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered. (CVE-2020-24394)\n\n - A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable. (CVE-2020-10781)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)\n\n - An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c. (CVE-2018-14613)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. (CVE-2020-10769)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter. (CVE-2020-12114)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. (CVE-2019-5108)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. (CVE-2019-17075)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (CVE-2019-15218)\n\n - A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. (CVE-2019-19052)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113. (CVE-2019-19063)\n\n - A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd. (CVE-2019-19066)\n\n - A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2. (CVE-2019-19078)\n\n - An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. (CVE-2020-12771)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-09-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14613", "CVE-2018-16884", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-14898", "CVE-2019-15218", "CVE-2019-16746", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-18885", "CVE-2019-19052", "CVE-2019-19063", "CVE-2019-19066", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19078", "CVE-2019-19535", "CVE-2019-19922", "CVE-2019-20812", "CVE-2019-3874", "CVE-2019-3900", "CVE-2019-5108", "CVE-2020-10751", "CVE-2020-10767", "CVE-2020-10769", "CVE-2020-10781", "CVE-2020-12114", "CVE-2020-12771", "CVE-2020-14331", "CVE-2020-16166", "CVE-2020-24394"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-5845.NASL", "href": "https://www.tenable.com/plugins/nessus/140499", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5845.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140499);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2018-14613\",\n \"CVE-2018-16884\",\n \"CVE-2019-3874\",\n \"CVE-2019-3900\",\n \"CVE-2019-5108\",\n \"CVE-2019-10638\",\n \"CVE-2019-10639\",\n \"CVE-2019-11487\",\n \"CVE-2019-14898\",\n \"CVE-2019-15218\",\n \"CVE-2019-16746\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-18885\",\n \"CVE-2019-19052\",\n \"CVE-2019-19063\",\n \"CVE-2019-19066\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19078\",\n \"CVE-2019-19535\",\n \"CVE-2019-19922\",\n \"CVE-2019-20812\",\n \"CVE-2020-10751\",\n \"CVE-2020-10767\",\n \"CVE-2020-10769\",\n \"CVE-2020-10781\",\n \"CVE-2020-12114\",\n \"CVE-2020-12771\",\n \"CVE-2020-14331\",\n \"CVE-2020-16166\",\n \"CVE-2020-24394\"\n );\n script_bugtraq_id(\n 104917,\n 106253,\n 107488,\n 108054,\n 108076,\n 109092\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5845)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5845 advisory.\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-\n free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including\n v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster\n than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the\n vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-\n free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can\n occur with FUSE requests. (CVE-2019-11487)\n\n - In the Linux kernel before 5.1.7, a device can be tracked by an attacker using the IP ID values the kernel\n produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple\n destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and\n thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page\n that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses. (CVE-2019-10638)\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An\n attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are\n believed to be vulnerable. (CVE-2019-3874)\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could\n use this flaw to obtain sensitive information, cause a denial of service, or possibly have other\n unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a\n long SSID IE, leading to a Buffer Overflow. (CVE-2019-17133)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check\n the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel\n address disclosure), leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel\n image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and\n ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash\n collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This\n key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via\n enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the\n attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled\n IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic\n is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the\n attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP\n addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to\n have a dependency on an address associated with a network namespace. (CVE-2019-10639)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()\n failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the\n htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.\n (CVE-2019-19074)\n\n - kernel/sched/fair.c in the Linux kernel before 5.3.9, when cpu.cfs_quota_us is used (e.g., with\n Kubernetes), allows attackers to cause a denial of service against non-cpu-bound applications by\n generating a workload that triggers unwanted slice expiration, aka CID-de53fd7aedb1. (In other words,\n although this slice expiration would typically be seen with benign workloads, it is possible that an\n attacker could calculate how many stray requests are required to force an entire Kubernetes cluster into a\n low-performance state caused by slice expiration, and ensure that a DDoS attack sent that number of stray\n requests. An attack does not affect the stability of the kernel; it only causes mismanagement of\n application execution.) (CVE-2019-19922)\n\n - A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect\n Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the\n Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to\n perform a Spectre V2 style attack when this configuration is active. The highest threat from this\n vulnerability is to confidentiality. (CVE-2020-10767)\n\n - In the Linux kernel before 5.2.9, there is an info-leak bug that can be caused by a malicious USB device\n in the drivers/net/can/usb/peak_usb/pcan_usb_fd.c driver, aka CID-30a8beeb3042. (CVE-2019-19535)\n\n - An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in\n net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain\n failure case involving TPACKET_V3, aka CID-b43d1f9f7067. (CVE-2019-20812)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer\n dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka\n CID-09ba3bc9dd15. (CVE-2019-18885)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new\n filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the\n current umask is not considered. (CVE-2020-24394)\n\n - A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local\n account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in\n the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the\n creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large\n amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random\n userspace processes, possibly making the system inoperable. (CVE-2020-10781)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive\n information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to\n drivers/char/random.c and kernel/time/timer.c. (CVE-2020-16166)\n\n - An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in\n io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item\n validation in check_leaf_item in fs/btrfs/tree-checker.c. (CVE-2018-14613)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in\n crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4\n bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat,\n leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of\n service. (CVE-2020-10769)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a\n denial of service (panic) by corrupting a mountpoint reference counter. (CVE-2020-12114)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An\n attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations\n before the required authentication process has completed. This could lead to different denial-of-service\n scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already\n existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge\n Authentication and Association Request packets to trigger this vulnerability. (CVE-2019-5108)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has security relevance. (CVE-2019-17075)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (CVE-2019-15218)\n\n - A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb()\n failures, aka CID-fb5be6a7b486. (CVE-2019-19052)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the\n Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka\n CID-3f9361695113. (CVE-2019-19063)\n\n - A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka CID-0e62395da2bd. (CVE-2019-19066)\n\n - A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux\n kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering\n usb_submit_urb() failures, aka CID-b8d17e7d93d2. (CVE-2019-19078)\n\n - An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c\n has a deadlock if a coalescing operation fails. (CVE-2020-12771)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5845.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-1902.306.2.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5845');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-1902.306.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-1902.306.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.306.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.306.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.306.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.306.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.306.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.306.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-1902.306.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-1902.306.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.306.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.306.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-1902.306.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-1902.306.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-1902.306.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-1902.306.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:45", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run.\n NOTE: the author of the LZO algorithms says 'the Linux kernel is *not* affected media hype.'(CVE-2014-4608)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)An elevation of privilege vulnerability in the kernel scsi driver.\n Product: Android. Versions: Android kernel. Android ID A-65023233.(CVE-2017-13168)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.(CVE-2018-14617)An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)fsamespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a 'mount -o remount' command within a user namespace.(CVE-2014-5207)fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.(CVE-2016-6197)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb3 71a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base.\n Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the 'gap' between the stack and the binary.(CVE-2017-1000253)Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability.(CVE-2016-6130)rtl_p2p_noa_ie in drivers et/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.(CVE-2017-5753)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The do_remount function in fsamespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a 'mount -o remount' command within a user namespace.(CVE-2014-5206)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.(CVE-2015-8844)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.(CVE-2015-8845)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4608", "CVE-2014-5206", "CVE-2014-5207", "CVE-2015-1350", "CVE-2015-3332", "CVE-2015-8816", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-9289", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-2384", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3689", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-6130", "CVE-2016-6197", "CVE-2016-7425", "CVE-2017-1000253", "CVE-2017-1000379", "CVE-2017-13168", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2017-5753", "CVE-2018-14617", "CVE-2019-0136", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2599.NASL", "href": "https://www.tenable.com/plugins/nessus/132134", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132134);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2014-4608\",\n \"CVE-2014-5206\",\n \"CVE-2014-5207\",\n \"CVE-2015-1350\",\n \"CVE-2015-3332\",\n \"CVE-2015-8816\",\n \"CVE-2015-8844\",\n \"CVE-2015-8845\",\n \"CVE-2015-9289\",\n \"CVE-2016-2184\",\n \"CVE-2016-2185\",\n \"CVE-2016-2186\",\n \"CVE-2016-2187\",\n \"CVE-2016-2384\",\n \"CVE-2016-3138\",\n \"CVE-2016-3139\",\n \"CVE-2016-3140\",\n \"CVE-2016-3689\",\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-6130\",\n \"CVE-2016-6197\",\n \"CVE-2016-7425\",\n \"CVE-2017-5753\",\n \"CVE-2017-13168\",\n \"CVE-2017-18509\",\n \"CVE-2017-18551\",\n \"CVE-2017-18595\",\n \"CVE-2017-1000253\",\n \"CVE-2017-1000379\",\n \"CVE-2018-14617\",\n \"CVE-2019-0136\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\"\n );\n script_bugtraq_id(\n 68214,\n 69214,\n 69216,\n 74232\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):** DISPUTED ** Multiple\n integer overflows in the lzo1x_decompress_safe function\n in lib/lzo/lzo1x_decompress_safe.c in the LZO\n decompressor in the Linux kernel before 3.15.2 allow\n context-dependent attackers to cause a denial of\n service (memory corruption) via a crafted Literal Run.\n NOTE: the author of the LZO algorithms says 'the Linux\n kernel is *not* affected media hype.'(CVE-2014-4608)A\n certain backport in the TCP Fast Open implementation\n for the Linux kernel before 3.18 does not properly\n maintain a count value, which allow local users to\n cause a denial of service (system crash) via the Fast\n Open feature, as demonstrated by visiting the\n chrome://flags/#enable-tcp-fast-open URL when using\n certain 3.10.x through 3.16.x kernel builds, including\n longterm-maintenance releases and ckt (aka Canonical\n Kernel Team) builds.(CVE-2015-3332)An elevation of\n privilege vulnerability in the kernel scsi driver.\n Product: Android. Versions: Android kernel. Android ID\n A-65023233.(CVE-2017-13168)An issue was discovered in\n drivers/i2c/i2c-core-smbus.c in the Linux kernel before\n 4.14.15. There is an out of bounds write in the\n function i2c_smbus_xfer_emulated.(CVE-2017-18551)An\n issue was discovered in net/ipv6/ip6mr.c in the Linux\n kernel before 4.11. By setting a specific socket\n option, an attacker can control a pointer in kernel\n land and cause an inet_csk_listen_stop general\n protection fault, or potentially execute arbitrary code\n under certain circumstances. The issue can be triggered\n as root (e.g., inside a default LXC container or with\n the CAP_NET_ADMIN capability) or after namespace\n unsharing. This occurs because sk_type and protocol are\n not checked in the appropriate part of the ip6_mroute_*\n functions. NOTE: this affects Linux distributions that\n use 4.9.x longterm kernels before\n 4.9.187.(CVE-2017-18509)An issue was discovered in the\n Linux kernel before 4.14.11. A double free may be\n caused by the function allocate_trace_buffer in the\n file kernel/trace/trace.c.(CVE-2017-18595)An issue was\n discovered in the Linux kernel through 4.17.10. There\n is a NULL pointer dereference and panic in\n hfsplus_lookup() in fs/hfsplus/dir.c when opening a\n file (that is purportedly a hard link) in an hfs+\n filesystem that has malformed catalog data, and is\n mounted read-only without a metadata\n directory.(CVE-2018-14617)An issue was discovered in\n write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in\n the Linux kernel through 5.3.2. The cxgb4 driver is\n directly calling dma_map_single (a DMA function) from a\n stack variable. This could allow an attacker to trigger\n a Denial of Service, exploitable if this driver is used\n on an architecture for which this stack/DMA interaction\n has security relevance.(CVE-2019-17075)Double free\n vulnerability in the snd_usbmidi_create function in\n sound/usb/midi.c in the Linux kernel before 4.5 allows\n physically proximate attackers to cause a denial of\n service (panic) or possibly have unspecified other\n impact via vectors involving an invalid USB\n descriptor.(CVE-2016-2384)fsamespace.c in the Linux\n kernel through 3.16.1 does not properly restrict\n clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and\n changing MNT_ATIME_MASK during a remount of a bind\n mount, which allows local users to gain privileges,\n interfere with backups and auditing on systems that had\n atime enabled, or cause a denial of service (excessive\n filesystem updating) on systems that had atime disabled\n via a 'mount -o remount' command within a user\n namespace.(CVE-2014-5207)fs/overlayfs/dir.c in the\n OverlayFS filesystem implementation in the Linux kernel\n before 4.6 does not properly verify the upper dentry\n before proceeding with unlink and rename system-call\n processing, which allows local users to cause a denial\n of service (system crash) via a rename system call that\n specifies a self-hardlink.(CVE-2016-6197)In the Linux\n kernel before 4.1.4, a buffer overflow occurs when\n checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size\n for a DiSEqC command is 6, according to the userspace\n API. However, the code allows larger values such as\n 23.(CVE-2015-9289)In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow.(CVE-2019-17133)Insufficient access control in\n the Intel(R) PROSet/Wireless WiFi Software driver\n before version 21.10 may allow an unauthenticated user\n to potentially enable denial of service via adjacent\n access.(CVE-2019-0136)Linux distributions that have not\n patched their long-term kernels with\n https://git.kernel.org/linus/a87938b2e246b81b4fb713edb3\n 71a9fa3c5c3c86 (committed on April 14, 2015). This\n kernel vulnerability was fixed in April 2015 by commit\n a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to\n Linux 3.10.77 in May 2015), but it was not recognized\n as a security threat. With\n CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a\n normal top-down address allocation strategy,\n load_elf_binary() will attempt to map a PIE binary into\n an address range immediately below mm->mmap_base.\n Unfortunately, load_elf_ binary() does not take account\n of the need to allocate sufficient space for the entire\n binary which means that, while the first PT_LOAD\n segment is mapped below mm->mmap_base, the subsequent\n PT_LOAD segment(s) end up being mapped above\n mm->mmap_base into the are that is supposed to be the\n 'gap' between the stack and the\n binary.(CVE-2017-1000253)Race condition in the\n sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel before\n 4.6 allows local users to obtain sensitive information\n from kernel memory by changing a certain length value,\n aka a 'double fetch'\n vulnerability.(CVE-2016-6130)rtl_p2p_noa_ie in drivers\n et/wireless/realtek/rtlwifi/ps.c in the Linux kernel\n through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer\n overflow.(CVE-2019-17666)sound/core/timer.c in the\n Linux kernel through 4.6 does not initialize certain r1\n data structures, which allows local users to obtain\n sensitive information from kernel stack memory via\n crafted use of the ALSA timer interface, related to the\n (1) snd_timer_user_ccallback and (2)\n snd_timer_user_tinterrupt\n functions.(CVE-2016-4578)Systems with microprocessors\n utilizing speculative execution and branch prediction\n may allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis.(CVE-2017-5753)The acm_probe function in\n drivers/usb/class/cdc-acm.c in the Linux kernel before\n 4.5.1 allows physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system\n crash) via a USB device without both a control and a\n data endpoint descriptor.(CVE-2016-3138)The\n arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel\n through 4.8.2 does not restrict a certain length field,\n which allows local users to gain privileges or cause a\n denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control\n code.(CVE-2016-7425)The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2185)The\n create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the\n Linux kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference or double free, and system crash) via a\n crafted endpoints value in a USB device\n descriptor.(CVE-2016-2184)The digi_port_init function\n in drivers/usb/serial/digi_acceleport.c in the Linux\n kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints\n value in a USB device descriptor.(CVE-2016-3140)The\n do_remount function in fsamespace.c in the Linux kernel\n through 3.16.1 does not maintain the MNT_LOCK_READONLY\n bit across a remount of a bind mount, which allows\n local users to bypass an intended read-only restriction\n and defeat certain sandbox protection mechanisms via a\n 'mount -o remount' command within a user\n namespace.(CVE-2014-5206)The gtco_probe function in\n drivers/input/tablet/gtco.c in the Linux kernel through\n 4.5.2 allows physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system\n crash) via a crafted endpoints value in a USB device\n descriptor.(CVE-2016-2187)The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel before 4.3.5\n does not properly maintain a hub-interface data\n structure, which allows physically proximate attackers\n to cause a denial of service (invalid memory access and\n system crash) or possibly have unspecified other impact\n by unplugging a USB hub device.(CVE-2015-8816)The\n ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel before\n 4.5.1 allows physically proximate attackers to cause a\n denial of service (system crash) via a USB device\n without both a master and a slave\n interface.(CVE-2016-3689)The Linux Kernel running on\n AMD64 systems will sometimes map the contents of PIE\n executable, the heap or ld.so to where the stack is\n mapped allowing attackers to more easily manipulate the\n stack. Linux Kernel version 4.11.5 is\n affected.(CVE-2017-1000379)The powermate_probe function\n in drivers/input/misc/powermate.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2186)The signal\n implementation in the Linux kernel before 4.3.5 on\n powerpc platforms does not check for an MSR with both\n the S and T bits set, which allows local users to cause\n a denial of service (TM Bad Thing exception and panic)\n via a crafted application.(CVE-2015-8844)The\n snd_timer_user_params function in sound/core/timer.c in\n the Linux kernel through 4.6 does not initialize a\n certain data structure, which allows local users to\n obtain sensitive information from kernel stack memory\n via crafted use of the ALSA timer\n interface.(CVE-2016-4569)The tm_reclaim_thread function\n in arch/powerpc/kernel/process.c in the Linux kernel\n before 4.4.1 on powerpc platforms does not ensure that\n TM suspend mode exists before proceeding with a\n tm_reclaim call, which allows local users to cause a\n denial of service (TM Bad Thing exception and panic)\n via a crafted application.(CVE-2015-8845)The VFS\n subsystem in the Linux kernel 3.x provides an\n incomplete set of requirements for setattr operations\n that underspecifies removing extended privilege\n attributes, which allows local users to cause a denial\n of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program.(CVE-2015-1350)The wacom_probe function\n in drivers/input/tablet/wacom_sys.c in the Linux kernel\n before 3.17 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-3139)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2599\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc6af25f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h234\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h234\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h234\",\n \"kernel-devel-3.10.0-514.44.5.10.h234\",\n \"kernel-headers-3.10.0-514.44.5.10.h234\",\n \"kernel-tools-3.10.0-514.44.5.10.h234\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h234\",\n \"perf-3.10.0-514.44.5.10.h234\",\n \"python-perf-3.10.0-514.44.5.10.h234\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-17T15:54:57", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5866 advisory.\n\n - In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. (CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. (CVE-2019-7221)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (CVE-2019-7222)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after- free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after- free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests. (CVE-2019-11487)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable. (CVE-2019-3874)\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub- buffer). (CVE-2019-19768)\n\n - In the Linux kernel through 5.4.6, there is a NULL pointer dereference in drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related to a PHY down race condition, aka CID-f70267f379b5. (CVE-2019-19965)\n\n - In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which may cause denial of service, aka CID-1d3ff0950e2b. (CVE-2019-20096)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout() failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir). (CVE-2019-15505)\n\n - An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain failure case involving TPACKET_V3, aka CID-b43d1f9f7067. (CVE-2019-20812)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15. (CVE-2019-18885)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. (CVE-2020-10769)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. (CVE-2020-10751)\n\n - An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to different denial-of-service scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge Authentication and Association Request packets to trigger this vulnerability. (CVE-2019-5108)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. (CVE-2019-17075)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (CVE-2019-15218)\n\n - A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486. (CVE-2019-19052)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by the functions gfs2_clear_rgrpd and read_rindex_entry. (CVE-2016-10905)\n\n - An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use- after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.\n (CVE-2016-10906)\n\n - The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.\n (CVE-2017-8925)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16528)\n\n - The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow. (CVE-2017-8924)\n\n - In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel. (CVE-2018-9415)\n\n - An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c. (CVE-2019-15927)\n\n - A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system. (CVE-2020-10720)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-06T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10905", "CVE-2016-10906", "CVE-2017-16528", "CVE-2017-8924", "CVE-2017-8925", "CVE-2018-16884", "CVE-2018-20856", "CVE-2018-9415", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-14898", "CVE-2019-15218", "CVE-2019-15505", "CVE-2019-15927", "CVE-2019-16746", "CVE-2019-17075", "CVE-2019-18885", "CVE-2019-19052", "CVE-2019-19073", "CVE-2019-19768", "CVE-2019-19965", "CVE-2019-20054", "CVE-2019-20096", "CVE-2019-20812", "CVE-2019-3846", "CVE-2019-3874", "CVE-2019-5108", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2020-10720", "CVE-2020-10751", "CVE-2020-10769", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-1749", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2020-5866.NASL", "href": "https://www.tenable.com/plugins/nessus/141207", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5866.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141207);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-10905\",\n \"CVE-2016-10906\",\n \"CVE-2017-8924\",\n \"CVE-2017-8925\",\n \"CVE-2017-16528\",\n \"CVE-2018-9415\",\n \"CVE-2018-16884\",\n \"CVE-2018-20856\",\n \"CVE-2019-3846\",\n \"CVE-2019-3874\",\n \"CVE-2019-5108\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\",\n \"CVE-2019-11487\",\n \"CVE-2019-14898\",\n \"CVE-2019-15218\",\n \"CVE-2019-15505\",\n \"CVE-2019-15927\",\n \"CVE-2019-16746\",\n \"CVE-2019-17075\",\n \"CVE-2019-18885\",\n \"CVE-2019-19052\",\n \"CVE-2019-19073\",\n \"CVE-2019-19768\",\n \"CVE-2019-19965\",\n \"CVE-2019-20054\",\n \"CVE-2019-20096\",\n \"CVE-2019-20812\",\n \"CVE-2020-1749\",\n \"CVE-2020-10720\",\n \"CVE-2020-10751\",\n \"CVE-2020-10769\",\n \"CVE-2020-14314\",\n \"CVE-2020-14331\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\"\n );\n script_bugtraq_id(\n 98451,\n 98462,\n 106253,\n 106963,\n 107127,\n 107294,\n 107488,\n 108054,\n 108521\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5866)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5866 advisory.\n\n - In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference\n counting because of a race condition, leading to a use-after-free. (CVE-2019-6974)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. (CVE-2019-7221)\n\n - The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (CVE-2019-7222)\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-\n free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-16884)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the\n mwifiex kernel module while connecting to a malicious wireless network. (CVE-2019-3846)\n\n - The Linux kernel before 5.1-rc5 allows page->_refcount reference count overflow, with resultant use-after-\n free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c,\n include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can\n occur with FUSE requests. (CVE-2019-11487)\n\n - An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an\n __blk_drain_queue() use-after-free because a certain error case is mishandled. (CVE-2018-20856)\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An\n attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are\n believed to be vulnerable. (CVE-2019-3874)\n\n - The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could\n use this flaw to obtain sensitive information, cause a denial of service, or possibly have other\n unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls.\n (CVE-2019-14898)\n\n - In the Linux kernel before 5.0.6, there is a NULL pointer dereference in drop_sysctl_table() in\n fs/proc/proc_sysctl.c, related to put_links, aka CID-23da9588037e. (CVE-2019-20054)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check\n the length of variable elements in a beacon head, leading to a buffer overflow. (CVE-2019-16746)\n\n - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in\n kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-\n buffer). (CVE-2019-19768)\n\n - In the Linux kernel through 5.4.6, there is a NULL pointer dereference in\n drivers/scsi/libsas/sas_discover.c because of mishandling of port disconnection during discovery, related\n to a PHY down race condition, aka CID-f70267f379b5. (CVE-2019-19965)\n\n - In the Linux kernel before 5.1, there is a memory leak in __feat_register_sp() in net/dccp/feat.c, which\n may cause denial of service, aka CID-1d3ff0950e2b. (CVE-2019-20096)\n\n - A flaw was found in the Linux kernel's implementation of some networking protocols in IPsec, such as VXLAN\n and GENEVE tunnels over IPv6. When an encrypted tunnel is created between two hosts, the kernel isn't\n correctly routing tunneled data over the encrypted link; rather sending the data unencrypted. This would\n allow anyone in between the two endpoints to read the traffic unencrypted. The main threat from this\n vulnerability is to data confidentiality. (CVE-2020-1749)\n\n - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow\n attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()\n failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the\n htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)\n\n - drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via\n crafted USB device traffic (which may be remote via usbip or usbredir). (CVE-2019-15505)\n\n - An issue was discovered in the Linux kernel before 5.4.7. The prb_calc_retire_blk_tmo() function in\n net/packet/af_packet.c can result in a denial of service (CPU consumption and soft lockup) in a certain\n failure case involving TPACKET_V3, aka CID-b43d1f9f7067. (CVE-2019-20812)\n\n - A flaw was found in the Linux kernels implementation of the invert video code on VGA consoles when a\n local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds\n write to occur. This flaw allows a local user with access to the VGA console to crash the system,\n potentially escalating their privileges on the system. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2020-14331)\n\n - fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer\n dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka\n CID-09ba3bc9dd15. (CVE-2019-18885)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in\n crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4\n bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat,\n leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of\n service. (CVE-2020-10769)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it\n incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly\n only validate the first netlink message in the skb and allow or deny the rest of the messages within the\n skb with the granted permission without further processing. (CVE-2020-10751)\n\n - An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An\n attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations\n before the required authentication process has completed. This could lead to different denial-of-service\n scenarios, either by causing CAM table attacks, or by leading to traffic flapping if faking already\n existing clients in other nearby APs of the same wireless infrastructure. An attacker can forge\n Authentication and Association Request packets to trigger this vulnerability. (CVE-2019-5108)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has security relevance. (CVE-2019-17075)\n\n - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/media/usb/siano/smsusb.c driver. (CVE-2019-15218)\n\n - A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before\n 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb()\n failures, aka CID-fb5be6a7b486. (CVE-2019-19052)\n\n - An issue was discovered in fs/gfs2/rgrp.c in the Linux kernel before 4.8. A use-after-free is caused by\n the functions gfs2_clear_rgrpd and read_rindex_entry. (CVE-2016-10905)\n\n - An issue was discovered in drivers/net/ethernet/arc/emac_main.c in the Linux kernel before 4.5. A use-\n after-free is caused by a race condition between the functions arc_emac_tx and arc_emac_tx_clean.\n (CVE-2016-10906)\n\n - The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local\n users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.\n (CVE-2017-8925)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file\n system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash\n the system if the directory exists. The highest threat from this vulnerability is to system availability.\n (CVE-2020-14314)\n\n - sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local users to cause a denial of service\n (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a\n crafted USB device. (CVE-2017-16528)\n\n - The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows\n local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel\n memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer\n underflow. (CVE-2017-8924)\n\n - In driver_override_store and driver_override_show of bus.c, there is a possible double free due to\n improper locking. This could lead to local escalation of privilege with System execution privileges\n needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android\n ID: A-69129004 References: Upstream kernel. (CVE-2018-9415)\n\n - An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function\n build_audio_procunit in the file sound/usb/mixer.c. (CVE-2019-15927)\n\n - A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an\n attacker with local access to crash the system. (CVE-2020-10720)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers\n to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. (CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap\n rbd block devices, aka CID-f44d04e696fe. (CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified\n other impact, aka CID-17743798d812. (CVE-2020-25285)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5866.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15505\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.43.4.el6uek', '4.1.12-124.43.4.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5866');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.43.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.43.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.43.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.43.4.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.43.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.43.4.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.43.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.43.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.43.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.43.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.43.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.43.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-01T14:31:14", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc. Security Fix(es):An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213)An issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.(CVE-2019-15215)An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217)An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An issue was discovered in the Linux kernel before 5.0.14.\n There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216)An issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.(CVE-2019-15090)An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15923)An issue was discovered in the Linux kernel before 5.0.10.\n SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.(CVE-2019-15918)An issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15922)An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue was discovered in the Linux kernel before 5.0.11.\n fm10k_init_module in driverset/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.(CVE-2019-15924)A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.(CVE-2019-14835)In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via an interrupt.\n To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers.\n At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.(CVE-2019-15031)In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers.\n At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.(CVE-2019-15030)There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14816)A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.(CVE-2019-14815)There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14814)driverset/wireless/ath/ath10k/usb.\n c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.(CVE-2019-15099)driverset/wireless/ath/ath6k l/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.(CVE-2019-15098)driverset/wireless/rsi/rsi_9 1x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).CVE-2019-15504)In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.(CVE-2019-16714)drivers/scsi/qla2xxx/qla_os .c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16233)An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/blockbd.c does not check the nla_nest_start_noflag return value.(CVE-2019-16089)llcp_sock_create in netfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.(CVE-2019-17056)base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.(CVE-2019-17055)atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.(CVE-2019-17054)ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.(CVE-2019-17053)ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.(CVE-2019-17052)An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)rtl_p2p_noa_ie in driverset/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)An issue was discovered in net/wirelessl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.(CVE-2019-16746)Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)driverset/wireless/intel/iwlwifi/ pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16234)A memory leak in the ql_alloc_large_buffers() function in driverset/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806)A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.(CVE-2019-18813)A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.(CVE-2019-18809)fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verify_dev_extents NULL pointer dereference via a crafted btrfs image because fs_devices->devices is mishandled within find_device, aka CID-09ba3bc9dd15.(CVE-2019-18885)A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.(CVE-2019-18808)A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.(CVE-2019-19066)Note:\n kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions in EulerOS Virtualization for ARM 64 3.0.2.0 return incorrect time information when executing the uname -a command.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1197)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0136", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14835", "CVE-2019-15030", "CVE-2019-15031", "CVE-2019-15090", "CVE-2019-15098", "CVE-2019-15099", "CVE-2019-15212", "CVE-2019-15213", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15504", "CVE-2019-15918", "CVE-2019-15922", "CVE-2019-15923", "CVE-2019-15924", "CVE-2019-15926", "CVE-2019-16089", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16714", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18806", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-18813", "CVE-2019-18885", "CVE-2019-19066"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2020-1197.NASL", "href": "https://www.tenable.com/plugins/nessus/134486", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134486);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-0136\",\n \"CVE-2019-14814\",\n \"CVE-2019-14815\",\n \"CVE-2019-14816\",\n \"CVE-2019-14835\",\n \"CVE-2019-15030\",\n \"CVE-2019-15031\",\n \"CVE-2019-15090\",\n \"CVE-2019-15098\",\n \"CVE-2019-15099\",\n \"CVE-2019-15212\",\n \"CVE-2019-15213\",\n \"CVE-2019-15215\",\n \"CVE-2019-15216\",\n \"CVE-2019-15217\",\n \"CVE-2019-15504\",\n \"CVE-2019-15918\",\n \"CVE-2019-15922\",\n \"CVE-2019-15923\",\n \"CVE-2019-15924\",\n \"CVE-2019-15926\",\n \"CVE-2019-16089\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16714\",\n \"CVE-2019-16746\",\n \"CVE-2019-17052\",\n \"CVE-2019-17053\",\n \"CVE-2019-17054\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18806\",\n \"CVE-2019-18808\",\n \"CVE-2019-18809\",\n \"CVE-2019-18813\",\n \"CVE-2019-18885\",\n \"CVE-2019-19066\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2020-1197)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc. Security Fix(es):An issue was discovered\n in the Linux kernel before 5.2.3. There is a\n use-after-free caused by a malicious USB device in the\n drivers/media/usb/dvb-usb/dvb-usb-init.c\n driver.(CVE-2019-15213)An issue was discovered in the\n Linux kernel before 5.2.6. There is a use-after-free\n caused by a malicious USB device in the\n drivers/media/usb/cpia2/cpia2_usb.c\n driver.(CVE-2019-15215)An issue was discovered in the\n Linux kernel before 5.2.3. There is a NULL pointer\n dereference caused by a malicious USB device in the\n drivers/media/usb/zr364xx/zr364xx.c\n driver.(CVE-2019-15217)An issue was discovered in the\n Linux kernel before 5.1.8. There is a double-free\n caused by a malicious USB device in the\n drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An\n issue was discovered in the Linux kernel before 5.0.14.\n There is a NULL pointer dereference caused by a\n malicious USB device in the drivers/usb/misc/yurex.c\n driver.(CVE-2019-15216)An issue was discovered in\n drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before\n 5.1.12. In the qedi_dbg_* family of functions, there is\n an out-of-bounds read.(CVE-2019-15090)An issue was\n discovered in the Linux kernel before 5.0.9. There is a\n NULL pointer dereference for a cd data structure if\n alloc_disk fails in\n drivers/block/paride/pf.c.(CVE-2019-15923)An issue was\n discovered in the Linux kernel before 5.0.10.\n SMB2_negotiate in fs/cifs/smb2pdu.c has an\n out-of-bounds read because data structures are\n incompletely updated after a change from smb30 to\n smb21.(CVE-2019-15918)An issue was discovered in the\n Linux kernel before 5.0.9. There is a NULL pointer\n dereference for a pf data structure if alloc_disk fails\n in drivers/block/paride/pf.c.(CVE-2019-15922)An issue\n was discovered in the Linux kernel before 5.2.3. Out of\n bounds access exists in the functions\n ath6kl_wmi_pstream_timeout_event_rx and\n ath6kl_wmi_cac_event_rx in the file\n driverset/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An\n issue was discovered in the Linux kernel before 5.0.11.\n fm10k_init_module in\n driverset/ethernet/intel/fm10k/fm10k_main.c has a NULL\n pointer dereference because there is no -ENOMEM upon an\n alloc_workqueue failure.(CVE-2019-15924)A buffer\n overflow flaw was found, in versions from 2.6.34 to\n 5.2.x, in the way Linux kernel's vhost functionality\n that translates virtqueue buffers to IOVs, logged the\n buffer descriptors during migration. A privileged guest\n user able to pass descriptors with invalid length to\n the host when migration is underway, could use this\n flaw to increase their privileges on the\n host.(CVE-2019-14835)In the Linux kernel through 5.2.14\n on the powerpc platform, a local user can read vector\n registers of other users' processes via an interrupt.\n To exploit the venerability, a local user starts a\n transaction (via the hardware transactional memory\n instruction tbegin) and then accesses vector registers.\n At some point, the vector registers will be corrupted\n with the values from a different local Linux process,\n because MSR_TM_ACTIVE is misused in\n arch/powerpc/kernel/process.c.(CVE-2019-15031)In the\n Linux kernel through 5.2.14 on the powerpc platform, a\n local user can read vector registers of other users'\n processes via a Facility Unavailable exception. To\n exploit the venerability, a local user starts a\n transaction (via the hardware transactional memory\n instruction tbegin) and then accesses vector registers.\n At some point, the vector registers will be corrupted\n with the values from a different local Linux process\n because of a missing arch/powerpc/kernel/process.c\n check.(CVE-2019-15030)There is heap-based buffer\n overflow in kernel, all versions up to, excluding 5.3,\n in the marvell wifi chip driver in Linux kernel, that\n allows local users to cause a denial of service(system\n crash) or possibly execute arbitrary\n code.(CVE-2019-14816)A vulnerability was found in Linux\n Kernel, where a Heap Overflow was found in\n mwifiex_set_wmm_params() function of Marvell Wifi\n Driver.(CVE-2019-14815)There is heap-based buffer\n overflow in Linux kernel, all versions up to, excluding\n 5.3, in the marvell wifi chip driver in Linux kernel,\n that allows local users to cause a denial of\n service(system crash) or possibly execute arbitrary\n code.(CVE-2019-14814)driverset/wireless/ath/ath10k/usb.\n c in the Linux kernel through 5.2.8 has a NULL pointer\n dereference via an incomplete address in an endpoint\n descriptor.(CVE-2019-15099)driverset/wireless/ath/ath6k\n l/usb.c in the Linux kernel through 5.2.8 has a NULL\n pointer dereference via an incomplete address in an\n endpoint\n descriptor.(CVE-2019-15098)driverset/wireless/rsi/rsi_9\n 1x_usb.c in the Linux kernel through 5.2.9 has a Double\n Free via crafted USB device traffic (which may be\n remote via usbip or usbredir).CVE-2019-15504)In the\n Linux kernel before 5.2.14, rds6_inc_info_copy in\n net/rds/recv.c allows attackers to obtain sensitive\n information from kernel stack memory because tos and\n flags fields are not\n initialized.(CVE-2019-16714)drivers/scsi/qla2xxx/qla_os\n .c in the Linux kernel 5.2.14 does not check the\n alloc_workqueue return value, leading to a NULL pointer\n dereference.(CVE-2019-16233)An issue was discovered in\n the Linux kernel through 5.2.13. nbd_genl_status in\n drivers/blockbd.c does not check the\n nla_nest_start_noflag return\n value.(CVE-2019-16089)llcp_sock_create in\n netfc/llcp_sock.c in the AF_NFC network module in the\n Linux kernel through 5.3.2 does not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka\n CID-3a359798b176.(CVE-2019-17056)base_sock_create in\n drivers/isdn/mISDN/socket.c in the AF_ISDN network\n module in the Linux kernel through 5.3.2 does not\n enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-b91ee4aa2a21.(CVE-2019-17055)atalk_create in\n net/appletalk/ddp.c in the AF_APPLETALK network module\n in the Linux kernel through 5.3.2 does not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka\n CID-6cc03e8aa36c.(CVE-2019-17054)ieee802154_create in\n net/ieee802154/socket.c in the AF_IEEE802154 network\n module in the Linux kernel through 5.3.2 does not\n enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-e69dbd4619e7.(CVE-2019-17053)ax25_create in\n net/ax25/af_ax25.c in the AF_AX25 network module in the\n Linux kernel through 5.3.2 does not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka\n CID-0614e2b73768.(CVE-2019-17052)An issue was\n discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance.(CVE-2019-17075)rtl_p2p_noa_ie in\n driverset/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer overflow.(CVE-2019-17666)In the\n Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid\n in net/wireless/wext-sme.c does not reject a long SSID\n IE, leading to a Buffer Overflow.(CVE-2019-17133)An\n issue was discovered in net/wirelessl80211.c in the\n Linux kernel through 5.2.17. It does not check the\n length of variable elements in a beacon head, leading\n to a buffer overflow.(CVE-2019-16746)Insufficient\n access control in the Intel(R) PROSet/Wireless WiFi\n Software driver before version 21.10 may allow an\n unauthenticated user to potentially enable denial of\n service via adjacent\n access.(CVE-2019-0136)driverset/wireless/intel/iwlwifi/\n pcie/trans.c in the Linux kernel 5.2.14 does not check\n the alloc_workqueue return value, leading to a NULL\n pointer dereference.(CVE-2019-16234)A memory leak in\n the ql_alloc_large_buffers() function in\n driverset/ethernet/qlogic/qla3xxx.c in the Linux kernel\n before 5.3.5 allows local users to cause a denial of\n service (memory consumption) by triggering\n pci_dma_mapping_error() failures, aka\n CID-1acb8f2a7a9f.(CVE-2019-18806)A memory leak in the\n dwc3_pci_probe() function in\n drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through\n 5.3.9 allows attackers to cause a denial of service\n (memory consumption) by triggering\n platform_device_add_properties() failures, aka\n CID-9bbfceea12a8.(CVE-2019-18813)A memory leak in the\n af9005_identify_state() function in\n drivers/media/usb/dvb-usb/af9005.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-2289adbfa559.(CVE-2019-18809)fs/btrfs/volumes.c in\n the Linux kernel before 5.1 allows a\n btrfs_verify_dev_extents NULL pointer dereference via a\n crafted btrfs image because fs_devices->devices is\n mishandled within find_device, aka\n CID-09ba3bc9dd15.(CVE-2019-18885)A memory leak in the\n ccp_run_sha_cmd() function in\n drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-128c66429247.(CVE-2019-18808)A memory leak in the\n bfad_im_get_stats() function in\n drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka\n CID-0e62395da2bd.(CVE-2019-19066)Note:\n kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions\n in EulerOS Virtualization for ARM 64 3.0.2.0 return\n incorrect time information when executing the uname -a\n command.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1197\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c0e492e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h529\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h529\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h529\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h529\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h529\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h529\",\n \"perf-4.19.36-vhulk1907.1.0.h529\",\n \"python-perf-4.19.36-vhulk1907.1.0.h529\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-17T15:58:29", "description": "The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2020-0044 for details.", "cvss3": {}, "published": "2020-10-12T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10905", "CVE-2016-10906", "CVE-2017-16528", "CVE-2017-16644", "CVE-2017-8924", "CVE-2017-8925", "CVE-2018-16884", "CVE-2018-20856", "CVE-2018-9415", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-14898", "CVE-2019-15218", "CVE-2019-15505", "CVE-2019-15927", "CVE-2019-16746", "CVE-2019-17075", "CVE-2019-18885", "CVE-2019-19049", "CVE-2019-19052", "CVE-2019-19062", "CVE-2019-19073", "CVE-2019-19535", "CVE-2019-19768", "CVE-2019-19965", "CVE-2019-20054", "CVE-2019-20096", "CVE-2019-20811", "CVE-2019-20812", "CVE-2019-3846", "CVE-2019-3874", "CVE-2019-5108", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2020-10720", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10769", "CVE-2020-14314", "CVE-2020-14331", "CVE-2020-1749", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285"], "modified": "2020-10-15T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2020-0044.NASL", "href": "https://www.tenable.com/plugins/nessus/141374", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0044.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141374);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/15\");\n\n script_cve_id(\"CVE-2016-10905\", \"CVE-2016-10906\", \"CVE-2017-16528\", \"CVE-2017-16644\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2018-16884\", \"CVE-2018-20856\", \"CVE-2018-9415\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11487\", \"CVE-2019-14898\", \"CVE-2019-15218\", \"CVE-2019-15505\", \"CVE-2019-15927\", \"CVE-2019-16746\", \"CVE-2019-17075\", \"CVE-2019-18885\", \"CVE-2019-19049\", \"CVE-2019-19052\", \"CVE-2019-19062\", \"CVE-2019-19073\", \"CVE-2019-19535\", \"CVE-2019-19768\", \"CVE-2019-19965\", \"CVE-2019-20054\", \"CVE-2019-20096\", \"CVE-2019-20811\", \"CVE-2019-20812\", \"CVE-2019-3846\", \"CVE-2019-3874\", \"CVE-2019-5108\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\", \"CVE-2020-10720\", \"CVE-2020-10732\", \"CVE-2020-10751\", \"CVE-2020-10769\", \"CVE-2020-14314\", \"CVE-2020-14331\", \"CVE-2020-1749\", \"CVE-2020-25212\", \"CVE-2020-25284\", \"CVE-2020-25285\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0044)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates : please see Oracle VM Security Advisory\nOVMSA-2020-0044 for details.\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2020-October/001000.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea0c3926\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2020-October/001002.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d3070470\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.43.4.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.43.4.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T15:24:57", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).(CVE-2019-15504)\n\n - In the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.(CVE-2019-16714)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16233)\n\n - An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.(CVE-2019-16089)\n\n - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.(CVE-2019-17056)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.(CVE-2019-17055)\n\n - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.(CVE-2019-17054)\n\n - ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.(CVE-2019-17053)\n\n - ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.(CVE-2019-17052)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.(CVE-2019-16746)\n\n - Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16234)\n\n - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.(CVE-2019-18813)\n\n - A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.(CVE-2019-18809)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.(CVE-2019-18808)\n\n - A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.(CVE-2019-19066)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.(CVE-2019-19074)\n\n - A vulnerability in the web server of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to set sensitive configuration values and gain elevated privileges. The vulnerability is due to improper handling of substring comparison operations that are performed by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected software. A successful exploit could allow the attacker with read-only privileges to gain administrator privileges.(CVE-2019-19073)\n\n - Two memory leaks in the rtl_usb_probe() function in drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption), aka CID-3f9361695113.(CVE-2019-19063)\n\n - Two memory leaks in the mwifiex_pcie_init_evt_ring() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-d10dcb615c8e.(CVE-2019-19057)\n\n - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf() function in drivers/net/wireless/marvell/mwifiex/pcie.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mwifiex_map_pci_memory() failures, aka CID-db8fd2cde932.(CVE-2019-19056)\n\n - A memory leak in the gs_can_open() function in drivers/net/can/usb/gs_usb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-fb5be6a7b486.(CVE-2019-19052)\n\n - An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aa_label_parse() fails in aa_audit_rule_init() in security/apparmor/audit.c.(CVE-2019-18814)\n\n - Memory leaks in *clock_source_create() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption). This affects the dce112_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c , the dce100_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c , the dcn10_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, the dcn20_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c, the dce120_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c , the dce110_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c , and the dce80_clock_source_create() function in drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c, aka CID-055e547478a1.(CVE-2019-19083)\n\n - Memory leaks in *create_resource_pool() functions under drivers/gpu/drm/amd/display/dc in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption). This affects the dce120_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c , the dce110_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c , the dce100_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c , the dcn10_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c, and the dce112_create_resource_pool() function in drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c , aka CID-104c307147ad.(CVE-2019-19082)\n\n - A memory leak in the nfp_flower_spawn_vnic_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allows attackers to cause a denial of service (memory consumption), aka CID-8ce39eb5a67a.(CVE-2019-19081)\n\n - Four memory leaks in the nfp_flower_spawn_phy_reprs() function in drivers/net/ethernet/netronome/nfp/flower/main.c in the Linux kernel before 5.3.4 allow attackers to cause a denial of service (memory consumption), aka CID-8572cea1461a.(CVE-2019-19080)\n\n - A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.(CVE-2019-19079)\n\n - A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.(CVE-2019-19078)\n\n - A memory leak in the bnxt_re_create_srq() function in drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering copy to udata failures, aka CID-4a9d46a9fe14.(CVE-2019-19077)\n\n - A memory leak in the ca8210_probe() function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service (memory consumption) by triggering ca8210_get_platform_data() failures, aka CID-6402939ec86e.(CVE-2019-19075)\n\n - A memory leak in the rsi_send_beacon() function in drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering rsi_prepare_beacon() failures, aka CID-d563131ef23c.(CVE-2019-19071)\n\n - A memory leak in the rtl8xxxu_submit_int_urb() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-a2cdd07488e6.(CVE-2019-19068)\n\n - ** DISPUTED ** Four memory leaks in the acp_hw_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux kernel before 5.3.8 allow attackers to cause a denial of service (memory consumption) by triggering mfd_add_hotplug_devices() or pm_genpd_add_device() failures, aka CID-57be09c6e874. NOTE: third parties dispute the relevance of this because the attacker must already have privileges for module loading.(CVE-2019-19067)\n\n - A memory leak in the sdma_init() function in drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering rhashtable_init() failures, aka CID-34b3be18a04e.(CVE-2019-19065)\n\n - Multiple memory leaks in the iwl_pcie_ctxt_info_gen3_init() function in drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.\n c in the Linux kernel through 5.3.11 allow attackers to cause a denial of service (memory consumption) by triggering iwl_pcie_init_fw_sec() or dma_alloc_coherent() failures, aka CID-0f4f199443fa.(CVE-2019-19059)\n\n - A memory leak in the alloc_sgtable() function in drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering alloc_page() failures, aka CID-b4b814fec1a5.(CVE-2019-19058)\n\n - A memory leak in the i2400m_op_rfkill_sw_toggle() function in drivers/net/wimax/i2400m/op-rfkill.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-6f3ef5c25cc7.(CVE-2019-19051)\n\n - A memory leak in the mlx5_fpga_conn_create_cq() function in drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering mlx5_vector2eqn() failures, aka CID-c8c2a057fdc7.(CVE-2019-19045)\n\n - A memory leak in the predicate_parse() function in kernel/trace/trace_events_filter.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-96c5c6e6a5b6.(CVE-2019-19072)\n\n - ** DISPUTED ** A memory leak in the spi_gpio_probe() function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering devm_add_action_or_reset() failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the system must have already been out of memory before the probe began.(CVE-2019-19070)\n\n - ** DISPUTED ** A memory leak in the unittest_data_add() function in drivers/of/unittest.c in the Linux kernel before 5.3.10 allows attackers to cause a denial of service (memory consumption) by triggering of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a.\n NOTE: third parties dispute the relevance of this because unittest.c can only be reached during boot.(CVE-2019-19049)\n\n - In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uninitialized in rcar_drif_g_fmt_sdr_cap in drivers/media/platform/rcar_drif.c, which could cause a memory disclosure problem.(CVE-2019-18786)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.(CVE-2019-19054)\n\n - An issue was discovered in drivers/media/platform/vivid in the Linux kernel through 5.3.8. It is exploitable for privilege escalation on some Linux distributions where local users have /dev/video0 access, but only if the driver happens to be loaded. There are multiple race conditions during streaming stopping in this driver (part of the V4L2 subsystem). These issues are caused by wrong mutex locking in vivid_stop_generating_vid_cap(), vivid_stop_generating_vid_out(), sdr_cap_stop_streaming(), and the corresponding kthreads. At least one of these race conditions leads to a use-after-free.(CVE-2019-18683)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-01-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : kernel (EulerOS-SA-2020-1042)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0136", "CVE-2019-15504", "CVE-2019-16089", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-16714", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18683", "CVE-2019-18786", "CVE-2019-18806", "CVE-2019-18808", "CVE-2019-18809", "CVE-2019-18813", "CVE-2019-18814", "CVE-2019-19045", "CVE-2019-19049", "CVE-2019-19051", "CVE-2019-19052", "CVE-2019-19054", "CVE-2019-19056", "CVE-2019-19057", "CVE-2019-19058", "CVE-2019-19059", "CVE-2019-19063", "CVE-2019-19065", "CVE-2019-19066", "CVE-2019-19067", "CVE-2019-19068", "CVE-2019-19070", "CVE-2019-19071", "CVE-2019-19072", "CVE-2019-19073", "CVE-2019-19074", "CVE-2019-19075", "CVE-2019-19077", "CVE-2019-19078", "CVE-2019-19079", "CVE-2019-19080", "CVE-2019-19081", "CVE-2019-19082", "CVE-2019-19083"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:3.0.5.0"], "id": "EULEROS_SA-2020-1042.NASL", "href": "https://www.tenable.com/plugins/nessus/132796", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132796);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2019-0136\",\n \"CVE-2019-15504\",\n \"CVE-2019-16089\",\n \"CVE-2019-16233\",\n \"CVE-2019-16234\",\n \"CVE-2019-16714\",\n \"CVE-2019-16746\",\n \"CVE-2019-17052\",\n \"CVE-2019-17053\",\n \"CVE-2019-17054\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18683\",\n \"CVE-2019-18786\",\n \"CVE-2019-18806\",\n \"CVE-2019-18808\",\n \"CVE-2019-18809\",\n \"CVE-2019-18813\",\n \"CVE-2019-18814\",\n \"CVE-2019-19045\",\n \"CVE-2019-19049\",\n \"CVE-2019-19051\",\n \"CVE-2019-19052\",\n \"CVE-2019-19054\",\n \"CVE-2019-19056\",\n \"CVE-2019-19057\",\n \"CVE-2019-19058\",\n \"CVE-2019-19059\",\n \"CVE-2019-19063\",\n \"CVE-2019-19065\",\n \"CVE-2019-19066\",\n \"CVE-2019-19067\",\n \"CVE-2019-19068\",\n \"CVE-2019-19070\",\n \"CVE-2019-19071\",\n \"CVE-2019-19072\",\n \"CVE-2019-19073\",\n \"CVE-2019-19074\",\n \"CVE-2019-19075\",\n \"CVE-2019-19077\",\n \"CVE-2019-19078\",\n \"CVE-2019-19079\",\n \"CVE-2019-19080\",\n \"CVE-2019-19081\",\n \"CVE-2019-19082\",\n \"CVE-2019-19083\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : kernel (EulerOS-SA-2020-1042)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux\n kernel through 5.2.9 has a Double Free via crafted USB\n device traffic (which may be remote via usbip or\n usbredir).(CVE-2019-15504)\n\n - In the Linux kernel before 5.2.14, rds6_inc_info_copy\n in net/rds/recv.c allows attackers to obtain sensitive\n information from kernel stack memory because tos and\n flags fields are not initialized.(CVE-2019-16714)\n\n - drivers/scsi/qla2xxx/qla_os.c in the Linux kernel\n 5.2.14 does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference.(CVE-2019-16233)\n\n - An issue was discovered in the Linux kernel through\n 5.2.13. nbd_genl_status in drivers/block/nbd.c does not\n check the nla_nest_start_noflag return\n value.(CVE-2019-16089)\n\n - llcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC\n network module in the Linux kernel through 5.3.2 does\n not enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-3a359798b176.(CVE-2019-17056)\n\n - base_sock_create in drivers/isdn/mISDN/socket.c in the\n AF_ISDN network module in the Linux kernel through\n 5.3.2 does not enforce CAP_NET_RAW, which means that\n unprivileged users can create a raw socket, aka\n CID-b91ee4aa2a21.(CVE-2019-17055)\n\n - atalk_create in net/appletalk/ddp.c in the AF_APPLETALK\n network module in the Linux kernel through 5.3.2 does\n not enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-6cc03e8aa36c.(CVE-2019-17054)\n\n - ieee802154_create in net/ieee802154/socket.c in the\n AF_IEEE802154 network module in the Linux kernel\n through 5.3.2 does not enforce CAP_NET_RAW, which means\n that unprivileged users can create a raw socket, aka\n CID-e69dbd4619e7.(CVE-2019-17053)\n\n - ax25_create in net/ax25/af_ax25.c in the AF_AX25\n network module in the Linux kernel through 5.3.2 does\n not enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-0614e2b73768.(CVE-2019-17052)\n\n - An issue was discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance.(CVE-2019-17075)\n\n - rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer overflow.(CVE-2019-17666)\n\n - In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow.(CVE-2019-17133)\n\n - An issue was discovered in net/wireless/nl80211.c in\n the Linux kernel through 5.2.17. It does not check the\n length of variable elements in a beacon head, leading\n to a buffer overflow.(CVE-2019-16746)\n\n - Insufficient access control in the Intel(R)\n PROSet/Wireless WiFi Software driver before version\n 21.10 may allow an unauthenticated user to potentially\n enable denial of service via adjacent\n access.(CVE-2019-0136)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the\n Linux kernel 5.2.14 does not check the alloc_workqueue\n return value, leading to a NULL pointer\n dereference.(CVE-2019-16234)\n\n - A memory leak in the ql_alloc_large_buffers() function\n in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux\n kernel before 5.3.5 allows local users to cause a\n denial of service (memory consumption) by triggering\n pci_dma_mapping_error() failures, aka\n CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - A memory leak in the dwc3_pci_probe() function in\n drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through\n 5.3.9 allows attackers to cause a denial of service\n (memory consumption) by triggering\n platform_device_add_properties() failures, aka\n CID-9bbfceea12a8.(CVE-2019-18813)\n\n - A memory leak in the af9005_identify_state() function\n in drivers/media/usb/dvb-usb/af9005.c in the Linux\n kernel through 5.3.9 allows attackers to cause a denial\n of service (memory consumption), aka\n CID-2289adbfa559.(CVE-2019-18809)\n\n - A memory leak in the ccp_run_sha_cmd() function in\n drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-128c66429247.(CVE-2019-18808)\n\n - A memory leak in the bfad_im_get_stats() function in\n drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka\n CID-0e62395da2bd.(CVE-2019-19066)\n\n - A memory leak in the ath9k_wmi_cmd() function in\n drivers/net/wireless/ath/ath9k/wmi.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption), aka\n CID-728c1e2a05e4.(CVE-2019-19074)\n\n - A vulnerability in the web server of Cisco Integrated\n Management Controller (IMC) could allow an\n authenticated, remote attacker to set sensitive\n configuration values and gain elevated privileges. The\n vulnerability is due to improper handling of substring\n comparison operations that are performed by the\n affected software. An attacker could exploit this\n vulnerability by sending a crafted HTTP request to the\n affected software. A successful exploit could allow the\n attacker with read-only privileges to gain\n administrator privileges.(CVE-2019-19073)\n\n - Two memory leaks in the rtl_usb_probe() function in\n drivers/net/wireless/realtek/rtlwifi/usb.c in the Linux\n kernel through 5.3.11 allow attackers to cause a denial\n of service (memory consumption), aka\n CID-3f9361695113.(CVE-2019-19063)\n\n - Two memory leaks in the mwifiex_pcie_init_evt_ring()\n function in drivers/net/wireless/marvell/mwifiex/pcie.c\n in the Linux kernel through 5.3.11 allow attackers to\n cause a denial of service (memory consumption) by\n triggering mwifiex_map_pci_memory() failures, aka\n CID-d10dcb615c8e.(CVE-2019-19057)\n\n - A memory leak in the mwifiex_pcie_alloc_cmdrsp_buf()\n function in drivers/net/wireless/marvell/mwifiex/pcie.c\n in the Linux kernel through 5.3.11 allows attackers to\n cause a denial of service (memory consumption) by\n triggering mwifiex_map_pci_memory() failures, aka\n CID-db8fd2cde932.(CVE-2019-19056)\n\n - A memory leak in the gs_can_open() function in\n drivers/net/can/usb/gs_usb.c in the Linux kernel before\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption) by triggering usb_submit_urb()\n failures, aka CID-fb5be6a7b486.(CVE-2019-19052)\n\n - An issue was discovered in the Linux kernel through\n 5.3.9. There is a use-after-free when aa_label_parse()\n fails in aa_audit_rule_init() in\n security/apparmor/audit.c.(CVE-2019-18814)\n\n - Memory leaks in *clock_source_create() functions under\n drivers/gpu/drm/amd/display/dc in the Linux kernel\n before 5.3.8 allow attackers to cause a denial of\n service (memory consumption). This affects the\n dce112_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c\n , the dce100_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c\n , the dcn10_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,\n the dcn20_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c,\n the dce120_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c\n , the dce110_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c\n , and the dce80_clock_source_create() function in\n drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c,\n aka CID-055e547478a1.(CVE-2019-19083)\n\n - Memory leaks in *create_resource_pool() functions under\n drivers/gpu/drm/amd/display/dc in the Linux kernel\n through 5.3.11 allow attackers to cause a denial of\n service (memory consumption). This affects the\n dce120_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c\n , the dce110_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c\n , the dce100_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c\n , the dcn10_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,\n and the dce112_create_resource_pool() function in\n drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c\n , aka CID-104c307147ad.(CVE-2019-19082)\n\n - A memory leak in the nfp_flower_spawn_vnic_reprs()\n function in\n drivers/net/ethernet/netronome/nfp/flower/main.c in the\n Linux kernel before 5.3.4 allows attackers to cause a\n denial of service (memory consumption), aka\n CID-8ce39eb5a67a.(CVE-2019-19081)\n\n - Four memory leaks in the nfp_flower_spawn_phy_reprs()\n function in\n drivers/net/ethernet/netronome/nfp/flower/main.c in the\n Linux kernel before 5.3.4 allow attackers to cause a\n denial of service (memory consumption), aka\n CID-8572cea1461a.(CVE-2019-19080)\n\n - A memory leak in the qrtr_tun_write_iter() function in\n net/qrtr/tun.c in the Linux kernel before 5.3 allows\n attackers to cause a denial of service (memory\n consumption), aka CID-a21b7f0cff19.(CVE-2019-19079)\n\n - A memory leak in the ath10k_usb_hif_tx_sg() function in\n drivers/net/wireless/ath/ath10k/usb.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n usb_submit_urb() failures, aka\n CID-b8d17e7d93d2.(CVE-2019-19078)\n\n - A memory leak in the bnxt_re_create_srq() function in\n drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n copy to udata failures, aka\n CID-4a9d46a9fe14.(CVE-2019-19077)\n\n - A memory leak in the ca8210_probe() function in\n drivers/net/ieee802154/ca8210.c in the Linux kernel\n before 5.3.8 allows attackers to cause a denial of\n service (memory consumption) by triggering\n ca8210_get_platform_data() failures, aka\n CID-6402939ec86e.(CVE-2019-19075)\n\n - A memory leak in the rsi_send_beacon() function in\n drivers/net/wireless/rsi/rsi_91x_mgmt.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n rsi_prepare_beacon() failures, aka\n CID-d563131ef23c.(CVE-2019-19071)\n\n - A memory leak in the rtl8xxxu_submit_int_urb() function\n in\n drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c\n in the Linux kernel through 5.3.11 allows attackers to\n cause a denial of service (memory consumption) by\n triggering usb_submit_urb() failures, aka\n CID-a2cdd07488e6.(CVE-2019-19068)\n\n - ** DISPUTED ** Four memory leaks in the acp_hw_init()\n function in drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in\n the Linux kernel before 5.3.8 allow attackers to cause\n a denial of service (memory consumption) by triggering\n mfd_add_hotplug_devices() or pm_genpd_add_device()\n failures, aka CID-57be09c6e874. NOTE: third parties\n dispute the relevance of this because the attacker must\n already have privileges for module\n loading.(CVE-2019-19067)\n\n - A memory leak in the sdma_init() function in\n drivers/infiniband/hw/hfi1/sdma.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption) by triggering\n rhashtable_init() failures, aka\n CID-34b3be18a04e.(CVE-2019-19065)\n\n - Multiple memory leaks in the\n iwl_pcie_ctxt_info_gen3_init() function in\n drivers/net/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.\n c in the Linux kernel through 5.3.11 allow attackers to\n cause a denial of service (memory consumption) by\n triggering iwl_pcie_init_fw_sec() or\n dma_alloc_coherent() failures, aka\n CID-0f4f199443fa.(CVE-2019-19059)\n\n - A memory leak in the alloc_sgtable() function in\n drivers/net/wireless/intel/iwlwifi/fw/dbg.c in the\n Linux kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n alloc_page() failures, aka\n CID-b4b814fec1a5.(CVE-2019-19058)\n\n - A memory leak in the i2400m_op_rfkill_sw_toggle()\n function in drivers/net/wimax/i2400m/op-rfkill.c in the\n Linux kernel before 5.3.11 allows attackers to cause a\n denial of service (memory consumption), aka\n CID-6f3ef5c25cc7.(CVE-2019-19051)\n\n - A memory leak in the mlx5_fpga_conn_create_cq()\n function in\n drivers/net/ethernet/mellanox/mlx5/core/fpga/conn.c in\n the Linux kernel before 5.3.11 allows attackers to\n cause a denial of service (memory consumption) by\n triggering mlx5_vector2eqn() failures, aka\n CID-c8c2a057fdc7.(CVE-2019-19045)\n\n - A memory leak in the predicate_parse() function in\n kernel/trace/trace_events_filter.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-96c5c6e6a5b6.(CVE-2019-19072)\n\n - ** DISPUTED ** A memory leak in the spi_gpio_probe()\n function in drivers/spi/spi-gpio.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n devm_add_action_or_reset() failures, aka\n CID-d3b0ffa1d75d. NOTE: third parties dispute the\n relevance of this because the system must have already\n been out of memory before the probe\n began.(CVE-2019-19070)\n\n - ** DISPUTED ** A memory leak in the unittest_data_add()\n function in drivers/of/unittest.c in the Linux kernel\n before 5.3.10 allows attackers to cause a denial of\n service (memory consumption) by triggering\n of_fdt_unflatten_tree() failures, aka CID-e13de8fe0d6a.\n NOTE: third parties dispute the relevance of this\n because unittest.c can only be reached during\n boot.(CVE-2019-19049)\n\n - In the Linux kernel through 5.3.8, f->fmt.sdr.reserved\n is uninitialized in rcar_drif_g_fmt_sdr_cap in\n drivers/media/platform/rcar_drif.c, which could cause a\n memory disclosure problem.(CVE-2019-18786)\n\n - A memory leak in the cx23888_ir_probe() function in\n drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka\n CID-a7b2df76b42b.(CVE-2019-19054)\n\n - An issue was discovered in drivers/media/platform/vivid\n in the Linux kernel through 5.3.8. It is exploitable\n for privilege escalation on some Linux distributions\n where local users have /dev/video0 access, but only if\n the driver happens to be loaded. There are multiple\n race conditions during streaming stopping in this\n driver (part of the V4L2 subsystem). These issues are\n caused by wrong mutex locking in\n vivid_stop_generating_vid_cap(),\n vivid_stop_generating_vid_out(),\n sdr_cap_stop_streaming(), and the corresponding\n kthreads. At least one of these race conditions leads\n to a use-after-free.(CVE-2019-18683)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1042\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b1dfef53\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h619.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:55", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)\n\n - The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.(CVE-2014-9892)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.(CVE-2019-19054)\n\n - A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.(CVE-2019-19060)\n\n - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.(CVE-2019-19061)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.(CVE-2019-19062)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.(CVE-2019-18808)\n\n - In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma.\n This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product:\n Android. Versions: Android kernel. Android ID:\n A-66954097.(CVE-2017-13216)\n\n - A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)\n\n - The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.(CVE-2016-4486)\n\n - The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.(CVE-2017-5897)\n\n - In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.(CVE-2017-7482)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.(CVE-2018-14625)\n\n - drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16647)\n\n - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.(CVE-2018-7755)\n\n - The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.(CVE-2015-7833)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.(CVE-2019-3846)\n\n - drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16232)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16234)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16231)\n\n - Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.(CVE-2019-10126)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka 'KNOB') that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.(CVE-2019-9506)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.(CVE-2019-16746)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel.(CVE-2018-9363)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)\n\n - arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.(CVE-2014-9888)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)\n\n - The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.(CVE-2012-2372)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)\n\n - A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.(CVE-2019-19066)\n\n - The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.(CVE-2016-3857)\n\n - arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the 'strict page permissions' protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.(CVE-2015-8967)\n\n - arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.(CVE-2015-8955)\n\n - The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.(CVE-2014-7843)\n\n - The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.(CVE-2017-15537)\n\n - The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.(CVE-2014-9870)\n\n - ** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant.(CVE-2018-7995)\n\n - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.(CVE-2014-4508)\n\n - arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.(CVE-2014-8133)\n\n - arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure\n _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.(CVE-2014-4157)\n\n - Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.(CVE-2015-4001)\n\n - drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.(CVE-2015-4002)\n\n - The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.(CVE-2015-4003)\n\n - The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.(CVE-2015-4004)\n\n - Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability.(CVE-2016-6130)\n\n - The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading '*from *code *flags' lines in a debugfs file.(CVE-2018-20510)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)\n\n - The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability.(CVE-2017-8831)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2531)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2372", "CVE-2014-4157", "CVE-2014-4508", "CVE-2014-7843", "CVE-2014-8133", "CVE-2014-9870", "CVE-2014-9888", "CVE-2014-9892", "CVE-2015-3332", "CVE-2015-4001", "CVE-2015-4002", "CVE-2015-4003", "CVE-2015-4004", "CVE-2015-7833", "CVE-2015-8955", "CVE-2015-8967", "CVE-2015-9289", "CVE-2016-2186", "CVE-2016-3857", "CVE-2016-4486", "CVE-2016-6130", "CVE-2017-13216", "CVE-2017-15537", "CVE-2017-16647", "CVE-2017-18551", "CVE-2017-5897", "CVE-2017-7482", "CVE-2017-8831", "CVE-2018-14625", "CVE-2018-20510", "CVE-2018-7755", "CVE-2018-7995", "CVE-2018-9363", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-16231", "CVE-2019-16232", "CVE-2019-16234", "CVE-2019-16746", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18806", "CVE-2019-18808", "CVE-2019-19054", "CVE-2019-19060", "CVE-2019-19061", "CVE-2019-19062", "CVE-2019-19066", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2531.NASL", "href": "https://www.tenable.com/plugins/nessus/131805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131805);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2012-2372\",\n \"CVE-2014-4157\",\n \"CVE-2014-4508\",\n \"CVE-2014-7843\",\n \"CVE-2014-8133\",\n \"CVE-2014-9870\",\n \"CVE-2014-9888\",\n \"CVE-2014-9892\",\n \"CVE-2015-3332\",\n \"CVE-2015-4001\",\n \"CVE-2015-4002\",\n \"CVE-2015-4003\",\n \"CVE-2015-4004\",\n \"CVE-2015-7833\",\n \"CVE-2015-8955\",\n \"CVE-2015-8967\",\n \"CVE-2015-9289\",\n \"CVE-2016-2186\",\n \"CVE-2016-3857\",\n \"CVE-2016-4486\",\n \"CVE-2016-6130\",\n \"CVE-2017-5897\",\n \"CVE-2017-7482\",\n \"CVE-2017-8831\",\n \"CVE-2017-13216\",\n \"CVE-2017-15537\",\n \"CVE-2017-16647\",\n \"CVE-2017-18551\",\n \"CVE-2018-7755\",\n \"CVE-2018-7995\",\n \"CVE-2018-9363\",\n \"CVE-2018-14625\",\n \"CVE-2018-20510\",\n \"CVE-2019-0136\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-16231\",\n \"CVE-2019-16232\",\n \"CVE-2019-16234\",\n \"CVE-2019-16746\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18806\",\n \"CVE-2019-18808\",\n \"CVE-2019-19054\",\n \"CVE-2019-19060\",\n \"CVE-2019-19061\",\n \"CVE-2019-19062\",\n \"CVE-2019-19066\"\n );\n script_bugtraq_id(\n 54062,\n 68083,\n 68126,\n 71082,\n 71684,\n 74232,\n 74668,\n 74672\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2531)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2186)\n\n - The snd_compr_tstamp function in\n sound/core/compress_offload.c in the Linux kernel\n through 4.7, as used in Android before 2016-08-05 on\n Nexus 5 and 7 (2013) devices, does not properly\n initialize a timestamp data structure, which allows\n attackers to obtain sensitive information via a crafted\n application, aka Android internal bug 28770164 and\n Qualcomm internal bug CR568717.(CVE-2014-9892)\n\n - A memory leak in the cx23888_ir_probe() function in\n drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka\n CID-a7b2df76b42b.(CVE-2019-19054)\n\n - A memory leak in the adis_update_scan_mode() function\n in drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-ab612b1daf41.(CVE-2019-19060)\n\n - A memory leak in the adis_update_scan_mode_burst()\n function in drivers/iio/imu/adis_buffer.c in the Linux\n kernel before 5.3.9 allows attackers to cause a denial\n of service (memory consumption), aka\n CID-9c0530e898f3.(CVE-2019-19061)\n\n - A memory leak in the crypto_report() function in\n crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption) by triggering crypto_report_alg()\n failures, aka CID-ffdde5932042.(CVE-2019-19062)\n\n - A memory leak in the ccp_run_sha_cmd() function in\n drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-128c66429247.(CVE-2019-18808)\n\n - In ashmem_ioctl of ashmem.c, there is an out-of-bounds\n write due to insufficient locking when accessing asma.\n This could lead to a local elevation of privilege\n enabling code execution as a privileged process with no\n additional execution privileges needed. User\n interaction is not needed for exploitation. Product:\n Android. Versions: Android kernel. Android ID:\n A-66954097.(CVE-2017-13216)\n\n - A certain backport in the TCP Fast Open implementation\n for the Linux kernel before 3.18 does not properly\n maintain a count value, which allow local users to\n cause a denial of service (system crash) via the Fast\n Open feature, as demonstrated by visiting the\n chrome://flags/#enable-tcp-fast-open URL when using\n certain 3.10.x through 3.16.x kernel builds, including\n longterm-maintenance releases and ckt (aka Canonical\n Kernel Team) builds.(CVE-2015-3332)\n\n - The rtnl_fill_link_ifmap function in\n net/core/rtnetlink.c in the Linux kernel before 4.5.5\n does not initialize a certain data structure, which\n allows local users to obtain sensitive information from\n kernel stack memory by reading a Netlink\n message.(CVE-2016-4486)\n\n - The ip6gre_err function in net/ipv6/ip6_gre.c in the\n Linux kernel allows remote attackers to have\n unspecified impact via vectors involving GRE flags in\n an IPv6 packet, which trigger an out-of-bounds\n access.(CVE-2017-5897)\n\n - In the Linux kernel before version 4.12, Kerberos 5\n tickets decoded when using the RXRPC keys incorrectly\n assumes the size of a field. This could lead to the\n size-remaining variable wrapping and the data pointer\n going over the end of the buffer. This could possibly\n lead to memory corruption and possible privilege\n escalation.(CVE-2017-7482)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to\n kernel-memory from within a vm guest. A race condition\n between connect() and close() function may allow an\n attacker using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other\n clients.(CVE-2018-14625)\n\n - drivers/net/usb/asix_devices.c in the Linux kernel\n through 4.13.11 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16647)\n\n - A memory leak in the ql_alloc_large_buffers() function\n in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux\n kernel before 5.3.5 allows local users to cause a\n denial of service (memory consumption) by triggering\n pci_dma_mapping_error() failures, aka\n CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - An issue was discovered in the fd_locked_ioctl function\n in drivers/block/floppy.c in the Linux kernel through\n 4.15.7. The floppy driver will copy a kernel pointer to\n user memory in response to the FDGETPRM ioctl. An\n attacker can send the FDGETPRM ioctl and use the\n obtained kernel pointer to discover the location of\n kernel code and data and bypass kernel security\n protections such as KASLR.(CVE-2018-7755)\n\n - The usbvision driver in the Linux kernel package\n 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red\n Hat Enterprise Linux (RHEL) 7.1 allows physically\n proximate attackers to cause a denial of service\n (panic) via a nonzero bInterfaceNumber value in a USB\n device descriptor.(CVE-2015-7833)\n\n - A flaw that allowed an attacker to corrupt memory and\n possibly escalate privileges was found in the mwifiex\n kernel module while connecting to a malicious wireless\n network.(CVE-2019-3846)\n\n - drivers/net/wireless/marvell/libertas/if_sdio.c in the\n Linux kernel 5.2.14 does not check the alloc_workqueue\n return value, leading to a NULL pointer\n dereference.(CVE-2019-16232)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the\n Linux kernel 5.2.14 does not check the alloc_workqueue\n return value, leading to a NULL pointer\n dereference.(CVE-2019-16234)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14\n does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference.(CVE-2019-16231)\n\n - Insufficient access control in the Intel(R)\n PROSet/Wireless WiFi Software driver before version\n 21.10 may allow an unauthenticated user to potentially\n enable denial of service via adjacent\n access.(CVE-2019-0136)\n\n - A flaw was found in the Linux kernel. A heap based\n buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead\n to memory corruption and possibly other\n consequences.(CVE-2019-10126)\n\n - The Bluetooth BR/EDR specification up to and including\n version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from\n influencing the key length negotiation. This allows\n practical brute-force attacks (aka 'KNOB') that can\n decrypt traffic and inject arbitrary ciphertext without\n the victim noticing.(CVE-2019-9506)\n\n - An issue was discovered in net/wireless/nl80211.c in\n the Linux kernel through 5.2.17. It does not check the\n length of variable elements in a beacon head, leading\n to a buffer overflow.(CVE-2019-16746)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel.(CVE-2018-9363)\n\n - An issue was discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance.(CVE-2019-17075)\n\n - rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer overflow.(CVE-2019-17666)\n\n - arch/arm/mm/dma-mapping.c in the Linux kernel before\n 3.13 on ARM platforms, as used in Android before\n 2016-08-05 on Nexus 5 and 7 (2013) devices, does not\n prevent executable DMA mappings, which might allow\n local users to gain privileges via a crafted\n application, aka Android internal bug 28803642 and\n Qualcomm internal bug CR642735.(CVE-2014-9888)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c\n in the Linux kernel before 4.14.15. There is an out of\n bounds write in the function\n i2c_smbus_xfer_emulated.(CVE-2017-18551)\n\n - The rds_ib_xmit function in net/rds/ib_send.c in the\n Reliable Datagram Sockets (RDS) protocol implementation\n in the Linux kernel 3.7.4 and earlier allows local\n users to cause a denial of service (BUG_ON and kernel\n panic) by establishing an RDS connection with the\n source IP address equal to the IPoIB interface's own IP\n address, as demonstrated by rds-ping.(CVE-2012-2372)\n\n - In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow.(CVE-2019-17133)\n\n - A memory leak in the bfad_im_get_stats() function in\n drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka\n CID-0e62395da2bd.(CVE-2019-19066)\n\n - The kernel in Android before 2016-08-05 on Nexus 7\n (2013) devices allows attackers to gain privileges via\n a crafted application, aka internal bug\n 28522518.(CVE-2016-3857)\n\n - arch/arm64/kernel/sys.c in the Linux kernel before 4.0\n allows local users to bypass the 'strict page\n permissions' protection mechanism and modify the\n system-call table, and consequently gain privileges, by\n leveraging write access.(CVE-2015-8967)\n\n - arch/arm64/kernel/perf_event.c in the Linux kernel\n before 4.1 on arm64 platforms allows local users to\n gain privileges or cause a denial of service (invalid\n pointer dereference) via vectors involving events that\n are mishandled during a span of multiple HW\n PMUs.(CVE-2015-8955)\n\n - The __clear_user function in\n arch/arm64/lib/clear_user.S in the Linux kernel before\n 3.17.4 on the ARM64 platform allows local users to\n cause a denial of service (system crash) by reading one\n byte beyond a /dev/zero page boundary.(CVE-2014-7843)\n\n - The x86/fpu (Floating Point Unit) subsystem in the\n Linux kernel before 4.13.5, when a processor supports\n the xsave feature but not the xsaves feature, does not\n correctly handle attempts to set reserved bits in the\n xstate header via the ptrace() or rt_sigreturn() system\n call, allowing local users to read the FPU registers of\n other processes on the system, related to\n arch/x86/kernel/fpu/regset.c and\n arch/x86/kernel/fpu/signal.c.(CVE-2017-15537)\n\n - The Linux kernel before 3.11 on ARM platforms, as used\n in Android before 2016-08-05 on Nexus 5 and 7 (2013)\n devices, does not properly consider user-space access\n to the TPIDRURW register, which allows local users to\n gain privileges via a crafted application, aka Android\n internal bug 28749743 and Qualcomm internal bug\n CR561044.(CVE-2014-9870)\n\n - ** DISPUTED ** Race condition in the\n store_int_with_restart() function in\n arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel\n through 4.15.7 allows local users to cause a denial of\n service (panic) by leveraging root access to write to\n the check_interval file in a\n /sys/devices/system/machinecheck/machinecheck\n directory. NOTE: a third party has indicated that this\n report is not security relevant.(CVE-2018-7995)\n\n - arch/x86/kernel/entry_32.S in the Linux kernel through\n 3.15.1 on 32-bit x86 platforms, when syscall auditing\n is enabled and the sep CPU feature flag is set, allows\n local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as\n demonstrated by number 1000.(CVE-2014-4508)\n\n - arch/x86/kernel/tls.c in the Thread Local Storage (TLS)\n implementation in the Linux kernel through 3.18.1\n allows local users to bypass the espfix protection\n mechanism, and consequently makes it easier for local\n users to bypass the ASLR protection mechanism, via a\n crafted application that makes a set_thread_area system\n call and later reads a 16-bit value.(CVE-2014-8133)\n\n - arch/mips/include/asm/thread_info.h in the Linux kernel\n before 3.14.8 on the MIPS platform does not configure\n _TIF_SECCOMP checks on the fast system-call path, which\n allows local users to bypass intended PR_SET_SECCOMP\n restrictions by executing a crafted application without\n invoking a trace or audit subsystem.(CVE-2014-4157)\n\n - Integer signedness error in the oz_hcd_get_desc_cnf\n function in drivers/staging/ozwpan/ozhcd.c in the\n OZWPAN driver in the Linux kernel through 4.0.5 allows\n remote attackers to cause a denial of service (system\n crash) or possibly execute arbitrary code via a crafted\n packet.(CVE-2015-4001)\n\n - drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver\n in the Linux kernel through 4.0.5 does not ensure that\n certain length values are sufficiently large, which\n allows remote attackers to cause a denial of service\n (system crash or large loop) or possibly execute\n arbitrary code via a crafted packet, related to the (1)\n oz_usb_rx and (2) oz_usb_handle_ep_data\n functions.(CVE-2015-4002)\n\n - The oz_usb_handle_ep_data function in\n drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver\n in the Linux kernel through 4.0.5 allows remote\n attackers to cause a denial of service (divide-by-zero\n error and system crash) via a crafted\n packet.(CVE-2015-4003)\n\n - The OZWPAN driver in the Linux kernel through 4.0.5\n relies on an untrusted length field during packet\n parsing, which allows remote attackers to obtain\n sensitive information from kernel memory or cause a\n denial of service (out-of-bounds read and system crash)\n via a crafted packet.(CVE-2015-4004)\n\n - Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel before\n 4.6 allows local users to obtain sensitive information\n from kernel memory by changing a certain length value,\n aka a 'double fetch' vulnerability.(CVE-2016-6130)\n\n - The print_binder_transaction_ilocked function in\n drivers/android/binder.c in the Linux kernel 4.14.90\n allows local users to obtain sensitive address\n information by reading '*from *code *flags' lines in a\n debugfs file.(CVE-2018-20510)\n\n - In the Linux kernel before 4.1.4, a buffer overflow\n occurs when checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size\n for a DiSEqC command is 6, according to the userspace\n API. However, the code allows larger values such as\n 23.(CVE-2015-9289)\n\n - The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux\n kernel through 4.11.5 allows local users to cause a\n denial of service (out-of-bounds array access) or\n possibly have unspecified other impact by changing a\n certain sequence-number value, aka a 'double fetch'\n vulnerability.(CVE-2017-8831)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2531\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2de1205c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3857\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h328.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:38", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network(CVE-2019-3846)\n\n - An issue was discovered in the Linux kernel before 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL pointer dereferences in ov511_mode_init_regs and ov518_mode_init_regs when there are zero endpoints(CVE-2020-11608)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.(CVE-2020-10942)\n\n - An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1.\n drivers/media/usb/gspca/stv06xx/stv06xx.c and drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c mishandle invalid descriptors, as demonstrated by a NULL pointer dereference, aka CID-485b06aadb93.(CVE-2020-11609)\n\n - An out-of-bounds write flaw was found in the Linux kernel. A crafted keycode table could be used by drivers/input/input.c to perform the out-of-bounds write. A local user with root access can insert garbage to this keycode table that can lead to out-of-bounds memory access. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2019-20636)\n\n - The kernel in Red Hat Enterprise Linux 7 and MRG-2 does not clear garbage data for SG_IO buffer, which may leaking sensitive information to userspace.(CVE-2014-8181)\n\n - A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.(CVE-2020-10751)\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'.(CVE-2019-1125)\n\n - A memory leak in the ath10k_usb_hif_tx_sg() function in drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering usb_submit_urb() failures, aka CID-b8d17e7d93d2.(CVE-2019-19078)\n\n - A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.(CVE-2020-10732)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.(CVE-2020-24394)\n\n - The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.(CVE-2020-16166)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)\n\n - In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932(CVE-2020-0009)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka CID-28ebeb8db770.(CVE-2020-15393)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.(CVE-2020-11668)\n\n - An issue was found in Linux kernel before 5.5.4.\n mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.(CVE-2020-12654)\n\n - An issue was discovered in the Linux kernel through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.(CVE-2020-13974)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.(CVE-2019-11085)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel.(CVE-2018-9363)\n\n - A flaw was found in the way mremap handled DAX Huge Pages. This flaw allows a local attacker with access to a DAX enabled storage to escalate their privileges on the system.(CVE-2020-10757)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.(CVE-2019-10126)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131. This occurs because the current umask is not considered.(CVE-2020-24394)\n\n - A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. The highest threat with this vulnerability is with the availability of the system. If code execution occurs, the code will run with the permissions of root. This will affect both confidentiality and integrity of files on the system.(CVE-2019-14901)\n\n - A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.(CVE-2019-14896)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)\n\n - The Broadcom brcmfmac WiFi driver prior to commit a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable to a frame validation bypass. If the brcmfmac driver receives a firmware event frame from a remote source, the is_wlc_event_frame function will cause this frame to be discarded and unprocessed. If the driver receives the firmware event frame from the host, the appropriate handler is called. This frame validation can be bypassed if the bus used is USB (for instance by a wifi dongle). This can allow firmware event frames from a remote source to be processed. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.(CVE-2019-9503)\n\n - An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.(CVE-2019-16413)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)\n\n - drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.(CVE-2019-15099)\n\n - A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects.(CVE-2019-10142)\n\n - The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely.\n In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.(CVE-2019-9500)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before 5.2), there is a use-after-free (write) in the i915_ppgtt_close function in drivers/gpu/drm/i915/i915_gem_gtt.c, aka CID-7dc40713618c. This is related to i915_gem_context_destroy_ioctl in drivers/gpu/drm/i915/i915_gem_context.c.(CVE-2020-7053)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.(CVE-2018-14625)\n\n - An issue was discovered in the Linux kernel before 5.0.5. There is a use-after-free issue when hci_uart_register_dev() fails in hci_uart_set_proto() in drivers/bluetooth/hci_ldisc.c.(CVE-2019-15917)\n\n - An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net/nfc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net/nfc/llcp_core.c.(CVE-2019-12818)\n\n - There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14816)\n\n - drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).(CVE-2019-15505)\n\n - There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14814)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)\n\n - An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)\n\n - In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the __blk_add_trace function in kernel/trace/blktrace.c (which is used to fill out a blk_io_trace structure and place it in a per-cpu sub-buffer).(CVE-2019-19768)\n\n - An issue was discovered in the Linux kernel through 5.5.6. set_fdc in drivers/block/floppy.c leads to a wait_til_ready out-of-bounds read because the FDC index is not checked for errors before assigning it, aka CID-2e90ca68b0d2.(CVE-2020-9383)\n\n - An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code.(CVE-2019-14895)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.(CVE-2019-15239)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before 5.0.8 allows Information Exposure (partial kernel address disclosure), leading to a KASLR bypass.\n Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols (e.g., UDP and ICMP). When such traffic is sent to multiple destination IP addresses, it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). This key contains enough bits from a kernel address (of a static variable) so when the key is extracted (via enumeration), the offset of the kernel image is exposed. This attack can be carried out remotely, by the attacker forcing the target device to send UDP or ICMP (or certain other) traffic to attacker-controlled IP addresses. Forcing a server to send UDP traffic is trivial if the server is a DNS server. ICMP traffic is trivial if the server answers ICMP Echo requests (ping). For client targets, if the target visits the attacker's web page, then WebRTC or gQUIC can be used to force UDP traffic to attacker-controlled IP addresses. NOTE: this attack against KASLR became viable in 4.1 because IP ID generation was changed to have a dependency on an address associated with a network namespace.(CVE-2019-10639)\n\n - The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls.\n This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)\n\n - A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.(CVE-2019-19060)\n\n - An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.(CVE-2019-15927)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.(CVE-2019-16746)\n\n - The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)\n\n - Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)\n\n - The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation(CVE-2019-18675)\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-14815)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka 'KNOB') that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.(CVE-2019-9506)\n\n - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.(CVE-2019-19074)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-01-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8181", "CVE-2018-14625", "CVE-2018-9363", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10142", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-1125", "CVE-2019-11486", "CVE-2019-11599", "CVE-2019-12818", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14896", "CVE-2019-14901", "CVE-2019-15099", "CVE-2019-15239", "CVE-2019-15292", "CVE-2019-15505", "CVE-2019-15917", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16413", "CVE-2019-16746", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18675", "CVE-2019-19060", "CVE-2019-19074", "CVE-2019-19078", "CVE-2019-19768", "CVE-2019-20636", "CVE-2019-3846", "CVE-2019-9500", "CVE-2019-9503", "CVE-2019-9506", "CVE-2020-0009", "CVE-2020-10732", "CVE-2020-10751", "CVE-2020-10757", "CVE-2020-10942", "CVE-2020-11608", "CVE-2020-11609", "CVE-2020-11668", "CVE-2020-12654", "CVE-2020-13974", "CVE-2020-15393", "CVE-2020-16166", "CVE-2020-24394", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25643", "CVE-2020-7053", "CVE-2020-9383"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-1056.NASL", "href": "https://www.tenable.com/plugins/nessus/144831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144831);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\n \"CVE-2014-8181\",\n \"CVE-2018-14625\",\n \"CVE-2018-9363\",\n \"CVE-2019-0136\",\n \"CVE-2019-10126\",\n \"CVE-2019-10142\",\n \"CVE-2019-10639\",\n \"CVE-2019-11085\",\n \"CVE-2019-1125\",\n \"CVE-2019-11486\",\n \"CVE-2019-11599\",\n \"CVE-2019-12818\",\n \"CVE-2019-14814\",\n \"CVE-2019-14815\",\n \"CVE-2019-14816\",\n \"CVE-2019-14895\",\n \"CVE-2019-14896\",\n \"CVE-2019-14901\",\n \"CVE-2019-15099\",\n \"CVE-2019-15239\",\n \"CVE-2019-15292\",\n \"CVE-2019-15505\",\n \"CVE-2019-15917\",\n \"CVE-2019-15926\",\n \"CVE-2019-15927\",\n \"CVE-2019-16413\",\n \"CVE-2019-16746\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18675\",\n \"CVE-2019-19060\",\n \"CVE-2019-19074\",\n \"CVE-2019-19078\",\n \"CVE-2019-19768\",\n \"CVE-2019-20636\",\n \"CVE-2019-3846\",\n \"CVE-2019-9500\",\n \"CVE-2019-9503\",\n \"CVE-2019-9506\",\n \"CVE-2020-0009\",\n \"CVE-2020-10732\",\n \"CVE-2020-10751\",\n \"CVE-2020-10757\",\n \"CVE-2020-10942\",\n \"CVE-2020-11608\",\n \"CVE-2020-11609\",\n \"CVE-2020-11668\",\n \"CVE-2020-12654\",\n \"CVE-2020-13974\",\n \"CVE-2020-15393\",\n \"CVE-2020-16166\",\n \"CVE-2020-24394\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25643\",\n \"CVE-2020-7053\",\n \"CVE-2020-9383\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : kernel (EulerOS-SA-2021-1056)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw that allowed an attacker to corrupt memory and\n possibly escalate privileges was found in the mwifiex\n kernel module while connecting to a malicious wireless\n network(CVE-2019-3846)\n\n - An issue was discovered in the Linux kernel before\n 5.6.1. drivers/media/usb/gspca/ov519.c allows NULL\n pointer dereferences in ov511_mode_init_regs and\n ov518_mode_init_regs when there are zero\n endpoints(CVE-2020-11608)\n\n - In the Linux kernel before 5.5.8, get_raw_socket in\n drivers/vhost/net.c lacks validation of an sk_family\n field, which might allow attackers to trigger kernel\n stack corruption via crafted system\n calls.(CVE-2020-10942)\n\n - An issue was discovered in the stv06xx subsystem in the\n Linux kernel before 5.6.1.\n drivers/media/usb/gspca/stv06xx/stv06xx.c and\n drivers/media/usb/gspca/stv06xx/stv06xx_pb0100.c\n mishandle invalid descriptors, as demonstrated by a\n NULL pointer dereference, aka\n CID-485b06aadb93.(CVE-2020-11609)\n\n - An out-of-bounds write flaw was found in the Linux\n kernel. A crafted keycode table could be used by\n drivers/input/input.c to perform the out-of-bounds\n write. A local user with root access can insert garbage\n to this keycode table that can lead to out-of-bounds\n memory access. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2019-20636)\n\n - The kernel in Red Hat Enterprise Linux 7 and MRG-2 does\n not clear garbage data for SG_IO buffer, which may\n leaking sensitive information to\n userspace.(CVE-2014-8181)\n\n - A flaw was found in the Linux kernels SELinux LSM hook\n implementation before version 5.7, where it incorrectly\n assumed that an skb would only contain a single netlink\n message. The hook would incorrectly only validate the\n first netlink message in the skb and allow or deny the\n rest of the messages within the skb with the granted\n permission without further processing.(CVE-2020-10751)\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information\n Disclosure Vulnerability'.(CVE-2019-1125)\n\n - A memory leak in the ath10k_usb_hif_tx_sg() function in\n drivers/net/wireless/ath/ath10k/usb.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n usb_submit_urb() failures, aka\n CID-b8d17e7d93d2.(CVE-2019-19078)\n\n - A flaw was found in the Linux kernel's implementation\n of Userspace core dumps. This flaw allows an attacker\n with a local account to crash a trivial program and\n exfiltrate private kernel data.(CVE-2020-10732)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the\n NFS server) can set incorrect permissions on new\n filesystem objects when the filesystem lacks ACL\n support, aka CID-22cf8419f131. This occurs because the\n current umask is not considered.(CVE-2020-24394)\n\n - The Linux kernel through 5.7.11 allows remote attackers\n to make observations that help to obtain sensitive\n information about the internal state of the network\n RNG, aka CID-f227e3ec3b5c. This is related to\n drivers/char/random.c and\n kernel/time/timer.c.(CVE-2020-16166)\n\n - In the Linux kernel through 5.8.7, local attackers able\n to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering\n use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in\n net/netfilter/nf_conntrack_netlink.c, aka\n CID-1cc5ef91d2ff.(CVE-2020-25211)\n\n - In calc_vm_may_flags of ashmem.c, there is a possible\n arbitrary write to shared memory due to a permissions\n bypass. This could lead to local escalation of\n privilege by corrupting memory shared between\n processes, with no additional execution privileges\n needed. User interaction is not needed for\n exploitation. Product: Android Versions: Android kernel\n Android ID: A-142938932(CVE-2020-0009)\n\n - In the Linux kernel through 5.7.6, usbtest_disconnect\n in drivers/usb/misc/usbtest.c has a memory leak, aka\n CID-28ebeb8db770.(CVE-2020-15393)\n\n - In the Linux kernel before 5.6.1,\n drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink\n camera USB driver) mishandles invalid descriptors, aka\n CID-a246b4d54770.(CVE-2020-11668)\n\n - An issue was found in Linux kernel before 5.5.4.\n mwifiex_ret_wmm_get_status() in\n drivers/net/wireless/marvell/mwifiex/wmm.c allows a\n remote AP to trigger a heap-based buffer overflow\n because of an incorrect memcpy, aka\n CID-3a9b153c5591.(CVE-2020-12654)\n\n - An issue was discovered in the Linux kernel through\n 5.7.1. drivers/tty/vt/keyboard.c has an integer\n overflow if k_ascii is called several times in a row,\n aka CID-b86dab054059. NOTE: Members in the community\n argue that the integer overflow does not lead to a\n security issue in this case.(CVE-2020-13974)\n\n - Insufficient input validation in Kernel Mode Driver in\n Intel(R) i915 Graphics for Linux before version 5.0 may\n allow an authenticated user to potentially enable\n escalation of privilege via local\n access.(CVE-2019-11085)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel.(CVE-2018-9363)\n\n - A flaw was found in the way mremap handled DAX Huge\n Pages. This flaw allows a local attacker with access to\n a DAX enabled storage to escalate their privileges on\n the system.(CVE-2020-10757)\n\n - A flaw was found in the Linux kernel. A heap based\n buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead\n to memory corruption and possibly other\n consequences.(CVE-2019-10126)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - A TOCTOU mismatch in the NFS client code in the Linux\n kernel before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/nfs/nfs4proc.c\n instead of fs/nfs/nfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)\n\n - In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the\n NFS server) can set incorrect permissions on new\n filesystem objects when the filesystem lacks ACL\n support, aka CID-22cf8419f131. This occurs because the\n current umask is not considered.(CVE-2020-24394)\n\n - A heap overflow flaw was found in the Linux kernel, all\n versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi\n chip driver. The vulnerability allows a remote attacker\n to cause a system crash, resulting in a denial of\n service, or execute arbitrary code. The highest threat\n with this vulnerability is with the availability of the\n system. If code execution occurs, the code will run\n with the permissions of root. This will affect both\n confidentiality and integrity of files on the\n system.(CVE-2019-14901)\n\n - A heap-based buffer overflow vulnerability was found in\n the Linux kernel, version kernel-2.6.32, in Marvell\n WiFi chip driver. A remote attacker could cause a\n denial of service (system crash) or, possibly execute\n arbitrary code, when the lbs_ibss_join_existing\n function is called after a STA connects to an\n AP.(CVE-2019-14896)\n\n - rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer overflow.(CVE-2019-17666)\n\n - The Broadcom brcmfmac WiFi driver prior to commit\n a4176ec356c73a46c07c181c6d04039fafa34a9f is vulnerable\n to a frame validation bypass. If the brcmfmac driver\n receives a firmware event frame from a remote source,\n the is_wlc_event_frame function will cause this frame\n to be discarded and unprocessed. If the driver receives\n the firmware event frame from the host, the appropriate\n handler is called. This frame validation can be\n bypassed if the bus used is USB (for instance by a wifi\n dongle). This can allow firmware event frames from a\n remote source to be processed. In the worst case\n scenario, by sending specially-crafted WiFi packets, a\n remote, unauthenticated attacker may be able to execute\n arbitrary code on a vulnerable system. More typically,\n this vulnerability will result in denial-of-service\n conditions.(CVE-2019-9503)\n\n - An issue was discovered in the Linux kernel before\n 5.0.4. The 9p filesystem did not protect i_size_write()\n properly, which causes an i_size_read() infinite loop\n and denial of service on SMP systems.(CVE-2019-16413)\n\n - An issue was discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance.(CVE-2019-17075)\n\n - drivers/net/wireless/ath/ath10k/usb.c in the Linux\n kernel through 5.2.8 has a NULL pointer dereference via\n an incomplete address in an endpoint\n descriptor.(CVE-2019-15099)\n\n - A flaw was found in the Linux kernel's freescale\n hypervisor manager implementation, kernel versions\n 5.0.x up to, excluding 5.0.17. A parameter passed to an\n ioctl was incorrectly validated and used in size\n calculations for the page size calculation. An attacker\n can use this flaw to crash the system, corrupt memory,\n or create other adverse security\n affects.(CVE-2019-10142)\n\n - The Broadcom brcmfmac WiFi driver prior to commit\n 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable\n to a heap buffer overflow. If the Wake-up on Wireless\n LAN functionality is configured, a malicious event\n frame can be constructed to trigger an heap buffer\n overflow in the brcmf_wowl_nd_results function. This\n vulnerability can be exploited with compromised\n chipsets to compromise the host, or when used in\n combination with CVE-2019-9503, can be used remotely.\n In the worst case scenario, by sending\n specially-crafted WiFi packets, a remote,\n unauthenticated attacker may be able to execute\n arbitrary code on a vulnerable system. More typically,\n this vulnerability will result in denial-of-service\n conditions.(CVE-2019-9500)\n\n - In the Linux kernel 4.14 longterm through 4.14.165 and\n 4.19 longterm through 4.19.96 (and 5.x before 5.2),\n there is a use-after-free (write) in the\n i915_ppgtt_close function in\n drivers/gpu/drm/i915/i915_gem_gtt.c, aka\n CID-7dc40713618c. This is related to\n i915_gem_context_destroy_ioctl in\n drivers/gpu/drm/i915/i915_gem_context.c.(CVE-2020-7053)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to\n kernel-memory from within a vm guest. A race condition\n between connect() and close() function may allow an\n attacker using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other\n clients.(CVE-2018-14625)\n\n - An issue was discovered in the Linux kernel before\n 5.0.5. There is a use-after-free issue when\n hci_uart_register_dev() fails in hci_uart_set_proto()\n in drivers/bluetooth/hci_ldisc.c.(CVE-2019-15917)\n\n - An issue was discovered in the Linux kernel before\n 4.20.15. The nfc_llcp_build_tlv function in\n net/nfc/llcp_commands.c may return NULL. If the caller\n does not check for this, it will trigger a NULL pointer\n dereference. This will cause denial of service. This\n affects nfc_llcp_build_gb in\n net/nfc/llcp_core.c.(CVE-2019-12818)\n\n - There is heap-based buffer overflow in kernel, all\n versions up to, excluding 5.3, in the marvell wifi chip\n driver in Linux kernel, that allows local users to\n cause a denial of service(system crash) or possibly\n execute arbitrary code.(CVE-2019-14816)\n\n - drivers/media/usb/dvb-usb/technisat-usb2.c in the Linux\n kernel through 5.2.9 has an out-of-bounds read via\n crafted USB device traffic (which may be remote via\n usbip or usbredir).(CVE-2019-15505)\n\n - There is heap-based buffer overflow in Linux kernel,\n all versions up to, excluding 5.3, in the marvell wifi\n chip driver in Linux kernel, that allows local users to\n cause a denial of service(system crash) or possibly\n execute arbitrary code.(CVE-2019-14814)\n\n - In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow.(CVE-2019-17133)\n\n - An issue was discovered in the Linux kernel before\n 5.2.3. Out of bounds access exists in the functions\n ath6kl_wmi_pstream_timeout_event_rx and\n ath6kl_wmi_cac_event_rx in the file\n drivers/net/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)\n\n - In the Linux kernel 5.4.0-rc2, there is a\n use-after-free (read) in the __blk_add_trace function\n in kernel/trace/blktrace.c (which is used to fill out a\n blk_io_trace structure and place it in a per-cpu\n sub-buffer).(CVE-2019-19768)\n\n - An issue was discovered in the Linux kernel through\n 5.5.6. set_fdc in drivers/block/floppy.c leads to a\n wait_til_ready out-of-bounds read because the FDC index\n is not checked for errors before assigning it, aka\n CID-2e90ca68b0d2.(CVE-2020-9383)\n\n - An issue was discovered in the Linux kernel before\n 5.0.9. There is a use-after-free in atalk_proc_exit,\n related to net/appletalk/atalk_proc.c,\n net/appletalk/ddp.c, and\n net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)\n\n - A heap-based buffer overflow was discovered in the\n Linux kernel, all versions 3.x.x and 4.x.x before\n 4.18.0, in Marvell WiFi chip driver. The flaw could\n occur when the station attempts a connection\n negotiation during the handling of the remote devices\n country settings. This could allow the remote device to\n cause a denial of service (system crash) or possibly\n execute arbitrary code.(CVE-2019-14895)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c\n change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm\n kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was\n intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and\n re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel\n crash, or potentially in privilege\n escalation.(CVE-2019-15239)\n\n - The Linux kernel 4.x (starting from 4.1) and 5.x before\n 5.0.8 allows Information Exposure (partial kernel\n address disclosure), leading to a KASLR bypass.\n Specifically, it is possible to extract the KASLR\n kernel image offset using the IP ID values the kernel\n produces for connection-less protocols (e.g., UDP and\n ICMP). When such traffic is sent to multiple\n destination IP addresses, it is possible to obtain hash\n collisions (of indices to the counter array) and\n thereby obtain the hashing key (via enumeration). This\n key contains enough bits from a kernel address (of a\n static variable) so when the key is extracted (via\n enumeration), the offset of the kernel image is\n exposed. This attack can be carried out remotely, by\n the attacker forcing the target device to send UDP or\n ICMP (or certain other) traffic to attacker-controlled\n IP addresses. Forcing a server to send UDP traffic is\n trivial if the server is a DNS server. ICMP traffic is\n trivial if the server answers ICMP Echo requests\n (ping). For client targets, if the target visits the\n attacker's web page, then WebRTC or gQUIC can be used\n to force UDP traffic to attacker-controlled IP\n addresses. NOTE: this attack against KASLR became\n viable in 4.1 because IP ID generation was changed to\n have a dependency on an address associated with a\n network namespace.(CVE-2019-10639)\n\n - The coredump implementation in the Linux kernel before\n 5.0.10 does not use locking or other mechanisms to\n prevent vma layout or vma flags changes while it runs,\n which allows local users to obtain sensitive\n information, cause a denial of service, or possibly\n have unspecified other impact by triggering a race\n condition with mmget_not_zero or get_task_mm calls.\n This is related to fs/userfaultfd.c, mm/mmap.c,\n fs/proc/task_mmu.c, and\n drivers/infiniband/core/uverbs_main.c.(CVE-2019-11599)\n\n - A memory leak in the adis_update_scan_mode() function\n in drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-ab612b1daf41.(CVE-2019-19060)\n\n - An issue was discovered in the Linux kernel before\n 4.20.2. An out-of-bounds access exists in the function\n build_audio_procunit in the file\n sound/usb/mixer.c.(CVE-2019-15927)\n\n - An issue was discovered in net/wireless/nl80211.c in\n the Linux kernel through 5.2.17. It does not check the\n length of variable elements in a beacon head, leading\n to a buffer overflow.(CVE-2019-16746)\n\n - The Siemens R3964 line discipline driver in\n drivers/tty/n_r3964.c in the Linux kernel before 5.0.8\n has multiple race conditions.(CVE-2019-11486)\n\n - Insufficient access control in the Intel(R)\n PROSet/Wireless WiFi Software driver before version\n 21.10 may allow an unauthenticated user to potentially\n enable denial of service via adjacent\n access.(CVE-2019-0136)\n\n - The Linux kernel through 5.3.13 has a start_offset+size\n Integer Overflow in cpia2_remap_buffer in\n drivers/media/usb/cpia2/cpia2_core.c because cpia2 has\n its own mmap implementation. This allows local users\n (with /dev/video0 access) to obtain read and write\n permissions on kernel physical pages, which can\n possibly result in a privilege\n escalation(CVE-2019-18675)\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-14815)\n\n - The Bluetooth BR/EDR specification up to and including\n version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from\n influencing the key length negotiation. This allows\n practical brute-force attacks (aka 'KNOB') that can\n decrypt traffic and inject arbitrary ciphertext without\n the victim noticing.(CVE-2019-9506)\n\n - A memory leak in the ath9k_wmi_cmd() function in\n drivers/net/wireless/ath/ath9k/wmi.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption), aka\n CID-728c1e2a05e4.(CVE-2019-19074)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1056\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60a1ca93\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_81\",\n \"kernel-devel-3.10.0-862.14.1.6_81\",\n \"kernel-headers-3.10.0-862.14.1.6_81\",\n \"kernel-tools-3.10.0-862.14.1.6_81\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_81\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:58:07", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2018-13093, CVE-2018-13094\n\nWen Xu from SSLab at Gatech reported several NULL pointer dereference flaws that may be triggered when mounting and operating a crafted XFS volume. An attacker able to mount arbitrary XFS volumes could use this to cause a denial of service (crash).\n\nCVE-2018-20976\n\nIt was discovered that the XFS file-system implementation did not correctly handle some mount failure conditions, which could lead to a use-after-free. The security impact of this is unclear.\n\nCVE-2018-21008\n\nIt was discovered that the rsi wifi driver did not correctly handle some failure conditions, which could lead to a use-after- free. The security impact of this is unclear.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did not properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi connectivity).\n\nCVE-2019-2215\n\nThe syzkaller tool discovered a use-after-free vulnerability in the Android binder driver. A local user on a system with this driver enabled could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. However, this driver is not enabled on Debian packaged kernels.\n\nCVE-2019-10220\n\nVarious developers and researchers found that if a crafted file- system or malicious file server presented a directory with filenames including a '/' character, this could confuse and possibly defeat security checks in applications that read the directory.\n\nThe kernel will now return an error when reading such a directory, rather than passing the invalid filenames on to user-space.\n\nCVE-2019-14615\n\nIt was discovered that Intel 9th and 10th generation GPUs did not clear user-visible state during a context switch, which resulted in information leaks between GPU tasks. This has been mitigated in the i915 driver.\n\nThe affected chips (gen9 and gen10) are listed at <https://en.wikipedia.org/wiki/List_of_Intel_graphics_proces sing_units#Gen9>.\n\nCVE-2019-14814, CVE-2019-14815, CVE-2019-14816\n\nMultiple bugs were discovered in the mwifiex wifi driver, which could lead to heap buffer overflows. A local user permitted to configure a device handled by this driver could probably use this for privilege escalation.\n\nCVE-2019-14895, CVE-2019-14901\n\nADLab of Venustech discovered potential heap buffer overflows in the mwifiex wifi driver. On systems using this driver, a malicious Wireless Access Point or adhoc/P2P peer could use these to cause a denial of service (memory corruption or crash) or possibly for remote code execution.\n\nCVE-2019-14896, CVE-2019-14897\n\nADLab of Venustech discovered potential heap and stack buffer overflows in the libertas wifi driver. On systems using this driver, a malicious Wireless Access Point or adhoc/P2P peer could use these to cause a denial of service (memory corruption or crash) or possibly for remote code execution.\n\nCVE-2019-15098\n\nHui Peng and Mathias Payer reported that the ath6kl wifi driver did not properly validate USB descriptors, which could lead to a NULL pointer derefernce. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15217\n\nThe syzkaller tool discovered that the zr364xx mdia driver did not correctly handle devices without a product name string, which could lead to a NULL pointer dereference. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15291\n\nThe syzkaller tool discovered that the b2c2-flexcop-usb media driver did not properly validate USB descriptors, which could lead to a NULL pointer dereference. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15505\n\nThe syzkaller tool discovered that the technisat-usb2 media driver did not properly validate incoming IR packets, which could lead to a heap buffer over-read. An attacker able to add USB devices could use this to cause a denial of service (BUG/oops) or to read sensitive information from kernel memory.\n\nCVE-2019-15917\n\nThe syzkaller tool found a race condition in code supporting UART-attached Bluetooth adapters, which could lead to a use- after-free. A local user with access to a pty device or other suitable tty device could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-16746\n\nIt was discovered that the wifi stack did not validate the content of beacon heads provided by user-space for use on a wifi interface in Access Point mode, which could lead to a heap buffer overflow. A local user permitted to configure a wifi interface could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055, CVE-2019-17056\n\nOri Nimron reported that various network protocol implementations\n\n - AX.25, IEEE 802.15.4, Appletalk, ISDN, and NFC - allowed all users to create raw sockets. A local user could use this to send arbitrary packets on networks using those protocols.\n\nCVE-2019-17075\n\nIt was found that the cxgb4 Infiniband driver requested DMA (Direct Memory Access) to a stack-allocated buffer, which is not supported and on some systems can result in memory corruption of the stack. A local user might be able to use this for denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-17133\n\nNicholas Waisman reported that the wifi stack did not valdiate received SSID information before copying it, which could lead to a buffer overflow if it is not validated by the driver or firmware. A malicious Wireless Access Point might be able to use this to cause a denial of service (memory corruption or crash) or for remote code execution.\n\nCVE-2019-17666\n\nNicholas Waisman reported that the rtlwifi wifi drivers did not properly validate received P2P information, leading to a buffer overflow. A malicious P2P peer could use this to cause a denial of service (memory corruption or crash) or for remote code execution.\n\nCVE-2019-18282\n\nJonathan Berger, Amit Klein, and Benny Pinkas discovered that the generation of UDP/IPv6 flow labels used a weak hash function, 'jhash'.\nThis could enable tracking individual computers as they communicate with different remote servers and from different networks. The 'siphash' function is now used instead.\n\nCVE-2019-18683\n\nMultiple race conditions were discovered in the vivid media driver, used for testing Video4Linux2 (V4L2) applications, These race conditions could result in a use-after-free. On a system where this driver is loaded, a user with permission to access media devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-18809\n\nNavid Emamdoost discovered a potential memory leak in the af9005 media driver if the device fails to respond to a command. The security impact of this is unclear.\n\nCVE-2019-19037\n\nIt was discovered that the ext4 filesystem driver did not correctly handle directories with holes (unallocated regions) in them. An attacker able to mount arbitrary ext4 volumes could use this to cause a denial of service (crash).\n\nCVE-2019-19051\n\nNavid Emamdoost discovered a potential memory leak in the i2400m wimax driver if the software rfkill operation fails. The security impact of this is unclear.\n\nCVE-2019-19052\n\nNavid Emamdoost discovered a potential memory leak in the gs_usb CAN driver if the open (interface-up) operation fails. The security impact of this is unclear.\n\nCVE-2019-19056, CVE-2019-19057\n\nNavid Emamdoost discovered potential memory leaks in the mwifiex wifi driver if the probe operation fails. The security impact of this is unclear.\n\nCVE-2019-19062\n\nNavid Emamdoost discovered a potential memory leak in the AF_ALG subsystem if the CRYPTO_MSG_GETALG operation fails. A local user could possibly use this to cause a denial of service (memory exhaustion).\n\nCVE-2019-19066\n\nNavid Emamdoost discovered a potential memory leak in the bfa SCSI driver if the get_fc_host_stats operation fails. The security impact of this is unclear.\n\nCVE-2019-19068\n\nNavid Emamdoost discovered a potential memory leak in the rtl8xxxu wifi driver, in case it fails to submit an interrupt buffer to the device. The security impact of this is unclear.\n\nCVE-2019-19227\n\nDan Carpenter reported missing error checks in the Appletalk protocol implementation that could lead to a NULL pointer dereference. The security impact of this is unclear.\n\nCVE-2019-19332\n\nThe syzkaller tool discovered a missing bounds check in the KVM implementation for x86, which could lead to a heap buffer overflow. A local user permitted to use KVM could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19447\n\nIt was discovered that the ext4 filesystem driver did not safely handle unlinking of an inode that, due to filesystem corruption, already has a link count of 0. An attacker able to mount arbitrary ext4 volumes could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19523\n\nThe syzkaller tool discovered a use-after-free bug in the adutux USB driver. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19524\n\nThe syzkaller tool discovered a race condition in the ff-memless library used by input drivers. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19525\n\nThe syzkaller tool discovered a use-after-free bug in the atusb driver for IEEE 802.15.4 networking. An attacker able to add and remove USB devices could possibly use this to cause a denial of service (memory corruption or crash) or for privilege escalation.\n\nCVE-2019-19527\n\nThe syzkaller tool discovered that the hiddev driver did not correctly handle races between a task opening the device and disconnection of the underlying hardware. A local user permitted to access hiddev devices, and able to add and remove USB devices, could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19530\n\nThe syzkaller tool discovered a potential use-after-free in the cdc-acm network driver. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19531\n\nThe syzkaller tool discovered a use-after-free bug in the yurex USB driver. An attacker able to add and remove USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19532\n\nThe syzkaller tool discovered a potential heap buffer overflow in the hid-gaff input driver, which was also found to exist in many other input drivers. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19533\n\nThe syzkaller tool discovered that the ttusb-dec media driver was missing initialisation of a structure, which could leak sensitive information from kernel memory.\n\nCVE-2019-19534, CVE-2019-19535, CVE-2019-19536\n\nThe syzkaller tool discovered that the peak_usb CAN driver was missing initialisation of some structures, which could leak sensitive information from kernel memory.\n\nCVE-2019-19537\n\nThe syzkaller tool discovered race conditions in the USB stack, involving character device registration. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19767\n\nThe syzkaller tool discovered that crafted ext4 volumes could trigger a buffer overflow in the ext4 filesystem driver. An attacker able to mount such a volume could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19947\n\nIt was discovered that the kvaser_usb CAN driver was missing initialisation of some structures, which could leak sensitive information from kernel memory.\n\nCVE-2019-19965\n\nGao Chuan reported a race condition in the libsas library used by SCSI host drivers, which could lead to a NULL pointer dereference. An attacker able to add and remove SCSI devices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-20096\n\nThe Hulk Robot tool discovered a potential memory leak in the DCCP protocol implementation. This may be exploitable by local users, or by remote attackers if the system uses DCCP, to cause a denial of service (out of memory).\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.210-1~deb8u1. This update additionally fixes Debian bugs #869511 and 945023; and includes many more bug fixes from stable updates 4.9.190-4.9.210 inclusive.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-03-06T00:00:00", "type": "nessus", "title": "Debian DLA-2114-1 : linux-4.9 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13093", "CVE-2018-13094", "CVE-2018-20976", "CVE-2018-21008", "CVE-2019-0136", "CVE-2019-10220", "CVE-2019-14615", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14895", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-14901", "CVE-2019-15098", "CVE-2019-15217", "CVE-2019-15291", "CVE-2019-15505", "CVE-2019-15917", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18282", "CVE-2019-18683", "CVE-2019-18809", "CVE-2019-19037", "CVE-2019-19051", "CVE-2019-19052", "CVE-2019-19056", "CVE-2019-19057", "CVE-2019-19062", "CVE-2019-19066", "CVE-2019-19068", "CVE-2019-19227", "CVE-2019-19332", "CVE-2019-19447", "CVE-2019-19523", "CVE-2019-19524", "CVE-2019-19525", "CVE-2019-19527", "CVE-2019-19530", "CVE-2019-19531", "CVE-2019-19532", "CVE-2019-19533", "CVE-2019-19534", "CVE-2019-19535", "CVE-2019-19536", "CVE-2019-19537", "CVE-2019-19767", "CVE-2019-19947", "CVE-2019-19965", "CVE-2019-20096", "CVE-2019-2215"], "modified": "2021-11-30T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2114.NASL", "href": "https://www.tenable.com/plugins/nessus/134240", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2114-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(134240);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-20976\", \"CVE-2018-21008\", \"CVE-2019-0136\", \"CVE-2019-10220\", \"CVE-2019-14615\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-14895\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-14901\", \"CVE-2019-15098\", \"CVE-2019-15217\", \"CVE-2019-15291\", \"CVE-2019-15505\", \"CVE-2019-15917\", \"CVE-2019-16746\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-18282\", \"CVE-2019-18683\", \"CVE-2019-18809\", \"CVE-2019-19037\", \"CVE-2019-19051\", \"CVE-2019-19052\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19062\", \"CVE-2019-19066\", \"CVE-2019-19068\", \"CVE-2019-19227\", \"CVE-2019-19332\", \"CVE-2019-19447\", \"CVE-2019-19523\", \"CVE-2019-19524\", \"CVE-2019-19525\", \"CVE-2019-19527\", \"CVE-2019-19530\", \"CVE-2019-19531\", \"CVE-2019-19532\", \"CVE-2019-19533\", \"CVE-2019-19534\", \"CVE-2019-19535\", \"CVE-2019-19536\", \"CVE-2019-19537\", \"CVE-2019-19767\", \"CVE-2019-19947\", \"CVE-2019-19965\", \"CVE-2019-20096\", \"CVE-2019-2215\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Debian DLA-2114-1 : linux-4.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-13093, CVE-2018-13094\n\nWen Xu from SSLab at Gatech reported several NULL pointer dereference\nflaws that may be triggered when mounting and operating a crafted XFS\nvolume. An attacker able to mount arbitrary XFS volumes could use this\nto cause a denial of service (crash).\n\nCVE-2018-20976\n\nIt was discovered that the XFS file-system implementation did not\ncorrectly handle some mount failure conditions, which could lead to a\nuse-after-free. The security impact of this is unclear.\n\nCVE-2018-21008\n\nIt was discovered that the rsi wifi driver did not correctly handle\nsome failure conditions, which could lead to a use-after- free. The\nsecurity impact of this is unclear.\n\nCVE-2019-0136\n\nIt was discovered that the wifi soft-MAC implementation (mac80211) did\nnot properly authenticate Tunneled Direct Link Setup (TDLS) messages.\nA nearby attacker could use this for denial of service (loss of wifi\nconnectivity).\n\nCVE-2019-2215\n\nThe syzkaller tool discovered a use-after-free vulnerability in the\nAndroid binder driver. A local user on a system with this driver\nenabled could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation. However, this driver\nis not enabled on Debian packaged kernels.\n\nCVE-2019-10220\n\nVarious developers and researchers found that if a crafted file-\nsystem or malicious file server presented a directory with filenames\nincluding a '/' character, this could confuse and possibly defeat\nsecurity checks in applications that read the directory.\n\nThe kernel will now return an error when reading such a\ndirectory, rather than passing the invalid filenames on to\nuser-space.\n\nCVE-2019-14615\n\nIt was discovered that Intel 9th and 10th generation GPUs did not\nclear user-visible state during a context switch, which resulted in\ninformation leaks between GPU tasks. This has been mitigated in the\ni915 driver.\n\nThe affected chips (gen9 and gen10) are listed at\n<https://en.wikipedia.org/wiki/List_of_Intel_graphics_proces\nsing_units#Gen9>.\n\nCVE-2019-14814, CVE-2019-14815, CVE-2019-14816\n\nMultiple bugs were discovered in the mwifiex wifi driver, which could\nlead to heap buffer overflows. A local user permitted to configure a\ndevice handled by this driver could probably use this for privilege\nescalation.\n\nCVE-2019-14895, CVE-2019-14901\n\nADLab of Venustech discovered potential heap buffer overflows in the\nmwifiex wifi driver. On systems using this driver, a malicious\nWireless Access Point or adhoc/P2P peer could use these to cause a\ndenial of service (memory corruption or crash) or possibly for remote\ncode execution.\n\nCVE-2019-14896, CVE-2019-14897\n\nADLab of Venustech discovered potential heap and stack buffer\noverflows in the libertas wifi driver. On systems using this driver, a\nmalicious Wireless Access Point or adhoc/P2P peer could use these to\ncause a denial of service (memory corruption or crash) or possibly for\nremote code execution.\n\nCVE-2019-15098\n\nHui Peng and Mathias Payer reported that the ath6kl wifi driver did\nnot properly validate USB descriptors, which could lead to a NULL pointer derefernce. An attacker able to add USB devices could use this\nto cause a denial of service (BUG/oops).\n\nCVE-2019-15217\n\nThe syzkaller tool discovered that the zr364xx mdia driver did not\ncorrectly handle devices without a product name string, which could\nlead to a NULL pointer dereference. An attacker able to add USB\ndevices could use this to cause a denial of service (BUG/oops).\n\nCVE-2019-15291\n\nThe syzkaller tool discovered that the b2c2-flexcop-usb media driver\ndid not properly validate USB descriptors, which could lead to a NULL pointer dereference. An attacker able to add USB devices could use\nthis to cause a denial of service (BUG/oops).\n\nCVE-2019-15505\n\nThe syzkaller tool discovered that the technisat-usb2 media driver did\nnot properly validate incoming IR packets, which could lead to a heap\nbuffer over-read. An attacker able to add USB devices could use this\nto cause a denial of service (BUG/oops) or to read sensitive\ninformation from kernel memory.\n\nCVE-2019-15917\n\nThe syzkaller tool found a race condition in code supporting\nUART-attached Bluetooth adapters, which could lead to a use-\nafter-free. A local user with access to a pty device or other suitable\ntty device could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-16746\n\nIt was discovered that the wifi stack did not validate the content of\nbeacon heads provided by user-space for use on a wifi interface in\nAccess Point mode, which could lead to a heap buffer overflow. A local\nuser permitted to configure a wifi interface could use this to cause a\ndenial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-17052, CVE-2019-17053, CVE-2019-17054, CVE-2019-17055,\nCVE-2019-17056\n\nOri Nimron reported that various network protocol implementations\n\n - AX.25, IEEE 802.15.4, Appletalk, ISDN, and NFC - allowed\n all users to create raw sockets. A local user could use\n this to send arbitrary packets on networks using those\n protocols.\n\nCVE-2019-17075\n\nIt was found that the cxgb4 Infiniband driver requested DMA (Direct\nMemory Access) to a stack-allocated buffer, which is not supported and\non some systems can result in memory corruption of the stack. A local\nuser might be able to use this for denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-17133\n\nNicholas Waisman reported that the wifi stack did not valdiate\nreceived SSID information before copying it, which could lead to a\nbuffer overflow if it is not validated by the driver or firmware. A\nmalicious Wireless Access Point might be able to use this to cause a\ndenial of service (memory corruption or crash) or for remote code\nexecution.\n\nCVE-2019-17666\n\nNicholas Waisman reported that the rtlwifi wifi drivers did not\nproperly validate received P2P information, leading to a buffer\noverflow. A malicious P2P peer could use this to cause a denial of\nservice (memory corruption or crash) or for remote code execution.\n\nCVE-2019-18282\n\nJonathan Berger, Amit Klein, and Benny Pinkas discovered that the\ngeneration of UDP/IPv6 flow labels used a weak hash function, 'jhash'.\nThis could enable tracking individual computers as they communicate\nwith different remote servers and from different networks. The\n'siphash' function is now used instead.\n\nCVE-2019-18683\n\nMultiple race conditions were discovered in the vivid media driver,\nused for testing Video4Linux2 (V4L2) applications, These race\nconditions could result in a use-after-free. On a system where this\ndriver is loaded, a user with permission to access media devices could\nuse this to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-18809\n\nNavid Emamdoost discovered a potential memory leak in the af9005 media\ndriver if the device fails to respond to a command. The security\nimpact of this is unclear.\n\nCVE-2019-19037\n\nIt was discovered that the ext4 filesystem driver did not correctly\nhandle directories with holes (unallocated regions) in them. An\nattacker able to mount arbitrary ext4 volumes could use this to cause\na denial of service (crash).\n\nCVE-2019-19051\n\nNavid Emamdoost discovered a potential memory leak in the i2400m wimax\ndriver if the software rfkill operation fails. The security impact of\nthis is unclear.\n\nCVE-2019-19052\n\nNavid Emamdoost discovered a potential memory leak in the gs_usb CAN\ndriver if the open (interface-up) operation fails. The security impact\nof this is unclear.\n\nCVE-2019-19056, CVE-2019-19057\n\nNavid Emamdoost discovered potential memory leaks in the mwifiex wifi\ndriver if the probe operation fails. The security impact of this is\nunclear.\n\nCVE-2019-19062\n\nNavid Emamdoost discovered a potential memory leak in the AF_ALG\nsubsystem if the CRYPTO_MSG_GETALG operation fails. A local user could\npossibly use this to cause a denial of service (memory exhaustion).\n\nCVE-2019-19066\n\nNavid Emamdoost discovered a potential memory leak in the bfa SCSI\ndriver if the get_fc_host_stats operation fails. The security impact\nof this is unclear.\n\nCVE-2019-19068\n\nNavid Emamdoost discovered a potential memory leak in the rtl8xxxu\nwifi driver, in case it fails to submit an interrupt buffer to the\ndevice. The security impact of this is unclear.\n\nCVE-2019-19227\n\nDan Carpenter reported missing error checks in the Appletalk protocol\nimplementation that could lead to a NULL pointer dereference. The\nsecurity impact of this is unclear.\n\nCVE-2019-19332\n\nThe syzkaller tool discovered a missing bounds check in the KVM\nimplementation for x86, which could lead to a heap buffer overflow. A\nlocal user permitted to use KVM could use this to cause a denial of\nservice (memory corruption or crash) or possibly for privilege\nescalation.\n\nCVE-2019-19447\n\nIt was discovered that the ext4 filesystem driver did not safely\nhandle unlinking of an inode that, due to filesystem corruption,\nalready has a link count of 0. An attacker able to mount arbitrary\next4 volumes could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19523\n\nThe syzkaller tool discovered a use-after-free bug in the adutux USB\ndriver. An attacker able to add and remove USB devices could use this\nto cause a denial of service (memory corruption or crash) or possibly\nfor privilege escalation.\n\nCVE-2019-19524\n\nThe syzkaller tool discovered a race condition in the ff-memless\nlibrary used by input drivers. An attacker able to add and remove USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-19525\n\nThe syzkaller tool discovered a use-after-free bug in the atusb driver\nfor IEEE 802.15.4 networking. An attacker able to add and remove USB\ndevices could possibly use this to cause a denial of service (memory\ncorruption or crash) or for privilege escalation.\n\nCVE-2019-19527\n\nThe syzkaller tool discovered that the hiddev driver did not correctly\nhandle races between a task opening the device and disconnection of\nthe underlying hardware. A local user permitted to access hiddev\ndevices, and able to add and remove USB devices, could use this to\ncause a denial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-19530\n\nThe syzkaller tool discovered a potential use-after-free in the\ncdc-acm network driver. An attacker able to add USB devices could use\nthis to cause a denial of service (memory corruption or crash) or\npossibly for privilege escalation.\n\nCVE-2019-19531\n\nThe syzkaller tool discovered a use-after-free bug in the yurex USB\ndriver. An attacker able to add and remove USB devices could use this\nto cause a denial of service (memory corruption or crash) or possibly\nfor privilege escalation.\n\nCVE-2019-19532\n\nThe syzkaller tool discovered a potential heap buffer overflow in the\nhid-gaff input driver, which was also found to exist in many other\ninput drivers. An attacker able to add USB devices could use this to\ncause a denial of service (memory corruption or crash) or possibly for\nprivilege escalation.\n\nCVE-2019-19533\n\nThe syzkaller tool discovered that the ttusb-dec media driver was\nmissing initialisation of a structure, which could leak sensitive\ninformation from kernel memory.\n\nCVE-2019-19534, CVE-2019-19535, CVE-2019-19536\n\nThe syzkaller tool discovered that the peak_usb CAN driver was missing\ninitialisation of some structures, which could leak sensitive\ninformation from kernel memory.\n\nCVE-2019-19537\n\nThe syzkaller tool discovered race conditions in the USB stack,\ninvolving character device registration. An attacker able to add USB\ndevices could use this to cause a denial of service (memory corruption\nor crash) or possibly for privilege escalation.\n\nCVE-2019-19767\n\nThe syzkaller tool discovered that crafted ext4 volumes could trigger\na buffer overflow in the ext4 filesystem driver. An attacker able to\nmount such a volume could use this to cause a denial of service\n(memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-19947\n\nIt was discovered that the kvaser_usb CAN driver was missing\ninitialisation of some structures, which could leak sensitive\ninformation from kernel memory.\n\nCVE-2019-19965\n\nGao Chuan reported a race condition in the libsas library used by SCSI\nhost drivers, which could lead to a NULL pointer dereference. An\nattacker able to add and remove SCSI devices could use this to cause a\ndenial of service (BUG/oops).\n\nCVE-2019-20096\n\nThe Hulk Robot tool discovered a potential memory leak in the DCCP\nprotocol implementation. This may be exploitable by local users, or by\nremote attackers if the system uses DCCP, to cause a denial of service\n(out of memory).\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.210-1~deb8u1. This update additionally fixes Debian bugs #869511\nand 945023; and includes many more bug fixes from stable updates\n4.9.190-4.9.210 inclusive.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n # https://en.wikipedia.org/wiki/List_of_Intel_graphics_processing_units#Gen9\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09b1ea0a\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/03/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Android Binder Use-After-Free Exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.210-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.210-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-03T16:18:49", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):The yam_ioctl function in drivers et/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call.(CVE-2014-1446)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.(CVE-2016-2782)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request.(CVE-2016-4580)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes(CVE-2017-11089)An elevation of privilege vulnerability in the kernel sound timer.\n Product: Android. Versions: Android kernel. Android ID A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions:\n Android kernel. Android ID:\n A-70526974.(CVE-2017-13305)An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.(CVE-2017-14051)The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.(CVE-2017-18232)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing.\n This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.(CVE-2018-10087)The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.(CVE-2018-10124)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.(CVE-2018-10323)The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.(CVE-2018-10675)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically makes the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random.\n For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls.(CVE-2018-12896)An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents.(CVE-2018-17972)An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.(CVE-2018-18710 )An issue was discovered in the Linux kernel before 4.18.11. The ipddp_ioctl function in drivers et/appletalk/ipddp.c allows local users to obtain sensitive kernel address information by leveraging CAP_NET_ADMIN to read the ipddp_route dev and next fields via an SIOCFINDIPDDPRT ioctl call.(CVE-2018-20511)An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled.(CVE-2018-20856)An issue was discovered in fs/xfs/xfs_super.c in the Linux kernel before 4.18. A use after free exists, related to xfs_fs_fill_super failure.(CVE-2018-20976)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a speculative buffer overflow and side-channel analysis.(CVE-2018-3693)In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of llcp_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-73083945.(CVE-2018-9518 )Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)A vulnerability was found in Linux kernel's, versions up to 3.10, implementation of overlayfs. An attacker with local access can create a denial of service situation via NULL pointer dereference in ovl_posix_acl_create function in fs/overlayfs/dir.c. This can allow attackers with ability to create directories on overlayfs to crash the kernel creating a denial of service (DOS).(CVE-2019-10140)A flaw was found in the Linux kernel's freescale hypervisor manager implementation, kernel versions 5.0.x up to, excluding 5.0.17. A parameter passed to an ioctl was incorrectly validated and used in size calculations for the page size calculation. An attacker can use this flaw to crash the system, corrupt memory, or create other adverse security affects.(CVE-2019-10142)An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'.\n This CVE ID is unique from CVE-2019-1071, CVE-2019-1073.(CVE-2019-1125)** DISPUTED ** An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue.(CVE-2019-12378)** DISPUTED ** An issue was discovered in con_insert_unipair in drivers/tty/vt/consolemap.c in the Linux kernel through 5.1.5. There is a memory leak in a certain case of an ENOMEM outcome of kmalloc.\n NOTE: This id is disputed as not being an issue.(CVE-2019-12379)** DISPUTED ** An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL.(CVE-2019-12381)** DISPUTED ** An issue was discovered in the MPT3COMMAND case in _ctl_ioctl_main in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux kernel through 5.1.5. It allows local users to cause a denial of service or possibly have unspecified other impact by changing the value of ioc_number between two kernel reads of that value, aka a 'double fetch' vulnerability. NOTE: a third party reports that this is unexploitable because the doubly fetched value is not used.(CVE-2019-12456)An issue was discovered in the Linux kernel before 4.20.15. The nfc_llcp_build_tlv function in net fc/llcp_commands.c may return NULL. If the caller does not check for this, it will trigger a NULL pointer dereference. This will cause denial of service. This affects nfc_llcp_build_gb in net fc/llcp_core.c.(CVE-2019-12818)In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.(CVE-2019-13631)In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default.(CVE-2019-14283)In the Linux kernel before 5.2.3, drivers/block/floppy.c allows a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted. NOTE: QEMU creates the floppy device by default.(CVE-2019-14284)There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14814)There is heap-based buffer overflow in marvell wifi chip driver in Linux kernel,allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14815)There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.(CVE-2019-14816)An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.(CVE-2019-14821)A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.(CVE-2019-14835)drivers et/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.(CVE-2019-15098)check_input_term in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles recursion, leading to kernel stack exhaustion.(CVE-2019-15118)An issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An issue was discovered in the Linux kernel before 5.2.3.\n There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213)An issue was discovered in the Linux kernel before 5.0.10. There is a use-after-free in the sound subsystem because card disconnection causes certain data structures to be deleted too early.\n This is related to sound/core/init.c and sound/core/info.c.(CVE-2019-15214)An issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216)An issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217)An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/siano/smsusb.c driver.(CVE-2019-15218)An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver.(CVE-2019-15219)An issue was discovered in the Linux kernel before 5.2.1. There is a use-after-free caused by a malicious USB device in the drivers et/wireless/intersil/p54/p54usb.c driver.(CVE-2019-15220)An issue was discovered in the Linux kernel before 5.1.17. There is a NULL pointer dereference caused by a malicious USB device in the sound/usb/line6/pcm.c driver.(CVE-2019-15221)An issue was discovered in the Linux kernel through 5.2.9. There is a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver.(CVE-2019-15291)An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalk_proc_exit, related to net/appletalk/atalk_proc.c, net/appletalk/ddp.c, and net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)driver s/media/usb/dvb-usb/technisat-usb2.c in the Linux kernel through 5.2.9 has an out-of-bounds read via crafted USB device traffic (which may be remote via usbip or usbredir).(CVE-2019-15505)In the Linux kernel before 5.1.13, there is a memory leak in drivers/scsi/libsas/sas_expander.c when SAS expander discovery fails. This will cause a BUG and denial of service.(CVE-2019-15807)An issue was discovered in the Linux kernel before 5.0.1. There is a memory leak in register_queue_kobjects() in net/core et-sysfs.c, which will cause denial of service.(CVE-2019-15916)An issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers et/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue was discovered in the Linux kernel before 4.20.2. An out-of-bounds access exists in the function build_audio_procunit in the file sound/usb/mixer.c.(CVE-2019-15927)drivers et/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16232)An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.(CVE-2019-16413)ax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.(CVE-2019-17052)ieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.(CVE-2019-17053)atalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.(CVE-2019-17054)base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.(CVE-2019-17055)llcp_sock_create in net fc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.(CVE-2019-17056)An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)rtl_p2p_noa_ie in drivers et/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)In uvc_parse_standard_control of uvc_driver.c, there is a possible out-of-bound read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-111760968.(CVE-2019-2101)A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.(CVE-2019-3846)A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.(CVE-2019-3882)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Note:This vulnarability was lead by this commit below:5b435de0d786869c95d1962121af0d7df2542009, EulerOS kernel doesn't contain this commit.(CVE-2019-9503)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-1446", "CVE-2015-1350", "CVE-2015-3332", "CVE-2015-8816", "CVE-2015-9289", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-2384", "CVE-2016-2782", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3689", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4580", "CVE-2016-7425", "CVE-2017-1000379", "CVE-2017-11089", "CVE-2017-13167", "CVE-2017-13216", "CVE-2017-13305", "CVE-2017-14051", "CVE-2017-18232", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2017-7261", "CVE-2017-7472", "CVE-2018-10087", "CVE-2018-10124", "CVE-2018-10322", "CVE-2018-10323", "CVE-2018-10675", "CVE-2018-10880", "CVE-2018-10940", "CVE-2018-12896", "CVE-2018-16658", "CVE-2018-17972", "CVE-2018-18710", "CVE-2018-20511", "CVE-2018-20856", "CVE-2018-20976", "CVE-2018-3693", "CVE-2018-6412", "CVE-2018-9518", "CVE-2019-0136", "CVE-2019-10140", "CVE-2019-10142", "CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125", "CVE-2019-12378", "CVE-2019-12379", "CVE-2019-12381", "CVE-2019-12456", "CVE-2019-12818", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14814", "CVE-2019-14815", "CVE-2019-14816", "CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15098", "CVE-2019-15118", "CVE-2019-15212", "CVE-2019-15213", "CVE-2019-15214", "CVE-2019-15216", "CVE-2019-15217", "CVE-2019-15218", "CVE-2019-15219", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15291", "CVE-2019-15292", "CVE-2019-15505", "CVE-2019-15807", "CVE-2019-15916", "CVE-2019-15926", "CVE-2019-15927", "CVE-2019-16232", "CVE-2019-16413", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-17054", "CVE-2019-17055", "CVE-2019-17056", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-2101", "CVE-2019-3846", "CVE-2019-3882", "CVE-2019-9503"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2353.NASL", "href": "https://www.tenable.com/plugins/nessus/131845", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131845);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2014-1446\",\n \"CVE-2015-1350\",\n \"CVE-2015-3332\",\n \"CVE-2015-8816\",\n \"CVE-2015-9289\",\n \"CVE-2016-2184\",\n \"CVE-2016-2185\",\n \"CVE-2016-2186\",\n \"CVE-2016-2187\",\n \"CVE-2016-2384\",\n \"CVE-2016-2782\",\n \"CVE-2016-3138\",\n \"CVE-2016-3139\",\n \"CVE-2016-3140\",\n \"CVE-2016-3689\",\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-4580\",\n \"CVE-2016-7425\",\n \"CVE-2017-1000379\",\n \"CVE-2017-11089\",\n \"CVE-2017-13167\",\n \"CVE-2017-13216\",\n \"CVE-2017-13305\",\n \"CVE-2017-14051\",\n \"CVE-2017-18232\",\n \"CVE-2017-18509\",\n \"CVE-2017-18551\",\n \"CVE-2017-18595\",\n \"CVE-2017-7261\",\n \"CVE-2017-7472\",\n \"CVE-2018-10087\",\n \"CVE-2018-10124\",\n \"CVE-2018-10322\",\n \"CVE-2018-10323\",\n \"CVE-2018-10675\",\n \"CVE-2018-10880\",\n \"CVE-2018-12896\",\n \"CVE-2018-17972\",\n \"CVE-2018-18710\",\n \"CVE-2018-20511\",\n \"CVE-2018-20856\",\n \"CVE-2018-20976\",\n \"CVE-2018-3693\",\n \"CVE-2018-6412\",\n \"CVE-2018-9518\",\n \"CVE-2019-0136\",\n \"CVE-2019-10140\",\n \"CVE-2019-10142\",\n \"CVE-2019-1125\",\n \"CVE-2019-12378\",\n \"CVE-2019-12379\",\n \"CVE-2019-12381\",\n \"CVE-2019-12456\",\n \"CVE-2019-12818\",\n \"CVE-2019-13631\",\n \"CVE-2019-13648\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-14814\",\n \"CVE-2019-14815\",\n \"CVE-2019-14816\",\n \"CVE-2019-14821\",\n \"CVE-2019-14835\",\n \"CVE-2019-15098\",\n \"CVE-2019-15118\",\n \"CVE-2019-15212\",\n \"CVE-2019-15213\",\n \"CVE-2019-15214\",\n \"CVE-2019-15216\",\n \"CVE-2019-15217\",\n \"CVE-2019-15218\",\n \"CVE-2019-15219\",\n \"CVE-2019-15220\",\n \"CVE-2019-15221\",\n \"CVE-2019-15291\",\n \"CVE-2019-15292\",\n \"CVE-2019-15505\",\n \"CVE-2019-15807\",\n \"CVE-2019-15916\",\n \"CVE-2019-15926\",\n \"CVE-2019-15927\",\n \"CVE-2019-16232\",\n \"CVE-2019-16413\",\n \"CVE-2019-17052\",\n \"CVE-2019-17053\",\n \"CVE-2019-17054\",\n \"CVE-2019-17055\",\n \"CVE-2019-17056\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-2101\",\n \"CVE-2019-3846\",\n \"CVE-2019-3882\",\n \"CVE-2019-9503\"\n );\n script_bugtraq_id(\n 64954,\n 74232\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):The yam_ioctl function in\n drivers et/hamradio/yam.c in the Linux kernel before\n 3.12.8 does not initialize a certain structure member,\n which allows local users to obtain sensitive\n information from kernel memory by leveraging the\n CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl\n call.(CVE-2014-1446)The VFS subsystem in the Linux\n kernel 3.x provides an incomplete set of requirements\n for setattr operations that underspecifies removing\n extended privilege attributes, which allows local users\n to cause a denial of service (capability stripping) via\n a failed invocation of a system call, as demonstrated\n by using chown to remove a capability from the ping or\n Wireshark dumpcap program.(CVE-2015-1350)A certain\n backport in the TCP Fast Open implementation for the\n Linux kernel before 3.18 does not properly maintain a\n count value, which allow local users to cause a denial\n of service (system crash) via the Fast Open feature, as\n demonstrated by visiting the\n chrome://flags/#enable-tcp-fast-open URL when using\n certain 3.10.x through 3.16.x kernel builds, including\n longterm-maintenance releases and ckt (aka Canonical\n Kernel Team) builds.(CVE-2015-3332)The hub_activate\n function in drivers/usb/core/hub.c in the Linux kernel\n before 4.3.5 does not properly maintain a hub-interface\n data structure, which allows physically proximate\n attackers to cause a denial of service (invalid memory\n access and system crash) or possibly have unspecified\n other impact by unplugging a USB hub\n device.(CVE-2015-8816)In the Linux kernel before 4.1.4,\n a buffer overflow occurs when checking userspace params\n in drivers/media/dvb-frontends/cx24116.c. The maximum\n size for a DiSEqC command is 6, according to the\n userspace API. However, the code allows larger values\n such as 23.(CVE-2015-9289)The create_fixed_stream_quirk\n function in sound/usb/quirks.c in the snd-usb-audio\n driver in the Linux kernel before 4.5.1 allows\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference or double free, and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2184)The ati_remote2_probe\n function in drivers/input/misc/ati_remote2.c in the\n Linux kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints\n value in a USB device descriptor.(CVE-2016-2185)The\n powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2186)The gtco_probe\n function in drivers/input/tablet/gtco.c in the Linux\n kernel through 4.5.2 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints\n value in a USB device descriptor.(CVE-2016-2187)Double\n free vulnerability in the snd_usbmidi_create function\n in sound/usb/midi.c in the Linux kernel before 4.5\n allows physically proximate attackers to cause a denial\n of service (panic) or possibly have unspecified other\n impact via vectors involving an invalid USB\n descriptor.(CVE-2016-2384)The treo_attach function in\n drivers/usb/serial/visor.c in the Linux kernel before\n 4.5 allows physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact by\n inserting a USB device that lacks a (1) bulk-in or (2)\n interrupt-in endpoint.(CVE-2016-2782)The acm_probe\n function in drivers/usb/class/cdc-acm.c in the Linux\n kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a USB device without\n both a control and a data endpoint\n descriptor.(CVE-2016-3138)The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel\n before 3.17 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-3139)The digi_port_init\n function in drivers/usb/serial/digi_acceleport.c in the\n Linux kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints\n value in a USB device descriptor.(CVE-2016-3140)The\n ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel before\n 4.5.1 allows physically proximate attackers to cause a\n denial of service (system crash) via a USB device\n without both a master and a slave\n interface.(CVE-2016-3689)The snd_timer_user_params\n function in sound/core/timer.c in the Linux kernel\n through 4.6 does not initialize a certain data\n structure, which allows local users to obtain sensitive\n information from kernel stack memory via crafted use of\n the ALSA timer\n interface.(CVE-2016-4569)sound/core/timer.c in the\n Linux kernel through 4.6 does not initialize certain r1\n data structures, which allows local users to obtain\n sensitive information from kernel stack memory via\n crafted use of the ALSA timer interface, related to the\n (1) snd_timer_user_ccallback and (2)\n snd_timer_user_tinterrupt functions.(CVE-2016-4578)The\n x25_negotiate_facilities function in\n net/x25/x25_facilities.c in the Linux kernel before\n 4.5.5 does not properly initialize a certain data\n structure, which allows attackers to obtain sensitive\n information from kernel stack memory via an X.25 Call\n Request.(CVE-2016-4580)The arcmsr_iop_message_xfer\n function in drivers/scsi/arcmsr/arcmsr_hba.c in the\n Linux kernel through 4.8.2 does not restrict a certain\n length field, which allows local users to gain\n privileges or cause a denial of service (heap-based\n buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER\n control code.(CVE-2016-7425)The Linux Kernel running on\n AMD64 systems will sometimes map the contents of PIE\n executable, the heap or ld.so to where the stack is\n mapped allowing attackers to more easily manipulate the\n stack. Linux Kernel version 4.11.5 is\n affected.(CVE-2017-1000379)In android for MSM, Firefox\n OS for MSM, QRD Android, with all Android releases from\n CAF using the Linux kernel, a buffer overread is\n observed in nl80211_set_station when user space\n application sends attribute\n NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size\n less than 4 bytes(CVE-2017-11089)An elevation of\n privilege vulnerability in the kernel sound timer.\n Product: Android. Versions: Android kernel. Android ID\n A-37240993.(CVE-2017-13167)In ashmem_ioctl of ashmem.c,\n there is an out-of-bounds write due to insufficient\n locking when accessing asma. This could lead to a local\n elevation of privilege enabling code execution as a\n privileged process with no additional execution\n privileges needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android\n kernel. Android ID: A-66954097.(CVE-2017-13216)A\n information disclosure vulnerability in the Upstream\n kernel encrypted-keys. Product: Android. Versions:\n Android kernel. Android ID:\n A-70526974.(CVE-2017-13305)An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel\n through 4.12.10 allows local users to cause a denial of\n service (memory corruption and system crash) by\n leveraging root access.(CVE-2017-14051)The Serial\n Attached SCSI (SAS) implementation in the Linux kernel\n through 4.15.9 mishandles a mutex within libsas, which\n allows local users to cause a denial of service\n (deadlock) by triggering certain error-handling\n code.(CVE-2017-18232)An issue was discovered in\n net/ipv6/ip6mr.c in the Linux kernel before 4.11. By\n setting a specific socket option, an attacker can\n control a pointer in kernel land and cause an\n inet_csk_listen_stop general protection fault, or\n potentially execute arbitrary code under certain\n circumstances. The issue can be triggered as root\n (e.g., inside a default LXC container or with the\n CAP_NET_ADMIN capability) or after namespace unsharing.\n This occurs because sk_type and protocol are not\n checked in the appropriate part of the ip6_mroute_*\n functions. NOTE: this affects Linux distributions that\n use 4.9.x longterm kernels before\n 4.9.187.(CVE-2017-18509)An issue was discovered in\n drivers/i2c/i2c-core-smbus.c in the Linux kernel before\n 4.14.15. There is an out of bounds write in the\n function i2c_smbus_xfer_emulated.(CVE-2017-18551)An\n issue was discovered in the Linux kernel before\n 4.14.11. A double free may be caused by the function\n allocate_trace_buffer in the file\n kernel/trace/trace.c.(CVE-2017-18595)The\n vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel through 4.10.5 does not check for a zero value\n of certain levels data, which allows local users to\n cause a denial of service (ZERO_SIZE_PTR dereference,\n and GPF and possibly panic) via a crafted ioctl call\n for a /dev/dri/renderD* device.(CVE-2017-7261)The KEYS\n subsystem in the Linux kernel before 4.10.13 allows\n local users to cause a denial of service (memory\n consumption) via a series of\n KEY_REQKEY_DEFL_THREAD_KEYRING\n keyctl_set_reqkey_keyring calls.(CVE-2017-7472)The\n kernel_wait4 function in kernel/exit.c in the Linux\n kernel before 4.13, when an unspecified architecture\n and compiler is used, might allow local users to cause\n a denial of service by triggering an attempted use of\n the -INT_MIN value.(CVE-2018-10087)The\n kill_something_info function in kernel/signal.c in the\n Linux kernel before 4.13, when an unspecified\n architecture and compiler is used, might allow local\n users to cause a denial of service via an INT_MIN\n argument.(CVE-2018-10124)The xfs_dinode_verify function\n in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel\n through 4.16.3 allows local users to cause a denial of\n service (xfs_ilock_attr_map_shared invalid pointer\n dereference) via a crafted xfs\n image.(CVE-2018-10322)The xfs_bmap_extents_to_btree\n function in fs/xfs/libxfs/xfs_bmap.c in the Linux\n kernel through 4.16.3 allows local users to cause a\n denial of service (xfs_bmapi_write NULL pointer\n dereference) via a crafted xfs\n image.(CVE-2018-10323)The do_get_mempolicy function in\n mm/mempolicy.c in the Linux kernel before 4.12.9 allows\n local users to cause a denial of service\n (use-after-free) or possibly have unspecified other\n impact via crafted system calls.(CVE-2018-10675)Linux\n kernel is vulnerable to a stack-out-of-bounds write in\n the ext4 filesystem code when mounting and writing to a\n crafted ext4 image in ext4_update_inline_data(). An\n attacker could use this to cause a system crash and a\n denial of service.(CVE-2018-10880)An issue was\n discovered in the Linux kernel through 4.17.3. An\n Integer Overflow in kernel/time/posix-timers.c in the\n POSIX timer code is caused by the way the overrun\n accounting works. Depending on interval and expiry time\n values, the overrun can be larger than INT_MAX, but the\n accounting is int based. This basically makes the\n accounting values, which are visible to user space via\n timer_getoverrun(2) and siginfo::si_overrun, random.\n For example, a local user can cause a denial of service\n (signed integer overflow) via crafted mmap, futex,\n timer_create, and timer_settime system\n calls.(CVE-2018-12896)An issue was discovered in the\n proc_pid_stack function in fs/proc/base.c in the Linux\n kernel through 4.18.11. It does not ensure that only\n root may inspect the kernel stack of an arbitrary task,\n allowing a local attacker to exploit racy stack\n unwinding and leak kernel task stack\n contents.(CVE-2018-17972)An issue was discovered in the\n Linux kernel through 4.19. An information leak in\n cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could\n be used by local attackers to read kernel memory\n because a cast from unsigned long to int interferes\n with bounds checking. This is similar to CVE-2018-10940\n and CVE-2018-16658.(CVE-2018-18710 )An issue was\n discovered in the Linux kernel before 4.18.11. The\n ipddp_ioctl function in drivers et/appletalk/ipddp.c\n allows local users to obtain sensitive kernel address\n information by leveraging CAP_NET_ADMIN to read the\n ipddp_route dev and next fields via an SIOCFINDIPDDPRT\n ioctl call.(CVE-2018-20511)An issue was discovered in\n the Linux kernel before 4.18.7. In block/blk-core.c,\n there is an __blk_drain_queue() use-after-free because\n a certain error case is mishandled.(CVE-2018-20856)An\n issue was discovered in fs/xfs/xfs_super.c in the Linux\n kernel before 4.18. A use after free exists, related to\n xfs_fs_fill_super failure.(CVE-2018-20976)Systems with\n microprocessors utilizing speculative execution and\n branch prediction may allow unauthorized disclosure of\n information to an attacker with local user access via a\n speculative buffer overflow and side-channel\n analysis.(CVE-2018-3693)In the function\n sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c\n in the Linux kernel through 4.15, an integer signedness\n error allows arbitrary information leakage for the\n FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC\n commands.(CVE-2018-6412)In nfc_llcp_build_sdreq_tlv of\n llcp_commands.c, there is a possible out of bounds\n write due to a missing bounds check. This could lead to\n local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android\n kernel. Android ID: A-73083945.(CVE-2018-9518\n )Insufficient access control in the Intel(R)\n PROSet/Wireless WiFi Software driver before version\n 21.10 may allow an unauthenticated user to potentially\n enable denial of service via adjacent\n access.(CVE-2019-0136)A vulnerability was found in\n Linux kernel's, versions up to 3.10, implementation of\n overlayfs. An attacker with local access can create a\n denial of service situation via NULL pointer\n dereference in ovl_posix_acl_create function in\n fs/overlayfs/dir.c. This can allow attackers with\n ability to create directories on overlayfs to crash the\n kernel creating a denial of service\n (DOS).(CVE-2019-10140)A flaw was found in the Linux\n kernel's freescale hypervisor manager implementation,\n kernel versions 5.0.x up to, excluding 5.0.17. A\n parameter passed to an ioctl was incorrectly validated\n and used in size calculations for the page size\n calculation. An attacker can use this flaw to crash the\n system, corrupt memory, or create other adverse\n security affects.(CVE-2019-10142)An information\n disclosure vulnerability exists when certain central\n processing units (CPU) speculatively access memory, aka\n 'Windows Kernel Information Disclosure Vulnerability'.\n This CVE ID is unique from CVE-2019-1071,\n CVE-2019-1073.(CVE-2019-1125)** DISPUTED ** An issue\n was discovered in ip6_ra_control in\n net/ipv6/ipv6_sockglue.c in the Linux kernel through\n 5.1.5. There is an unchecked kmalloc of new_ra, which\n might allow an attacker to cause a denial of service\n (NULL pointer dereference and system crash). NOTE: This\n has been disputed as not an issue.(CVE-2019-12378)**\n DISPUTED ** An issue was discovered in\n con_insert_unipair in drivers/tty/vt/consolemap.c in\n the Linux kernel through 5.1.5. There is a memory leak\n in a certain case of an ENOMEM outcome of kmalloc.\n NOTE: This id is disputed as not being an\n issue.(CVE-2019-12379)** DISPUTED ** An issue was\n discovered in ip_ra_control in net/ipv4/ip_sockglue.c\n in the Linux kernel through 5.1.5. There is an\n unchecked kmalloc of new_ra, which might allow an\n attacker to cause a denial of service (NULL pointer\n dereference and system crash). NOTE: this is disputed\n because new_ra is never used if it is\n NULL.(CVE-2019-12381)** DISPUTED ** An issue was\n discovered in the MPT3COMMAND case in _ctl_ioctl_main\n in drivers/scsi/mpt3sas/mpt3sas_ctl.c in the Linux\n kernel through 5.1.5. It allows local users to cause a\n denial of service or possibly have unspecified other\n impact by changing the value of ioc_number between two\n kernel reads of that value, aka a 'double fetch'\n vulnerability. NOTE: a third party reports that this is\n unexploitable because the doubly fetched value is not\n used.(CVE-2019-12456)An issue was discovered in the\n Linux kernel before 4.20.15. The nfc_llcp_build_tlv\n function in net fc/llcp_commands.c may return NULL. If\n the caller does not check for this, it will trigger a\n NULL pointer dereference. This will cause denial of\n service. This affects nfc_llcp_build_gb in net\n fc/llcp_core.c.(CVE-2019-12818)In\n parse_hid_report_descriptor in\n drivers/input/tablet/gtco.c in the Linux kernel through\n 5.2.1, a malicious USB device can send an HID report\n that triggers an out-of-bounds write during generation\n of debugging messages.(CVE-2019-13631)In the Linux\n kernel through 5.2.1 on the powerpc platform, when\n hardware transactional memory is disabled, a local user\n can cause a denial of service (TM Bad Thing exception\n and system crash) via a sigreturn() system call that\n sends a crafted signal frame. This affects\n arch/powerpc/kernel/signal_32.c and\n arch/powerpc/kernel/signal_64.c.(CVE-2019-13648)In the\n Linux kernel before 5.2.3, set_geometry in\n drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and\n out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been\n inserted. NOTE: QEMU creates the floppy device by\n default.(CVE-2019-14283)In the Linux kernel before\n 5.2.3, drivers/block/floppy.c allows a denial of\n service by setup_format_params division-by-zero. Two\n consecutive ioctls can trigger the bug: the first one\n should set the drive geometry with .sect and .rate\n values that make F_SECT_PER_TRACK be zero. Next, the\n floppy format operation should be called. It can be\n triggered by an unprivileged local user even when a\n floppy disk has not been inserted. NOTE: QEMU creates\n the floppy device by default.(CVE-2019-14284)There is\n heap-based buffer overflow in Linux kernel, all\n versions up to, excluding 5.3, in the marvell wifi chip\n driver in Linux kernel, that allows local users to\n cause a denial of service(system crash) or possibly\n execute arbitrary code.(CVE-2019-14814)There is\n heap-based buffer overflow in marvell wifi chip driver\n in Linux kernel,allows local users to cause a denial of\n service(system crash) or possibly execute arbitrary\n code.(CVE-2019-14815)There is heap-based buffer\n overflow in kernel, all versions up to, excluding 5.3,\n in the marvell wifi chip driver in Linux kernel, that\n allows local users to cause a denial of service(system\n crash) or possibly execute arbitrary\n code.(CVE-2019-14816)An out-of-bounds access issue was\n found in the Linux kernel, all versions through 5.3, in\n the way Linux kernel's KVM hypervisor implements the\n Coalesced MMIO write operation. It operates on an MMIO\n ring buffer 'struct kvm_coalesced_mmio' object, wherein\n write indices 'ring->first' and 'ring->last' value\n could be supplied by a host user-space process. An\n unprivileged host user or process with access to\n '/dev/kvm' device could use this flaw to crash the host\n kernel, resulting in a denial of service or potentially\n escalating privileges on the system.(CVE-2019-14821)A\n buffer overflow flaw was found, in versions from 2.6.34\n to 5.2.x, in the way Linux kernel's vhost functionality\n that translates virtqueue buffers to IOVs, logged the\n buffer descriptors during migration. A privileged guest\n user able to pass descriptors with invalid length to\n the host when migration is underway, could use this\n flaw to increase their privileges on the\n host.(CVE-2019-14835)drivers\n et/wireless/ath/ath6kl/usb.c in the Linux kernel\n through 5.2.9 has a NULL pointer dereference via an\n incomplete address in an endpoint\n descriptor.(CVE-2019-15098)check_input_term in\n sound/usb/mixer.c in the Linux kernel through 5.2.9\n mishandles recursion, leading to kernel stack\n exhaustion.(CVE-2019-15118)An issue was discovered in\n the Linux kernel before 5.1.8. There is a double-free\n caused by a malicious USB device in the\n drivers/usb/misc/rio500.c driver.(CVE-2019-15212)An\n issue was discovered in the Linux kernel before 5.2.3.\n There is a use-after-free caused by a malicious USB\n device in the drivers/media/usb/dvb-usb/dvb-usb-init.c\n driver.(CVE-2019-15213)An issue was discovered in the\n Linux kernel before 5.0.10. There is a use-after-free\n in the sound subsystem because card disconnection\n causes certain data structures to be deleted too early.\n This is related to sound/core/init.c and\n sound/core/info.c.(CVE-2019-15214)An issue was\n discovered in the Linux kernel before 5.0.14. There is\n a NULL pointer dereference caused by a malicious USB\n device in the drivers/usb/misc/yurex.c\n driver.(CVE-2019-15216)An issue was discovered in the\n Linux kernel before 5.2.3. There is a NULL pointer\n dereference caused by a malicious USB device in the\n drivers/media/usb/zr364xx/zr364xx.c\n driver.(CVE-2019-15217)An issue was discovered in the\n Linux kernel before 5.1.8. There is a NULL pointer\n dereference caused by a malicious USB device in the\n drivers/media/usb/siano/smsusb.c\n driver.(CVE-2019-15218)An issue was discovered in the\n Linux kernel before 5.1.8. There is a NULL pointer\n dereference caused by a malicious USB device in the\n drivers/usb/misc/sisusbvga/sisusb.c\n driver.(CVE-2019-15219)An issue was discovered in the\n Linux kernel before 5.2.1. There is a use-after-free\n caused by a malicious USB device in the drivers\n et/wireless/intersil/p54/p54usb.c\n driver.(CVE-2019-15220)An issue was discovered in the\n Linux kernel before 5.1.17. There is a NULL pointer\n dereference caused by a malicious USB device in the\n sound/usb/line6/pcm.c driver.(CVE-2019-15221)An issue\n was discovered in the Linux kernel through 5.2.9. There\n is a NULL pointer dereference caused by a malicious USB\n device in the flexcop_usb_probe function in the\n drivers/media/usb/b2c2/flexcop-usb.c\n driver.(CVE-2019-15291)An issue was discovered in the\n Linux kernel before 5.0.9. There is a use-after-free in\n atalk_proc_exit, related to net/appletalk/atalk_proc.c,\n net/appletalk/ddp.c, and\n net/appletalk/sysctl_net_atalk.c.(CVE-2019-15292)driver\n s/media/usb/dvb-usb/technisat-usb2.c in the Linux\n kernel through 5.2.9 has an out-of-bounds read via\n crafted USB device traffic (which may be remote via\n usbip or usbredir).(CVE-2019-15505)In the Linux kernel\n before 5.1.13, there is a memory leak in\n drivers/scsi/libsas/sas_expander.c when SAS expander\n discovery fails. This will cause a BUG and denial of\n service.(CVE-2019-15807)An issue was discovered in the\n Linux kernel before 5.0.1. There is a memory leak in\n register_queue_kobjects() in net/core et-sysfs.c, which\n will cause denial of service.(CVE-2019-15916)An issue\n was discovered in the Linux kernel before 5.2.3. Out of\n bounds access exists in the functions\n ath6kl_wmi_pstream_timeout_event_rx and\n ath6kl_wmi_cac_event_rx in the file drivers\n et/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)An issue\n was discovered in the Linux kernel before 4.20.2. An\n out-of-bounds access exists in the function\n build_audio_procunit in the file\n sound/usb/mixer.c.(CVE-2019-15927)drivers\n et/wireless/marvell/libertas/if_sdio.c in the Linux\n kernel 5.2.14 does not check the alloc_workqueue return\n value, leading to a NULL pointer\n dereference.(CVE-2019-16232)An issue was discovered in\n the Linux kernel before 5.0.4. The 9p filesystem did\n not protect i_size_write() properly, which causes an\n i_size_read() infinite loop and denial of service on\n SMP systems.(CVE-2019-16413)ax25_create in\n net/ax25/af_ax25.c in the AF_AX25 network module in the\n Linux kernel through 5.3.2 does not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka\n CID-0614e2b73768.(CVE-2019-17052)ieee802154_create in\n net/ieee802154/socket.c in the AF_IEEE802154 network\n module in the Linux kernel through 5.3.2 does not\n enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-e69dbd4619e7.(CVE-2019-17053)atalk_create in\n net/appletalk/ddp.c in the AF_APPLETALK network module\n in the Linux kernel through 5.3.2 does not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka\n CID-6cc03e8aa36c.(CVE-2019-17054)base_sock_create in\n drivers/isdn/mISDN/socket.c in the AF_ISDN network\n module in the Linux kernel through 5.3.2 does not\n enforce CAP_NET_RAW, which means that unprivileged\n users can create a raw socket, aka\n CID-b91ee4aa2a21.(CVE-2019-17055)llcp_sock_create in\n net fc/llcp_sock.c in the AF_NFC network module in the\n Linux kernel through 5.3.2 does not enforce\n CAP_NET_RAW, which means that unprivileged users can\n create a raw socket, aka\n CID-3a359798b176.(CVE-2019-17056)An issue was\n discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance.(CVE-2019-17075)In the Linux kernel\n through 5.3.2, cfg80211_mgd_wext_giwessid in\n net/wireless/wext-sme.c does not reject a long SSID IE,\n leading to a Buffer\n Overflow.(CVE-2019-17133)rtl_p2p_noa_ie in drivers\n et/wireless/realtek/rtlwifi/ps.c in the Linux kernel\n through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer overflow.(CVE-2019-17666)In\n uvc_parse_standard_control of uvc_driver.c, there is a\n possible out-of-bound read due to improper input\n validation. This could lead to local information\n disclosure with no additional execution privileges\n needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android\n kernel. Android ID: A-111760968.(CVE-2019-2101)A flaw\n that allowed an attacker to corrupt memory and possibly\n escalate privileges was found in the mwifiex kernel\n module while connecting to a malicious wireless\n network.(CVE-2019-3846)A flaw was found in the Linux\n kernel's vfio interface implementation that permits\n violation of the user's locked memory limit. If a\n device is bound to a vfio driver, such as vfio-pci, and\n the local attacker is administratively granted\n ownership of the device, it may cause a system memory\n exhaustion and thus a denial of service (DoS). Versions\n 3.10, 4.14 and 4.18 are vulnerable.(CVE-2019-3882)**\n RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.Note:This vulnarability was lead by\n this commit\n below:5b435de0d786869c95d1962121af0d7df2542009, EulerOS\n kernel doesn't contain this commit.(CVE-2019-9503)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2353\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49df271c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h195\",\n \"kernel-debug-3.10.0-327.62.59.83.h195\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h195\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h195\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h195\",\n \"kernel-devel-3.10.0-327.62.59.83.h195\",\n \"kernel-headers-3.10.0-327.62.59.83.h195\",\n \"kernel-tools-3.10.0-327.62.59.83.h195\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h195\",\n \"perf-3.10.0-327.62.59.83.h195\",\n \"python-perf-3.10.0-327.62.59.83.h195\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2023-06-23T15:40:52", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n * linux-snapdragon \\- Linux kernel for Snapdragon processors\n\nZhipeng Xie discovered that an infinite loop could be triggered in the CFS \nLinux kernel process scheduler. A local attacker could possibly use this to \ncause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel \ndid not properly validate SSID lengths. A physically proximate attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux \nkernel performed DMA from a kernel stack. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2019-17075)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-03T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20784", "CVE-2019-17075", "CVE-2019-17133"], "modified": "2019-12-03T00:00:00", "id": "USN-4211-1", "href": "https://ubuntu.com/security/notices/USN-4211-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T15:40:51", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nUSN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 ESM.\n\nZhipeng Xie discovered that an infinite loop could be triggered in the CFS \nLinux kernel process scheduler. A local attacker could possibly use this to \ncause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel \ndid not properly validate SSID lengths. A physically proximate attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux \nkernel performed DMA from a kernel stack. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2019-17075)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-03T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20784", "CVE-2019-17075", "CVE-2019-17133"], "modified": "2019-12-03T00:00:00", "id": "USN-4211-2", "href": "https://ubuntu.com/security/notices/USN-4211-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-13T15:30:24", "description": "## Releases\n\n * Ubuntu 18.04 ESM\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-hwe \\- Linux kernel for Amazon Web Services (AWS-HWE) systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke-4.15 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oem \\- Linux kernel for OEM processors\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n * linux-snapdragon \\- Linux kernel for Snapdragon processors\n\nIt was discovered that a buffer overflow existed in the 802.11 Wi-Fi \nconfiguration interface for the Linux kernel when handling beacon settings. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2019-16746)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel \ndid not properly validate SSID lengths. A physically proximate attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-17133)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel \ndid not properly deallocate memory in certain error conditions. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2019-19060)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux \nkernel did not properly deallocate memory in certain error conditions. A \nlocal attacker could use this to cause a denial of service (memory \nexhaustion). (CVE-2019-19065)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller \ndriver for the Linux kernel did not properly deallocate memory in certain \nerror conditions. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2019-19075)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux \nkernel performed DMA from a kernel stack. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2019-17075)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-03T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16746", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-19060", "CVE-2019-19065", "CVE-2019-19075"], "modified": "2019-12-03T00:00:00", "id": "USN-4210-1", "href": "https://ubuntu.com/security/notices/USN-4210-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-13T15:30:24", "description": "## Releases\n\n * Ubuntu 19.10 \n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.3 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n\nJann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux \nkernel did not properly handle reference counting during memory mapping \noperations when used in conjunction with AUFS. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2019-15794)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel \ndid not properly validate SSID lengths. A physically proximate attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-17133)\n\nIt was discovered that the ARM Komeda display driver for the Linux kernel \ndid not properly deallocate memory in certain error conditions. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2019-18810)\n\nIt was discovered that the VirtualBox guest driver implementation in the \nLinux kernel did not properly deallocate memory in certain error \nconditions. A local attacker could use this to cause a denial of service \n(memory exhaustion). (CVE-2019-19048)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel \ndid not properly deallocate memory in certain error conditions. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2019-19060, CVE-2019-19061)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux \nkernel did not properly deallocate memory in certain error conditions. A \nlocal attacker could use this to cause a denial of service (memory \nexhaustion). (CVE-2019-19065)\n\nIt was discovered that the AMD Audio Coprocessor driver for the Linux \nkernel did not properly deallocate memory in certain error conditions. A \nlocal attacker with the ability to load modules could use this to cause a \ndenial of service (memory exhaustion). (CVE-2019-19067)\n\nIt was discovered in the Qualcomm FastRPC Driver for the Linux kernel did \nnot properly deallocate memory in certain error conditions. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2019-19069)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller \ndriver for the Linux kernel did not properly deallocate memory in certain \nerror conditions. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2019-19075)\n\nIt was discovered that the AMD Display Engine Driver in the Linux kernel \ndid not properly deallocate memory in certain error conditions. A local \nattack could use this to cause a denial of service (memory exhaustion). \n(CVE-2019-19083)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux \nkernel performed DMA from a kernel stack. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2019-17075)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-02T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-15794", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-18810", "CVE-2019-19048", "CVE-2019-19060", "CVE-2019-19061", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19069", "CVE-2019-19075", "CVE-2019-19083"], "modified": "2019-12-02T00:00:00", "id": "USN-4208-1", "href": "https://ubuntu.com/security/notices/USN-4208-1", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-13T15:30:02", "description": "## Releases\n\n * Ubuntu 19.04 \n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.0 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke-5.0 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oem-osp1 \\- Linux kernel for OEM processors\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.0 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi 2\n\nMichael Hanselmann discovered that the CIFS implementation in the Linux \nkernel did not sanitize paths returned by an SMB server. An attacker \ncontrolling an SMB server could use this to overwrite arbitrary files. \n(CVE-2019-10220)\n\nIt was discovered that a heap-based buffer overflow existed in the Marvell \nWiFi-Ex Driver for the Linux kernel. A physically proximate attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2019-14895, CVE-2019-14901)\n\nIt was discovered that a heap-based buffer overflow existed in the Marvell \nLibertas WLAN Driver for the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2019-14896, CVE-2019-14897)\n\nIt was discovered that the Fujitsu ES network device driver for the Linux \nkernel did not properly check for errors in some situations, leading to a \nNULL pointer dereference. A local attacker could use this to cause a denial \nof service. (CVE-2019-16231)\n\nIt was discovered that the QLogic Fibre Channel driver in the Linux kernel \ndid not properly check for error, leading to a NULL pointer dereference. A \nlocal attacker could possibly use this to cause a denial of service (system \ncrash). (CVE-2019-16233)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel \ndid not properly validate SSID lengths. A physically proximate attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-17133)\n\nAnthony Steinhauser discovered that the Linux kernel did not properly \nperform Spectre_RSB mitigations to all processors for PowerPC architecture \nsystems in some situations. A local attacker could use this to expose \nsensitive information. (CVE-2019-18660)\n\nIt was discovered that the Mellanox Technologies Innova driver in the Linux \nkernel did not properly deallocate memory in certain failure conditions. A \nlocal attacker could use this to cause a denial of service (kernel memory \nexhaustion). (CVE-2019-19045)\n\nIt was discovered that the VirtualBox guest driver implementation in the \nLinux kernel did not properly deallocate memory in certain error \nconditions. A local attacker could use this to cause a denial of service \n(memory exhaustion). (CVE-2019-19048)\n\nIt was discovered that Geschwister Schneider USB CAN interface driver in \nthe Linux kernel did not properly deallocate memory in certain failure \nconditions. A physically proximate attacker could use this to cause a \ndenial of service (kernel memory exhaustion). (CVE-2019-19052)\n\nIt was discovered that the netlink-based 802.11 configuration interface in \nthe Linux kernel did not deallocate memory in certain error conditions. A \nlocal attacker could possibly use this to cause a denial of service (kernel \nmemory exhaustion). (CVE-2019-19055)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel \ndid not properly deallocate memory in certain error conditions. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2019-19060)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux \nkernel did not properly deallocate memory in certain error conditions. A \nlocal attacker could use this to cause a denial of service (memory \nexhaustion). (CVE-2019-19065)\n\nIt was discovered that the AMD Audio Coprocessor driver for the Linux \nkernel did not properly deallocate memory in certain error conditions. A \nlocal attacker with the ability to load modules could use this to cause a \ndenial of service (memory exhaustion). (CVE-2019-19067)\n\nIt was discovered that the event tracing subsystem of the Linux kernel did \nnot properly deallocate memory in certain error conditions. A local \nattacker could use this to cause a denial of service (kernel memory \nexhaustion). (CVE-2019-19072)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller \ndriver for the Linux kernel did not properly deallocate memory in certain \nerror conditions. A local attacker could use this to cause a denial of \nservice (memory exhaustion). (CVE-2019-19075)\n\nIt was discovered that the AMD Display Engine Driver in the Linux kernel \ndid not properly deallocate memory in certain error conditions. A local \nattack could use this to cause a denial of service (memory exhaustion). \n(CVE-2019-19083)\n\nIt was discovered that the driver for memoryless force-feedback input \ndevices in the Linux kernel contained a use-after-free vulnerability. A \nphysically proximate attacker could possibly use this to cause a denial of \nservice (system crash) or execute arbitrary code. (CVE-2019-19524)\n\nIt was discovered that the NXP PN533 NFC USB driver in the Linux kernel did \nnot properly free resources after a late probe error, leading to a use- \nafter-free vulnerability. A physically proximate attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2019-19526)\n\nIt was discovered that the Microchip CAN BUS Analyzer driver in the Linux \nkernel contained a use-after-free vulnerability on device disconnect. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-19529)\n\nIt was discovered that multiple USB HID device drivers in the Linux kernel \ndid not properly validate device metadata on attachment, leading to out-of- \nbounds writes. A physically proximate attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2019-19532)\n\nIt was discovered that the PEAK-System Technik USB driver in the Linux \nkernel did not properly sanitize memory before sending it to the device. A \nphysically proximate attacker could use this to expose sensitive \ninformation (kernel memory). (CVE-2019-19534)\n\nIt was discovered that in some situations the fair scheduler in the Linux \nkernel did not permit a process to use its full quota time slice. A local \nattacker could use this to cause a denial of service. (CVE-2019-19922)\n\nIt was discovered that the binder IPC implementation in the Linux kernel \ndid not properly perform bounds checking in some situations, leading to an \nout-of-bounds write. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2019-2214)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux \nkernel performed DMA from a kernel stack. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2019-17075)\n\nIt was discovered that the DesignWare USB3 controller driver in the Linux \nkernel did not properly deallocate memory in some error conditions. A local \nattacker could possibly use this to cause a denial of service (memory \nexhaustion). (CVE-2019-18813)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-07T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10220", "CVE-2019-14895", "CVE-2019-14896", "CVE-2019-14897", "CVE-2019-14901", "CVE-2019-16231", "CVE-2019-16233", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-18660", "CVE-2019-18813", "CVE-2019-19045", "CVE-2019-19048", "CVE-2019-19052", "CVE-2019-19055", "CVE-2019-19060", "CVE-2019-19065", "CVE-2019-19067", "CVE-2019-19072", "CVE-2019-19075", "CVE-2019-19083", "CVE-2019-19524", "CVE-2019-19526", "CVE-2019-19529", "CVE-2019-19532", "CVE-2019-19534", "CVE-2019-19922", "CVE-2019-2214"], "modified": "2020-01-07T00:00:00", "id": "USN-4226-1", "href": "https://ubuntu.com/security/notices/USN-4226-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-12-11T14:43:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-4211-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-17075", "CVE-2019-17133"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310844256", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844256", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844256\");\n script_version(\"2019-12-10T07:34:00+0000\");\n script_cve_id(\"CVE-2018-20784\", \"CVE-2019-17133\", \"CVE-2019-17075\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 07:34:00 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-04 03:01:42 +0000 (Wed, 04 Dec 2019)\");\n script_name(\"Ubuntu Update for linux USN-4211-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4211-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-December/005229.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-4211-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Zhipeng Xie discovered that an infinite loop could be triggered in the CFS\nLinux kernel process scheduler. A local attacker could possibly use this to\ncause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel\ndid not properly validate SSID lengths. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux\nkernel performed DMA from a kernel stack. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2019-17075)\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1063-kvm\", ver:\"4.4.0-1063.70\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1099-aws\", ver:\"4.4.0-1099.110\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1126-raspi2\", ver:\"4.4.0-1126.135\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1130-snapdragon\", ver:\"4.4.0-1130.138\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-generic\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-generic-lpae\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-lowlatency\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-powerpc-e500mc\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-powerpc-smp\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-powerpc64-emb\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-powerpc64-smp\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1099.103\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1063.63\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1126.126\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1130.122\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-11T14:42:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-4210-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19075", "CVE-2019-19065", "CVE-2019-17075", "CVE-2019-16746", "CVE-2019-19060", "CVE-2019-17133"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310844258", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844258", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844258\");\n script_version(\"2019-12-10T07:34:00+0000\");\n script_cve_id(\"CVE-2019-16746\", \"CVE-2019-17133\", \"CVE-2019-19060\", \"CVE-2019-19065\", \"CVE-2019-19075\", \"CVE-2019-17075\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 07:34:00 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-04 03:01:57 +0000 (Wed, 04 Dec 2019)\");\n script_name(\"Ubuntu Update for linux USN-4210-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4210-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-December/005228.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-4210-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that a buffer overflow existed in the 802.11 Wi-Fi\nconfiguration interface for the Linux kernel when handling beacon settings.\nA local attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2019-16746)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel\ndid not properly validate SSID lengths. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel\ndid not properly deallocate memory in certain error conditions. A local\nattacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2019-19060)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux\nkernel did not properly deallocate memory in certain error conditions. A\nlocal attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-19065)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller\ndriver for the Linux kernel did not properly deallocate memory in certain\nerror conditions. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2019-19075)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux\nkernel performed DMA from a kernel stack. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2019-17075)\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1030-oracle\", ver:\"4.15.0-1030.33\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1049-gke\", ver:\"4.15.0-1049.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1051-kvm\", ver:\"4.15.0-1051.51\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1052-raspi2\", ver:\"4.15.0-1052.56\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1056-aws\", ver:\"4.15.0-1056.58\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1065-oem\", ver:\"4.15.0-1065.75\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1069-snapdragon\", ver:\"4.15.0-1069.76\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-72-generic\", ver:\"4.15.0-72.81\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-72-generic-lpae\", ver:\"4.15.0-72.81\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-72-lowlatency\", ver:\"4.15.0-72.81\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1056.57\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws-lts-18.04\", ver:\"4.15.0.1056.57\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.72.74\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.72.74\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1049.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke-4.15\", ver:\"4.15.0.1049.52\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1051.51\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.72.74\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.1065.69\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"4.15.0.1030.35\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle-lts-18.04\", ver:\"4.15.0.1030.35\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.15.0.72.74\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.15.0.72.74\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.15.0.72.74\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.15.0.72.74\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1052.50\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.15.0.1069.72\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.15.0.72.74\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1030-oracle\", ver:\"4.15.0-1030.33~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1050-gcp\", ver:\"4.15.0-1050.53\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1056-aws\", ver:\"4.15.0-1056.58~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-72-generic\", ver:\"4.15.0-72.81~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-72-generic-lpae\", ver:\"4.15.0-72.81~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-72-lowlatency\", ver:\"4.15.0-72.81~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws-hwe\", ver:\"4.15.0.1056.56\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1050.64\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.72.92\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.72.92\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1050.64\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.72.92\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.72.92\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"4.15.0.1030.23\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual-hwe-16.04\", ver:\"4.15.0.72.92\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-05-08T09:47:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-4208-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18810", "CVE-2019-19075", "CVE-2019-19065", "CVE-2019-17075", "CVE-2019-15794", "CVE-2019-19083", "CVE-2019-19067", "CVE-2019-19069", "CVE-2019-19048", "CVE-2019-19060", "CVE-2019-17133", "CVE-2019-19061"], "modified": "2020-05-05T00:00:00", "id": "OPENVAS:1361412562310844257", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844257", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844257\");\n script_version(\"2020-05-05T07:00:07+0000\");\n script_cve_id(\"CVE-2019-15794\", \"CVE-2019-17133\", \"CVE-2019-18810\", \"CVE-2019-19048\", \"CVE-2019-19060\", \"CVE-2019-19061\", \"CVE-2019-19065\", \"CVE-2019-19067\", \"CVE-2019-19069\", \"CVE-2019-19075\", \"CVE-2019-19083\", \"CVE-2019-17075\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-05 07:00:07 +0000 (Tue, 05 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-12-04 03:01:45 +0000 (Wed, 04 Dec 2019)\");\n script_name(\"Ubuntu Update for linux USN-4208-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU19\\.10|UBUNTU18\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4208-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-December/005226.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-4208-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Jann Horn discovered that the OverlayFS and ShiftFS Drivers in the Linux\nkernel did not properly handle reference counting during memory mapping\noperations when used in conjunction with AUFS. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-15794)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel\ndid not properly validate SSID lengths. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nIt was discovered that the ARM Komeda display driver for the Linux kernel\ndid not properly deallocate memory in certain error conditions. A local\nattacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2019-18810)\n\nIt was discovered that the VirtualBox guest driver implementation in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could use this to cause a denial of service\n(memory exhaustion). (CVE-2019-19048)\n\nIt was discovered that the ADIS16400 IIO IMU Driver for the Linux kernel\ndid not properly deallocate memory in certain error conditions. A local\nattacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2019-19060, CVE-2019-19061)\n\nIt was discovered that the Intel OPA Gen1 Infiniband Driver for the Linux\nkernel did not properly deallocate memory in certain error conditions. A\nlocal attacker could use this to cause a denial of service (memory\nexhaustion). (CVE-2019-19065)\n\nIt was discovered that the AMD Audio CoProcessor Driver for the Linux\nkernel did not properly deallocate memory in certain error conditions. A\nlocal attacker with the ability to load modules could use this to cause a\ndenial of service (memory exhaustion). (CVE-2019-19067)\n\nIt was discovered in the Qualcomm FastRPC Driver for the Linux kernel did\nnot properly deallocate memory in certain error conditions. A local\nattacker could use this to cause a denial of service (memory exhaustion).\n(CVE-2019-19069)\n\nIt was discovered that the Cascoda CA8210 SPI 802.15.4 wireless controller\ndriver for the Linux kernel did not properly deallocate memory in certain\nerror conditions. A local attacker could use this to cause a denial of\nservice (memory exhaustion). (CVE-2019-19075)\n\nIt was discovered that the AMD Display Engine Driver in the Linux kernel\ndid not properly deallocate memory in certain error conditions. A local\nattack could use this to cause a denial of service (memory exhaustion).\n(CVE-2019-19083)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux\nkernel performed DMA from a kernel stack. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2019-17075)\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 19.10, Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1007-oracle\", ver:\"5.3.0-1007.8\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1008-aws\", ver:\"5.3.0-1008.9\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1008-kvm\", ver:\"5.3.0-1008.9\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1009-gcp\", ver:\"5.3.0-1009.10\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-24-generic\", ver:\"5.3.0-24.26\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-24-generic-lpae\", ver:\"5.3.0-24.26\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-24-lowlatency\", ver:\"5.3.0-24.26\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-24-snapdragon\", ver:\"5.3.0-24.26\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"5.3.0.1008.10\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"5.3.0.1009.10\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"5.3.0.24.28\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"5.3.0.24.28\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"5.3.0.1009.10\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"5.3.0.1008.10\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"5.3.0.24.28\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"5.3.0.1007.8\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"5.3.0.24.28\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"5.3.0.24.28\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.3.0-1009-gcp\", ver:\"5.3.0-1009.10~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp-edge\", ver:\"5.3.0.1009.9\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:35:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2283)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-0136", "CVE-2019-17666", "CVE-2019-18809", "CVE-2019-17055", "CVE-2019-17054", "CVE-2019-18806", "CVE-2019-18813", "CVE-2019-17075", "CVE-2019-16746", "CVE-2019-17052", "CVE-2019-17053", "CVE-2019-16234", "CVE-2019-17133", "CVE-2019-17056"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192283", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2283\");\n script_version(\"2020-01-23T12:45:16+0000\");\n script_cve_id(\"CVE-2019-0136\", \"CVE-2019-16234\", \"CVE-2019-16746\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-18806\", \"CVE-2019-18809\", \"CVE-2019-18813\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:45:16 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:45:16 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2283)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2283\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2283\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-2283 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A memory leak in the af9005_identify_state() function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-2289adbfa559.(CVE-2019-18809)\n\nA memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.(CVE-2019-18813)\n\nA memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806)\n\ndrivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16234)\n\nInsufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)\n\nAn issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.(CVE-2019-16746)\n\nIn the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)\n\nrtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)\n\nAn issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)\n\nax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.(CVE-2019-17052)\n\nieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.(CVE-2019-17053)\n\natalk_create in net/appletalk/ddp ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"bpftool\", rpm:\"bpftool~4.19.36~vhulk1907.1.0.h529.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.36~vhulk1907.1.0.h529.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.36~vhulk1907.1.0.h529.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.36~vhulk1907.1.0.h529.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.19.36~vhulk1907.1.0.h529.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.36~vhulk1907.1.0.h529.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.36~vhulk1907.1.0.h529.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.36~vhulk1907.1.0.h529.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.36~vhulk1907.1.0.h529.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-perf\", rpm:\"python3-perf~4.19.36~vhulk1907.1.0.h529.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-14T14:49:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-08T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-4226-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19045", "CVE-2019-16233", "CVE-2019-19534", "CVE-2019-19075", "CVE-2019-19052", "CVE-2019-14901", "CVE-2019-19524", "CVE-2019-14896", "CVE-2019-19922", "CVE-2019-18813", "CVE-2019-19065", "CVE-2019-19526", "CVE-2019-19055", "CVE-2019-17075", "CVE-2019-10220", "CVE-2019-14895", "CVE-2019-14897", "CVE-2019-19083", "CVE-2019-19067", "CVE-2019-16231", "CVE-2019-19529", "CVE-2019-19532", "CVE-2019-18660", "CVE-2019-19048", "CVE-2019-19060", "CVE-2019-19072", "CVE-2019-17133", "CVE-2019-2214"], "modified": "2020-01-13T00:00:00", "id": "OPENVAS:1361412562310844283", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844283", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844283\");\n script_version(\"2020-01-13T11:49:13+0000\");\n script_cve_id(\"CVE-2019-10220\", \"CVE-2019-14895\", \"CVE-2019-14901\", \"CVE-2019-14896\", \"CVE-2019-14897\", \"CVE-2019-16231\", \"CVE-2019-16233\", \"CVE-2019-17133\", \"CVE-2019-18660\", \"CVE-2019-19045\", \"CVE-2019-19048\", \"CVE-2019-19052\", \"CVE-2019-19055\", \"CVE-2019-19060\", \"CVE-2019-19065\", \"CVE-2019-19067\", \"CVE-2019-19072\", \"CVE-2019-19075\", \"CVE-2019-19083\", \"CVE-2019-19524\", \"CVE-2019-19526\", \"CVE-2019-19529\", \"CVE-2019-19532\", \"CVE-2019-19534\", \"CVE-2019-19922\", \"CVE-2019-2214\", \"CVE-2019-17075\", \"CVE-2019-18813\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-13 11:49:13 +0000 (Mon, 13 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-08 11:16:08 +0000 (Wed, 08 Jan 2020)\");\n script_name(\"Ubuntu Update for linux USN-4226-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.04)\");\n\n script_xref(name:\"USN\", value:\"4226-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-January/005253.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-4226-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Michael Hanselmann discovered that the CIFS implementation in the Linux\nkernel did not sanitize paths returned by an SMB server. An attacker\ncontrolling an SMB server could use this to overwrite arbitrary files.\n(CVE-2019-10220)\n\nIt was discovered that a heap-based buffer overflow existed in the Marvell\nWiFi-Ex Driver for the Linux kernel. A physically proximate attacker could\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-14895, CVE-2019-14901)\n\nIt was discovered that a heap-based buffer overflow existed in the Marvell\nLibertas WLAN Driver for the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-14896, CVE-2019-14897)\n\nIt was discovered that the Fujitsu ES network device driver for the Linux\nkernel did not properly check for errors in some situations, leading to a\nNULL pointer dereference. A local attacker could use this to cause a denial\nof service. (CVE-2019-16231)\n\nIt was discovered that the QLogic Fibre Channel driver in the Linux kernel\ndid not properly check for error, leading to a NULL pointer dereference. A\nlocal attacker could possibly use this to cause a denial of service (system\ncrash). (CVE-2019-16233)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel\ndid not properly validate SSID lengths. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nAnthony Steinhauser discovered that the Linux kernel did not properly\nperform Spectre_RSB mitigations to all processors for PowerPC architecture\nsystems in some situations. A local attacker could use this to expose\nsensitive information. (CVE-2019-18660)\n\nIt was discovered that the Mellanox Technologies Innova driver in the Linux\nkernel did not properly deallocate memory in certain failure conditions. A\nlocal attacker could use this to cause a denial of service (kernel memory\nexhaustion). (CVE-2019-19045)\n\nIt was discovered that the VirtualBox guest driver implementation in the\nLinux kernel did not properly deallocate memory in certain error\nconditions. A local attacker could use this to cause a denial of service\n(memory exhaustion). (CVE-2019-19048)\n\nIt was discovered that Geschwister Schneider USB CAN interface driver in\nthe Linux kernel did not properly deallocate memory in certain failure\nconditions. A physically proximate attacker could use this to cause a\ndenial of service (kernel memory exhaustion). (CVE-2019-19052)\n\nIt was discovered that the netlink-based 802.11 configuration interface ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 19.04, Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1009-oracle\", ver:\"5.0.0-1009.14~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1023-aws\", ver:\"5.0.0-1023.26~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1027-gke\", ver:\"5.0.0-1027.28~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1028-azure\", ver:\"5.0.0-1028.30~18.04.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1033-oem-osp1\", ver:\"5.0.0-1033.38\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws-edge\", ver:\"5.0.0.1023.37\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"5.0.0.1028.39\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke-5.0\", ver:\"5.0.0.1027.16\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oem-osp1\", ver:\"5.0.0.1033.37\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle-edge\", ver:\"5.0.0.1009.8\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1009-oracle\", ver:\"5.0.0-1009.14\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1023-aws\", ver:\"5.0.0-1023.26\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1024-kvm\", ver:\"5.0.0-1024.26\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1024-raspi2\", ver:\"5.0.0-1024.25\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1028-azure\", ver:\"5.0.0-1028.30\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-1028-gcp\", ver:\"5.0.0-1028.29\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-38-generic\", ver:\"5.0.0-38.41\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-38-generic-lpae\", ver:\"5.0.0-38.41\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-5.0.0-38-lowlatency\", ver:\"5.0.0-38.41\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"5.0.0.1023.25\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"5.0.0.1028.28\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"5.0.0.1028.53\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"5.0.0.38.40\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"5.0.0.38.40\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"5.0.0.1028.53\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"5.0.0.1024.25\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"5.0.0.38.40\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"5.0.0.1009.35\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"5.0.0.1024.22\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"5.0.0.38.40\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T16:53:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2599)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2017-5753", "CVE-2015-3332", "CVE-2017-18595", "CVE-2019-0136", "CVE-2019-17666", "CVE-2016-3689", "CVE-2016-3139", "CVE-2015-9289", "CVE-2017-18551", "CVE-2016-2186", "CVE-2016-2187", "CVE-2014-5206", "CVE-2016-4569", "CVE-2016-7425", "CVE-2017-1000379", "CVE-2016-2184", "CVE-2017-1000253", "CVE-2019-17075", "CVE-2015-1350", "CVE-2014-4608", "CVE-2016-6197", "CVE-2018-14617", "CVE-2016-3138", "CVE-2016-3140", "CVE-2017-18509", "CVE-2016-4578", "CVE-2014-5207", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-6130", "CVE-2015-8844", "CVE-2015-8845", "CVE-2017-13168", "CVE-2019-17133"], "modified": "2020-04-03T00:00:00", "id": "OPENVAS:1361412562311220192599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192599", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2599\");\n script_version(\"2020-04-03T10:35:51+0000\");\n script_cve_id(\"CVE-2014-4608\", \"CVE-2014-5206\", \"CVE-2014-5207\", \"CVE-2015-1350\", \"CVE-2015-3332\", \"CVE-2015-8816\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-9289\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2384\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3689\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-6130\", \"CVE-2016-6197\", \"CVE-2016-7425\", \"CVE-2017-1000253\", \"CVE-2017-1000379\", \"CVE-2017-13168\", \"CVE-2017-18509\", \"CVE-2017-18551\", \"CVE-2017-18595\", \"CVE-2017-5753\", \"CVE-2018-14617\", \"CVE-2019-0136\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-03 10:35:51 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:08:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2599)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2599\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2599\");\n script_xref(name:\"URL\", value:\"https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-2599 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says 'the Linux kernel is *not* affected, media hype.'(CVE-2014-4608)\n\nA certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)\n\nAn elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.(CVE-2017-13168)\n\nAn issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)\n\nAn issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)\n\nAn issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)\n\nAn issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.(CVE-2018-14617)\n\nAn issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T16:51:47", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-03-13T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1197)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14815", "CVE-2019-15098", "CVE-2019-14816", "CVE-2019-15090", "CVE-2019-15217", "CVE-2019-0136", "CVE-2019-17666", "CVE-2019-16233", "CVE-2019-18809", "CVE-2019-15216", "CVE-2019-15504", "CVE-2019-15918", "CVE-2019-17055", "CVE-2019-15030", "CVE-2019-17054", "CVE-2019-18806", "CVE-2019-18813", "CVE-2019-15215", "CVE-2019-15099", "CVE-2019-15924", "CVE-2019-17075", "CVE-2019-16746", "CVE-2019-14835", "CVE-2019-15213", "CVE-2019-15212", "CVE-2019-18808", "CVE-2019-15922", "CVE-2019-19066", "CVE-2019-18885", "CVE-2019-15031", "CVE-2019-17052", "CVE-2019-16714", "CVE-2019-16089", "CVE-2019-15926", "CVE-2019-14814", "CVE-2019-15923", "CVE-2019-17053", "CVE-2019-16234", "CVE-2019-17133", "CVE-2019-17056"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562311220201197", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201197", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1197\");\n script_version(\"2020-03-13T07:12:58+0000\");\n script_cve_id(\"CVE-2019-0136\", \"CVE-2019-14814\", \"CVE-2019-14815\", \"CVE-2019-14816\", \"CVE-2019-14835\", \"CVE-2019-15030\", \"CVE-2019-15031\", \"CVE-2019-15090\", \"CVE-2019-15098\", \"CVE-2019-15099\", \"CVE-2019-15212\", \"CVE-2019-15213\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15217\", \"CVE-2019-15504\", \"CVE-2019-15918\", \"CVE-2019-15922\", \"CVE-2019-15923\", \"CVE-2019-15924\", \"CVE-2019-15926\", \"CVE-2019-16089\", \"CVE-2019-16233\", \"CVE-2019-16234\", \"CVE-2019-16714\", \"CVE-2019-16746\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-18806\", \"CVE-2019-18808\", \"CVE-2019-18809\", \"CVE-2019-18813\", \"CVE-2019-18885\", \"CVE-2019-19066\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 07:12:58 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-13 07:12:58 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1197)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1197\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1197\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2020-1197 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.\n\nSecurity Fix(es):An issue was discovered in the Linux kernel before 5.2.3. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/dvb-usb/dvb-usb-init.c driver.(CVE-2019-15213)\n\nAn issue was discovered in the Linux kernel before 5.2.6. There is a use-after-free caused by a malicious USB device in the drivers/media/usb/cpia2/cpia2_usb.c driver.(CVE-2019-15215)\n\nAn issue was discovered in the Linux kernel before 5.2.3. There is a NULL pointer dereference caused by a malicious USB device in the drivers/media/usb/zr364xx/zr364xx.c driver.(CVE-2019-15217)\n\nAn issue was discovered in the Linux kernel before 5.1.8. There is a double-free caused by a malicious USB device in the drivers/usb/misc/rio500.c driver.(CVE-2019-15212)\n\nAn issue was discovered in the Linux kernel before 5.0.14. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/yurex.c driver.(CVE-2019-15216)\n\nAn issue was discovered in drivers/scsi/qedi/qedi_dbg.c in the Linux kernel before 5.1.12. In the qedi_dbg_* family of functions, there is an out-of-bounds read.(CVE-2019-15090)\n\nAn issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a cd data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15923)\n\nAn issue was discovered in the Linux kernel before 5.0.10. SMB2_negotiate in fs/cifs/smb2pdu.c has an out-of-bounds read because data structures are incompletely updated after a change from smb30 to smb21.(CVE-2019-15918)\n\nAn issue was discovered in the Linux kernel before 5.0.9. There is a NULL pointer dereference for a pf data structure if alloc_disk fails in drivers/block/paride/pf.c.(CVE-2019-15922)\n\nAn issue was discovered in the Linux kernel before 5.2.3. Out of bounds access exists in the functions ath6kl_wmi_pstream_timeout_event_rx and ath6kl_wmi_cac_event_rx in the file drivers/net/wireless/ath/ath6kl/wmi.c.(CVE-2019-15926)\n\nAn issue was discovered in the Linux kernel before 5.0.11. fm10k_init_module in drivers/net/ethernet/intel/fm10k/fm10k_main.c has a NULL pointer dereference because there is no -ENOMEM upon an alloc_workqueue failure.(CVE-2019-15924)\n\nA buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during m ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.36~vhulk1907.1.0.h529\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.36~vhulk1907.1.0.h529\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.36~vhulk1907.1.0.h529\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.36~vhulk1907.1.0.h529\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.36~vhulk1907.1.0.h529\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.36~vhulk1907.1.0.h529\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.36~vhulk1907.1.0.h529\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.36~vhulk1907.1.0.h529\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:40:21", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1042)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19079", "CVE-2019-18814", "CVE-2019-19054", "CVE-2019-19045", "CVE-2019-0136", "CVE-2019-19051", "CVE-2019-17666", "CVE-2019-16233", "CVE-2019-18683", "CVE-2019-18809", "CVE-2019-19057", "CVE-2019-19075", "CVE-2019-19052", "CVE-2019-15504", "CVE-2019-17055", "CVE-2019-19058", "CVE-2019-17054", "CVE-2019-18806", "CVE-2019-18813", "CVE-2019-19065", "CVE-2019-19082", "CVE-2019-19059", "CVE-2019-19078", "CVE-2019-17075", "CVE-2019-16746", "CVE-2019-19063", "CVE-2019-18808", "CVE-2019-19066", "CVE-2019-19083", "CVE-2019-19067", "CVE-2019-19068", "CVE-2019-19071", "CVE-2019-19081", "CVE-2019-17052", "CVE-2019-19073", "CVE-2019-19077", "CVE-2019-19070", "CVE-2019-19080", "CVE-2019-16714", "CVE-2019-18786", "CVE-2019-19074", "CVE-2019-16089", "CVE-2019-19056", "CVE-2019-19072", "CVE-2019-17053", "CVE-2019-16234", "CVE-2019-17133", "CVE-2019-19049", "CVE-2019-17056"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201042", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1042\");\n script_version(\"2020-01-23T13:17:18+0000\");\n script_cve_id(\"CVE-2019-0136\", \"CVE-2019-15504\", \"CVE-2019-16089\", \"CVE-2019-16233\", \"CVE-2019-16234\", \"CVE-2019-16714\", \"CVE-2019-16746\", \"CVE-2019-17052\", \"CVE-2019-17053\", \"CVE-2019-17054\", \"CVE-2019-17055\", \"CVE-2019-17056\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-18683\", \"CVE-2019-18786\", \"CVE-2019-18806\", \"CVE-2019-18808\", \"CVE-2019-18809\", \"CVE-2019-18813\", \"CVE-2019-18814\", \"CVE-2019-19045\", \"CVE-2019-19049\", \"CVE-2019-19051\", \"CVE-2019-19052\", \"CVE-2019-19054\", \"CVE-2019-19056\", \"CVE-2019-19057\", \"CVE-2019-19058\", \"CVE-2019-19059\", \"CVE-2019-19063\", \"CVE-2019-19065\", \"CVE-2019-19066\", \"CVE-2019-19067\", \"CVE-2019-19068\", \"CVE-2019-19070\", \"CVE-2019-19071\", \"CVE-2019-19072\", \"CVE-2019-19073\", \"CVE-2019-19074\", \"CVE-2019-19075\", \"CVE-2019-19077\", \"CVE-2019-19078\", \"CVE-2019-19079\", \"CVE-2019-19080\", \"CVE-2019-19081\", \"CVE-2019-19082\", \"CVE-2019-19083\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:17:18 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:17:18 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1042)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1042\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1042\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2020-1042 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).CVE-2019-15504\n\nIn the Linux kernel before 5.2.14, rds6_inc_info_copy in net/rds/recv.c allows attackers to obtain sensitive information from kernel stack memory because tos and flags fields are not initialized.CVE-2019-16714\n\ndrivers/scsi/qla2xxx/qla_os.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.CVE-2019-16233\n\nAn issue was discovered in the Linux kernel through 5.2.13. nbd_genl_status in drivers/block/nbd.c does not check the nla_nest_start_noflag return value.CVE-2019-16089\n\nllcp_sock_create in net/nfc/llcp_sock.c in the AF_NFC network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-3a359798b176.CVE-2019-17056\n\nbase_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-b91ee4aa2a21.CVE-2019-17055\n\natalk_create in net/appletalk/ddp.c in the AF_APPLETALK network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-6cc03e8aa36c.CVE-2019-17054\n\nieee802154_create in net/ieee802154/socket.c in the AF_IEEE802154 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-e69dbd4619e7.CVE-2019-17053\n\nax25_create in net/ax25/af_ax25.c in the AF_AX25 network module in the Linux kernel through 5.3.2 does not enforce CAP_NET_RAW, which means that unprivileged users can create a raw socket, aka CID-0614e2b73768.CVE-2019-17052\n\nAn issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.CVE-2019-17075\n\nrtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.CVE-2019-17666\n\nIn the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Ove ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-perf\", rpm:\"python3-perf~4.19.36~vhulk1907.1.0.h619.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:38:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2531)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19054", "CVE-2015-3332", "CVE-2017-13216", "CVE-2015-4003", "CVE-2019-0136", "CVE-2019-17666", "CVE-2014-4157", "CVE-2018-7755", "CVE-2015-4002", "CVE-2018-20510", "CVE-2014-4508", "CVE-2015-9289", "CVE-2016-4486", "CVE-2017-8831", "CVE-2019-19062", "CVE-2017-18551", "CVE-2016-2186", "CVE-2016-3857", "CVE-2015-4004", "CVE-2019-18806", "CVE-2019-9506", "CVE-2018-14625", "CVE-2017-15537", "CVE-2019-17075", "CVE-2015-4001", "CVE-2014-7843", "CVE-2019-16746", "CVE-2014-9870", "CVE-2019-18808", "CVE-2017-7482", "CVE-2017-16647", "CVE-2018-9363", "CVE-2014-9888", "CVE-2019-19066", "CVE-2015-7833", "CVE-2015-8955", "CVE-2018-7995", "CVE-2019-16231", "CVE-2019-16232", "CVE-2016-6130", "CVE-2019-3846", "CVE-2014-8133", "CVE-2015-8967", "CVE-2019-19060", "CVE-2012-2372", "CVE-2019-10126", "CVE-2014-9892", "CVE-2017-5897", "CVE-2019-16234", "CVE-2019-17133", "CVE-2019-19061"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192531", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2531\");\n script_version(\"2020-01-23T13:03:47+0000\");\n script_cve_id(\"CVE-2012-2372\", \"CVE-2014-4157\", \"CVE-2014-4508\", \"CVE-2014-7843\", \"CVE-2014-8133\", \"CVE-2014-9870\", \"CVE-2014-9888\", \"CVE-2014-9892\", \"CVE-2015-3332\", \"CVE-2015-4001\", \"CVE-2015-4002\", \"CVE-2015-4003\", \"CVE-2015-4004\", \"CVE-2015-7833\", \"CVE-2015-8955\", \"CVE-2015-8967\", \"CVE-2015-9289\", \"CVE-2016-2186\", \"CVE-2016-3857\", \"CVE-2016-4486\", \"CVE-2016-6130\", \"CVE-2017-13216\", \"CVE-2017-15537\", \"CVE-2017-16647\", \"CVE-2017-18551\", \"CVE-2017-5897\", \"CVE-2017-7482\", \"CVE-2017-8831\", \"CVE-2018-14625\", \"CVE-2018-20510\", \"CVE-2018-7755\", \"CVE-2018-7995\", \"CVE-2018-9363\", \"CVE-2019-0136\", \"CVE-2019-10126\", \"CVE-2019-16231\", \"CVE-2019-16232\", \"CVE-2019-16234\", \"CVE-2019-16746\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-18806\", \"CVE-2019-18808\", \"CVE-2019-19054\", \"CVE-2019-19060\", \"CVE-2019-19061\", \"CVE-2019-19062\", \"CVE-2019-19066\", \"CVE-2019-3846\", \"CVE-2019-9506\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:03:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date