{"id": "THN:8F71BE5486B51B05E03418164EF9F5F6", "type": "thn", "bulletinFamily": "info", "title": "Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit", "description": "[](<https://1.bp.blogspot.com/-Hin0Tq8WAMU/W63npBKfv7I/AAAAAAAAyP4/W-Z80tN_Qnk8H0ixKpzR3GU6ZeTX0vuEgCLcBGAs/s728-e100/google-linux-kernel-vulnerability-exploit.jpg>)\n\nA cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8. \n \nDiscovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that leads to use-after-free vulnerability, which if exploited, could allow an attacker to gain root privileges on the targeted system. \n \nThe use-after-free (UAF) vulnerabilities are a class of memory corruption bug that can be exploited by unprivileged users to corrupt or alter data in memory, enabling them to cause a denial of service (system crash) or escalate privileges to gain administrative access on a system. \n \n\n\n## Linux Kernel Exploit Takes an Hour to Gain Root Access\n\n \nHowever, Horn says his [PoC Linux kernel exploit](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1664>) made available to the public \"takes about an hour to run before popping a root shell.\" \n \nHorn responsibly reported the vulnerability to Linux kernel maintainers on September 12, and the Linux team fixed the issue in his upstream kernel tree within just two days, which Horn said was \"exceptionally fast, compared to the fix times of other software vendors.\" \n\n\n \nThe Linux kernel vulnerability was disclosed on the oss-security mailing list on September 18 and was patched in the upstream-supported stable kernel versions 4.18.9, 4.14.71, 4.9.128, and 4.4.157 on the next day. \n \nThere's also a fix in release 3.16.58. \n \n\n\n## Debian and Ubuntu Linux Left its Users Vulnerable for Over a Week\n\n \n\"However, a fix being in the upstream kernel does not automatically mean that users' systems are actually patched,\" Horn noted. \n \nThe researcher was disappointed knowing that some major Linux distributions, including [Debian](<https://security-tracker.debian.org/tracker/CVE-2018-17182>) and [Ubuntu](<https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17182.html>), left their users exposed to potential attacks by not releasing kernel updates more than a week after the vulnerability was made public. \n \nAs of Wednesday, both Debian stable and Ubuntu releases 16.04 and 18.04 had not patched the vulnerability. \n\n\n \nHowever, the Fedora project already rolled out a [security patch](<https://bugzilla.redhat.com/show_bug.cgi?id=1631206#c8>) to its users on 22 September. \n\n\n> \"Debian stable ships a kernel based on 4.9, but as of 2018-09-26, this kernel was last updated 2018-08-21. Similarly, Ubuntu 16.04 ships a kernel that was last updated 2018-08-27,\" Horn noted.\n\n> \"Android only ships security updates once a month. Therefore, when a security-critical fix is available in an upstream stable kernel, it can still take weeks before the fix is actually available to users\u2014especially if the security impact is not announced publicly.\"\n\nIn response to the Horn's [blog post](<https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html>), the maintainers of Ubuntu says the company would possibly release the patches for the Linux kernel flaw around October 1, 2018. \n \nHorn said that once the patch is deployed in the upstream kernel, the vulnerability and patch becomes public, which, in this case, could allow malicious actors to develop a Linux kernel exploit to target users. \n \n \n\n\nHave something to say about this article? Comment below or share it with us on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter](<https://twitter.com/thehackersnews>) or our [LinkedIn Group](<https://www.linkedin.com/company/the-hacker-news/>).\n", "published": "2018-09-28T08:35:00", "modified": "2018-09-28T08:35:02", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://thehackernews.com/2018/09/linux-kernel-exploit.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2018-17182"], "lastseen": "2018-09-28T10:11:29", "viewCount": 710, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2018-09-28T10:11:29", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-17182"]}, {"type": "f5", "idList": ["F5:K54436295"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843664", "OPENVAS:1361412562310843647", "OPENVAS:1361412562310875093", "OPENVAS:1361412562310843645", "OPENVAS:1361412562310843646", "OPENVAS:1361412562310704308", "OPENVAS:1361412562310852091", "OPENVAS:1361412562310843644", "OPENVAS:1361412562310875116", "OPENVAS:1361412562310851937"]}, {"type": "nessus", "idList": ["FEDORA_2018-E820FCCD83.NASL", "ORACLELINUX_ELSA-2018-4244.NASL", "ORACLEVM_OVMSA-2018-0266.NASL", "SLACKWARE_SSA_2018-264-01.NASL", "FEDORA_2018-272CF2F9F4.NASL", "SUSE_SU-2018-3173-1.NASL", "RANCHEROS_1_4_2.NASL", "SUSE_SU-2018-3100-1.NASL", "FEDORA_2018-D77CC41F35.NASL", "SUSE_SU-2018-3032-1.NASL"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:D7DEB3818D827701DD24C3DC04B54055"]}, {"type": "slackware", "idList": ["SSA-2018-264-01"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-4270", "ELSA-2018-4244"]}, {"type": "zdt", "idList": ["1337DAY-ID-31191"]}, {"type": "fedora", "idList": ["FEDORA:D6CAE607A456", "FEDORA:B6BBA605DCFF", "FEDORA:EBB026048D2E", "FEDORA:1EFAB60ACFB0", "FEDORA:6A2896044A17", "FEDORA:50E6E6087656", "FEDORA:D76326057155", "FEDORA:6B880605DF4A", "FEDORA:42DA3601FD86", "FEDORA:122AE604D3F9"]}, {"type": "exploitdb", "idList": ["EDB-ID:45497"]}, {"type": "threatpost", "idList": ["THREATPOST:121514CE8FD232B76B0CEC2C76565B3D"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:E0BBF71ADDC85C29DACA1D4E2072567E"]}, {"type": "redhat", "idList": ["RHSA-2018:3656"]}, {"type": "amazon", "idList": ["ALAS2-2018-1086", "ALAS-2018-1086"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:90693B873E1E97B4D1CACB5D7BD374ED", "CFOUNDRY:2AA1F360A02E665F9D2B19AB7EF0CAA9"]}, {"type": "ubuntu", "idList": ["USN-3776-2", "USN-3776-1", "USN-3777-2", "USN-3777-3", "USN-3777-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:3071-1", "OPENSUSE-SU-2018:3202-1"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4308-1:D561A", "DEBIAN:DLA-1531-1:834CC"]}], "modified": "2018-09-28T10:11:29", "rev": 2}, "vulnersScore": 6.3}}

{"cve": [{"lastseen": "2021-02-02T06:52:32", "description": "An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-09-19T09:29:00", "title": "CVE-2018-17182", "type": "cve", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-17182"], "modified": "2019-03-05T17:58:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/a:netapp:active_iq_performance_analytics_services:-", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:linux:linux_kernel:4.18.8", "cpe:/a:netapp:element_software:-", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2018-17182", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-17182", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.18.8:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_performance_analytics_services:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:40:17", "bulletinFamily": "software", "cvelist": ["CVE-2018-17182"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "edition": 1, "modified": "2018-10-15T21:03:00", "published": "2018-10-15T21:03:00", "id": "F5:K54436295", "href": "https://support.f5.com/csp/article/K54436295", "title": "Linux kernel vulnerability CVE-2018-17182", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "zdt": [{"lastseen": "2018-09-27T00:11:56", "description": "Exploit for linux platform in category local exploits", "edition": 1, "published": "2018-09-26T00:00:00", "title": "Linux - #VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17182"], "modified": "2018-09-26T00:00:00", "id": "1337DAY-ID-31191", "href": "https://0day.today/exploit/description/31191", "sourceData": "Linux - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Exploit\r\n\r\nSince commit 615d6e8756c8 (\"mm: per-thread vma caching\", first in 3.15),\r\nLinux has per-task VMA caches that contain up to four VMA pointers for\r\nfast lookup. VMA caches are invalidated by bumping the 32-bit per-mm\r\nsequence number mm->vmacache_seqnum; when the sequence number wraps,\r\nvmacache_flush_all() scans through all running tasks and wipes the\r\nVMA caches of all tasks that share current's mm.\r\n \r\nIn commit 6b4ebc3a9078 (\"mm,vmacache: optimize overflow system-wide\r\nflushing\", first in 3.16), a bogus fastpath was added that skips the\r\ninvalidation on overflow if current->mm->mm_users==1. This means that\r\nthe following sequence of events triggers a use-after-free:\r\n \r\n[A starts as a singlethreaded process]\r\nA: create mappings X and Y (in separate memory areas\r\n far away from other allocations)\r\nA: perform repeated invalidations until\r\n current->mm->vmacache_seqnum==0xffffffff and\r\n current->vmacache.seqnum==0xfffffffe\r\nA: dereference an address in mapping Y that is not\r\n paged in (thereby populating A's VMA cache with\r\n Y at seqnum 0xffffffff)\r\nA: unmap mapping X (thereby bumping\r\n current->mm->vmacache_seqnum to 0)\r\nA: without any more find_vma() calls (which could\r\n happen e.g. via pagefaults), create a thread B\r\nB: perform repeated invalidations until\r\n current->mm->vmacache_seqnum==0xfffffffe\r\nB: unmap mapping Y (thereby bumping\r\n current->mm->vmacache_seqnum to 0xffffffff)\r\nA: dereference an address in the freed mapping Y\r\n (or any address that isn't present in the\r\n pagetables and doesn't correspond to a valid\r\n VMA cache entry)\r\n \r\nA's VMA cache is still at sequence number 0xffffffff from before the\r\noverflow. The sequence number has wrapped around in the meantime, back\r\nto 0xffffffff, and A's outdated VMA cache is considered to be valid.\r\n \r\n \r\nI am attaching the following reproduction files:\r\n \r\nvmacache-debugging.patch: Kernel patch that adds some extra logging for\r\n VMA cache internals.\r\nvma_test.c: Reproducer code\r\ndmesg: dmesg output of running the reproducer in a VM\r\n \r\nIn a Debian 9 VM, I've tested the reproducer against a 4.19.0-rc3+\r\nkernel with vmacache-debugging.patch applied, configured with\r\nCONFIG_DEBUG_VM_VMACACHE=y.\r\n \r\nUsage:\r\n \r\n[email\u00a0protected]:~/vma_bug$ gcc -O2 -o vma_test vma_test.c -g && ./vma_test\r\nSegmentation fault\r\n \r\n \r\nWithin around 40 minutes, I get the following warning in dmesg:\r\n \r\n=============================================\r\n[ 2376.292518] WARNING: CPU: 0 PID: 1103 at mm/vmacache.c:157 vmacache_find+0xbb/0xd0\r\n[ 2376.296813] Modules linked in: btrfs xor zstd_compress raid6_pq\r\n[ 2376.300095] CPU: 0 PID: 1103 Comm: vma_test Not tainted 4.19.0-rc3+ #161\r\n[ 2376.303650] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014\r\n[ 2376.305796] RIP: 0010:vmacache_find+0xbb/0xd0\r\n[ 2376.306963] Code: 48 85 c0 74 11 48 39 78 40 75 1f 48 39 30 77 06 48 39 70 08 77 19 83 c2 01 83 fa 04 41 0f 44 d1 83 e9 01 75 c7 31 c0 c3 f3 c3 <0f> 0b 31 c0 c3 65 48 ff 05 98 97 9b 6a c3 90 90 90 90 90 90 90 0f\r\n[ 2376.311881] RSP: 0000:ffffa934c1e3bec0 EFLAGS: 00010283\r\n[ 2376.313258] RAX: ffff8ac7eaf997d0 RBX: 0000133700204000 RCX: 0000000000000004\r\n[ 2376.315165] RDX: 0000000000000001 RSI: 0000133700204000 RDI: ffff8ac7f3820dc0\r\n[ 2376.316998] RBP: ffff8ac7f3820dc0 R08: 0000000000000001 R09: 0000000000000000\r\n[ 2376.318789] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa934c1e3bf58\r\n[ 2376.320590] R13: ffff8ac7f3820dc0 R14: 0000000000000055 R15: ffff8ac7e9355140\r\n[ 2376.322481] FS: 00007f96165ca700(0000) GS:ffff8ac7f3c00000(0000) knlGS:0000000000000000\r\n[ 2376.324620] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 2376.326101] CR2: 0000133700204000 CR3: 0000000229d28001 CR4: 00000000003606f0\r\n[ 2376.327906] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\r\n[ 2376.329819] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\r\n[ 2376.331571] Call Trace:\r\n[ 2376.332208] find_vma+0x16/0x70\r\n[ 2376.332991] ? vfs_read+0x10f/0x130\r\n[ 2376.333852] __do_page_fault+0x191/0x470\r\n[ 2376.334816] ? async_page_fault+0x8/0x30\r\n[ 2376.335776] async_page_fault+0x1e/0x30\r\n[ 2376.336746] RIP: 0033:0x555e2a2b4c37\r\n[ 2376.337600] Code: 05 80 e8 9c fc ff ff 83 f8 ff 0f 84 ad 00 00 00 8b 3d 81 14 20 00 e8 48 02 00 00 48 b8 00 40 20 00 37 13 00 00 bf 37 13 37 13 <c6> 00 01 31 c0 e8 cf fc ff ff 48 83 ec 80 31 c0 5b 5d 41 5c c3 48\r\n[ 2376.342085] RSP: 002b:00007ffd505e8d30 EFLAGS: 00010206\r\n[ 2376.343334] RAX: 0000133700204000 RBX: 0000000100000000 RCX: 00007f9616102700\r\n[ 2376.345133] RDX: 0000000000000008 RSI: 00007ffd505e8d18 RDI: 0000000013371337\r\n[ 2376.346834] RBP: 00007f96165e4000 R08: 0000000000000000 R09: 0000000000000000\r\n[ 2376.348889] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000100000000\r\n[ 2376.350570] R13: 00007ffd505e8ea0 R14: 0000000000000000 R15: 0000000000000000\r\n[ 2376.352246] ---[ end trace 995fa641c5115cfb ]---\r\n[ 2376.353406] vma_test[1103]: segfault at 133700204000 ip 0000555e2a2b4c37 sp 00007ffd505e8d30 error 6 in vma_test[555e2a2b4000+2000]\r\n=============================================\r\n \r\nThe source code corresponding to the warning, which is triggered because\r\nthe VMA cache references a VMA struct that has been reallocated to\r\nanother process in the meantime:\r\n \r\n#ifdef CONFIG_DEBUG_VM_VMACACHE\r\n if (WARN_ON_ONCE(vma->vm_mm != mm))\r\n break;\r\n#endif\r\n \r\n \r\n################################################################################\r\n \r\n \r\nAttaching an ugly exploit for Ubuntu 18.04, kernel linux-image-4.15.0-34-generic at version 4.15.0-34.37. It takes about an hour to run before popping a root shell. Usage: First compile with ./compile.sh, then run ./puppeteer. Example run:\r\n \r\n[email\u00a0protected]:~/vmacache$ ./puppeteer \r\nDo Sep 20 23:55:11 CEST 2018\r\npuppeteer: old kmsg consumed\r\ngot map from child!\r\ngot WARNING\r\ngot RSP line: 0xffff9e0bc2263c60\r\ngot RAX line: 0xffff8c7caf1d61a0\r\ngot RDI line: 0xffff8c7c214c7380\r\nreached WARNING part 2\r\ngot R8 line: 0xffffffffa7243680\r\ntrace consumed\r\noffset: 0x110\r\nfake vma pushed\r\nsuid file detected, launching rootshell...\r\nwe have root privs now...\r\nFr Sep 21 00:48:00 CEST 2018\r\n[email\u00a0protected]:~/vmacache# \r\n \r\n \r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45497.zip\n\n# 0day.today [2018-09-26] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/31191"}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:39", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17182"], "description": "[4.1.12-124.20.1]\n- bnxt_en: xdp: don't make drivers report attachment mode (partial backport) (Somasundaram Krishnasamy) [Orabug: 27988326] \n- bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (Nikita V. Shirokov) [Orabug: 27988326] \n- bnxt_en: add meta pointer for direct access (partial backport) (Somasundaram Krishnasamy) [Orabug: 27988326] \n- bnxt_en: Fix bug in ethtool -L. (Michael Chan) [Orabug: 27988326] \n- bpf: bnxt: Report bpf_prog ID during XDP_QUERY_PROG (Martin KaFai Lau) [Orabug: 27988326] \n- bnxt_en: Optimize doorbell write operations for newer chips (reapply). (Michael Chan) [Orabug: 27988326] \n- bnxt_en: Use short TX BDs for the XDP TX ring. (Michael Chan) [Orabug: 27988326] \n- bnxt_en: Add ethtool mac loopback self test (reapply). (Michael Chan) [Orabug: 27988326] \n- bnxt_en: Add support for XDP_TX action. (Michael Chan) [Orabug: 27988326] \n- bnxt_en: Add basic XDP support. (Michael Chan) [Orabug: 27988326] \n- x86/ia32: Restore r8 correctly in 32bit SYSCALL instruction entry. (Gayatri Vasudevan) [Orabug: 28529706] \n- net: enable RPS on vlan devices (Shannon Nelson) [Orabug: 28645929] \n- xen-blkback: hold write vbd-lock while swapping the vbd (Ankur Arora) [Orabug: 28651655] \n- xen-blkback: implement swapping of active vbd (Ankur Arora) [Orabug: 28651655] \n- xen-blkback: emit active physical device to xenstore (Ankur Arora) [Orabug: 28651655] \n- xen-blkback: refactor backend_changed() (Ankur Arora) [Orabug: 28651655] \n- xen-blkback: pull out blkif grant features from vbd (Ankur Arora) [Orabug: 28651655] \n- mm: get rid of vmacache_flush_all() entirely (Linus Torvalds) [Orabug: 28701016] {CVE-2018-17182}\n[4.1.12-124.19.9]\n- rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference (Venkat Venkatsubra) [Orabug: 28506569]\n[4.1.12-124.19.8]\n- IB/core: For multicast functions, verify that LIDs are multicast LIDs (Michael J. Ruhl) [Orabug: 28700490]", "edition": 3, "modified": "2018-10-10T00:00:00", "published": "2018-10-10T00:00:00", "id": "ELSA-2018-4244", "href": "http://linux.oracle.com/errata/ELSA-2018-4244.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:24", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14610", "CVE-2018-17182", "CVE-2018-14734", "CVE-2018-18021", "CVE-2018-14611", "CVE-2017-13168", "CVE-2018-15572"], "description": "[4.14.35-1818.4.5]\n- x86/intel/spectre_v2: Remove unnecessary retp_compiler() test (Boris Ostrovsky) [Orabug: 28814574] \n- x86/intel/spectre_v4: Deprecate spec_store_bypass_disable=userspace (Boris Ostrovsky) [Orabug: 28814574] \n- x86/speculation: x86_spec_ctrl_set needs to be called unconditionally (Boris Ostrovsky) [Orabug: 28814574] \n- x86/speculation: Drop unused DISABLE_IBRS_CLOBBER macro (Boris Ostrovsky) [Orabug: 28814574] \n- x86/intel/spectre_v4: Keep SPEC_CTRL_SSBD when IBRS is in use (Boris Ostrovsky) [Orabug: 28814574]\n[4.14.35-1818.4.4]\n- ocfs2: fix ocfs2 read block panic (Junxiao Bi) [Orabug: 28821391] \n- scsi: sg: mitigate read/write abuse (Jann Horn) [Orabug: 28824731] {CVE-2017-13168}\n- hugetlbfs: introduce truncation/fault mutex to avoid races (Mike Kravetz) [Orabug: 28776542] \n- rds: MPRDS messages delivered out of order (Ka-Cheong Poon) [Orabug: 28838051] \n- x86/bugs: rework x86_spec_ctrl_set to make its changes explicit (Daniel Jordan) [Orabug: 28270952] \n- x86/bugs: rename ssbd_ibrs_selected to ssbd_userspace_selected (Daniel Jordan) [Orabug: 28270952] \n- x86/bugs: x86_spec_ctrl_set may not disable IBRS on kernel idle (Daniel Jordan) [Orabug: 28270952] \n- x86/bugs: always use x86_spec_ctrl_base or _priv when setting spec ctrl MSR (Daniel Jordan) [Orabug: 28270952] \n- iommu: turn on iommu=pt by default (Tushar Dave) [Orabug: 28111039] \n- vhost/scsi: Use common handling code in request queue handler (Bijan Mottahedeh) [Orabug: 28775556] \n- vhost/scsi: Extract common handling code from control queue handler (Bijan Mottahedeh) [Orabug: 28775556] \n- vhost/scsi: Respond to control queue operations (Bijan Mottahedeh) [Orabug: 28775556]\n[4.14.35-1818.4.3]\n- Fix error code in nfs_lookup_verify_inode() (Lance Shelton) [Orabug: 28807515] \n- x86/speculation: Retpoline should always be available on Skylake (Alexandre Chartre) [Orabug: 28801830] \n- x86/bugs: ssbd_ibrs_selected called prematurely (Daniel Jordan) [Orabug: 28802799] \n- net/mlx4_core: print firmware version during driver loading (Qing Huang) [Orabug: 28809382] \n- hugetlbfs: dirty pages as they are added to pagecache (Mike Kravetz) [Orabug: 28813999]\n[4.14.35-1818.4.2]\n- infiniband: fix a possible use-after-free bug (Cong Wang) [Orabug: 28774511] {CVE-2018-14734}\n- nfs: fix a deadlock in nfs client initialization (Scott Mayhew) [Orabug: 28775910] \n- x86/speculation: Unconditionally fill RSB on context switch (Alejandro Jimenez) [Orabug: 28631576] {CVE-2018-15572}\n- bnxt_re: Implement the shutdown hook of the L2-RoCE driver interface (Somnath Kotur) [Orabug: 28539344] \n- rds: RDS (tcp) hangs on sendto() to unresponding address (Ka-Cheong Poon) [Orabug: 28762597] \n- uek-rpm: aarch64 some XGENE drivers must be be modules (Tom Saeger) [Orabug: 28769119] \n- arm64: KVM: Sanitize PSTATE.M when being set from userspace (Marc Zyngier) [Orabug: 28762424] {CVE-2018-18021}\n- arm64: KVM: Tighten guest core register access from userspace (Dave Martin) [Orabug: 28762424] {CVE-2018-18021}\n- iommu/amd: Clear memory encryption mask from physical address (Singh, Brijesh) [Orabug: 28770185]\n[4.14.35-1818.4.1]\n- mm: get rid of vmacache_flush_all() entirely (Linus Torvalds) [Orabug: 28700955] {CVE-2018-17182}\n- Btrfs: fix log replay failure after unlink and link combination (Filipe Manana) [Orabug: 27941939] \n- x86/speculation: Add sysfs entry to enable/disable retpoline (Alexandre Chartre) [Orabug: 28753851] \n- x86/speculation: Allow IBRS firmware to be enabled when IBRS is disabled (Alexandre Chartre) [Orabug: 28753851] \n- x86/speculation: Remove unnecessary retpoline alternatives (Alexandre Chartre) [Orabug: 28753851] \n- x86/speculation: Use static key to enable/disable retpoline (Alexandre Chartre) [Orabug: 28753851] \n- bnxt_en: Fix memory fault in bnxt_ethtool_init() (Vasundhara Volam) [Orabug: 28632641] \n- IB/core: Initialize relaxed_pd properly (Yuval Shaia) [Orabug: 28197305]\n[4.14.35-1818.4.0]\n- e1000e: Fix link check race condition (Benjamin Poirier) [Orabug: 28489384] \n- Revert 'e1000e: Separate signaling for link check/link up' (Benjamin Poirier) [Orabug: 28489384] \n- e1000e: Avoid missed interrupts following ICR read (Benjamin Poirier) [Orabug: 28489384] \n- e1000e: Fix queue interrupt re-raising in Other interrupt (Benjamin Poirier) [Orabug: 28489384] \n- Partial revert 'e1000e: Avoid receiver overrun interrupt bursts' (Benjamin Poirier) [Orabug: 28489384] \n- e1000e: Remove Other from EIAC (Benjamin Poirier) [Orabug: 28489384] \n- btrfs: validate type when reading a chunk (Gu Jinxiang) [Orabug: 28700851] {CVE-2018-14611}\n- btrfs: Check that each block group has corresponding chunk at mount time (Qu Wenruo) [Orabug: 28700872] {CVE-2018-14610}\n- net: rds: Use address family to designate IPv4 or IPv6 addresses (Hakon Bugge) [Orabug: 28720069] \n- net: rds: Fix blank at eol in af_rds.c (Hakon Bugge) [Orabug: 28720069]", "edition": 3, "modified": "2018-11-08T00:00:00", "published": "2018-11-08T00:00:00", "id": "ELSA-2018-4270", "href": "http://linux.oracle.com/errata/ELSA-2018-4270.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17182"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2018-09-26T20:23:47", "published": "2018-09-26T20:23:47", "id": "FEDORA:B6BBA605DCFF", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: kernel-headers-4.18.9-300.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17182"], "description": "The kernel meta package ", "modified": "2018-09-26T20:23:47", "published": "2018-09-26T20:23:47", "id": "FEDORA:6B880605DF4A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: kernel-4.18.9-300.fc29", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17182"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2018-09-22T20:52:35", "published": "2018-09-22T20:52:35", "id": "FEDORA:6A2896044A17", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: kernel-headers-4.18.9-200.fc28", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17182"], "description": "Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package. ", "modified": "2018-09-26T20:18:44", "published": "2018-09-26T20:18:44", "id": "FEDORA:D76326057155", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 27 Update: kernel-headers-4.18.9-100.fc27", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10322", "CVE-2018-10323", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5391"], "description": "The kernel meta package ", "modified": "2018-10-09T03:10:43", "published": "2018-10-09T03:10:43", "id": "FEDORA:42DA3601FD86", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: kernel-4.18.12-200.fc28", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10322", "CVE-2018-10323", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5391"], "description": "The kernel meta package ", "modified": "2018-09-22T20:52:34", "published": "2018-09-22T20:52:34", "id": "FEDORA:EBB026048D2E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: kernel-4.18.9-200.fc28", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10322", "CVE-2018-10323", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5391"], "description": "The kernel meta package ", "modified": "2018-10-01T02:48:25", "published": "2018-10-01T02:48:25", "id": "FEDORA:D6CAE607A456", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: kernel-4.18.10-200.fc28", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10322", "CVE-2018-10323", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-18710", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5391"], "description": "The kernel meta package ", "modified": "2018-11-22T02:24:13", "published": "2018-11-22T02:24:13", "id": "FEDORA:1EFAB60ACFB0", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: kernel-4.19.2-200.fc28", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10322", "CVE-2018-10323", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-17182", "CVE-2018-17972", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5391"], "description": "The kernel meta package ", "modified": "2018-10-14T23:43:25", "published": "2018-10-14T23:43:25", "id": "FEDORA:50E6E6087656", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: kernel-4.18.13-200.fc28", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10322", "CVE-2018-10323", "CVE-2018-10840", "CVE-2018-10853", "CVE-2018-1108", "CVE-2018-1120", "CVE-2018-11506", "CVE-2018-12232", "CVE-2018-12633", "CVE-2018-12714", "CVE-2018-12896", "CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-13405", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15471", "CVE-2018-16862", "CVE-2018-17182", "CVE-2018-18710", "CVE-2018-19407", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-5391"], "description": "The kernel meta package ", "modified": "2018-12-01T02:07:37", "published": "2018-12-01T02:07:37", "id": "FEDORA:122AE604D3F9", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: kernel-4.19.5-200.fc28", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "slackware": [{"lastseen": "2020-10-25T16:36:05", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17182"], "description": "New kernel packages are available for Slackware 14.2 to fix a security issue.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/linux-4.4.157/*: Upgraded.\n This kernel removes the unnecessary vmacache_flush_all code which could have\n led to a use-after-free situation and potentially local privilege escalation.\n In addition, it fixes some regressions which may have led to diminished X\n performance.\n Be sure to upgrade your initrd after upgrading the kernel packages.\n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader.\n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17182\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-firmware-20180913_44d4fca-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-generic-4.4.157-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-generic-smp-4.4.157_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-headers-4.4.157_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-huge-4.4.157-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-huge-smp-4.4.157_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-modules-4.4.157-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-modules-smp-4.4.157_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.157/kernel-source-4.4.157_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-firmware-20180913_44d4fca-noarch-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-generic-4.4.157-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-headers-4.4.157-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-huge-4.4.157-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-modules-4.4.157-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.157/kernel-source-4.4.157-noarch-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 packages:\n4cbc3917d30e3ec997f23aadfbb20d2f kernel-firmware-20180913_44d4fca-noarch-1.txz\ndf3e3e6e806a744b5c2a85ca9a581666 kernel-generic-4.4.157-i586-1.txz\n4786d7445be8ff55f83be49ac7762703 kernel-generic-smp-4.4.157_smp-i686-1.txz\nc1a300d12e24e2321e0b9b30cddbdf5f kernel-headers-4.4.157_smp-x86-1.txz\nb19ce77fa8dd71de87f79237619610bf kernel-huge-4.4.157-i586-1.txz\n0e3bfc4ca162f7e804f9503355d85bec kernel-huge-smp-4.4.157_smp-i686-1.txz\n8bf4a2236dae7c3c4bdbac5df2e4818e kernel-modules-4.4.157-i586-1.txz\nedaaa0d85fba3e7181f94ab8c3f21dfb kernel-modules-smp-4.4.157_smp-i686-1.txz\n0f67c5ebc78917d5e94bf07bcdefb8b6 kernel-source-4.4.157_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\n4cbc3917d30e3ec997f23aadfbb20d2f kernel-firmware-20180913_44d4fca-noarch-1.txz\n4e50bbe9a3b7232aeb0679eda5325f87 kernel-generic-4.4.157-x86_64-1.txz\nef8d303cfa4855d39a28f94181752936 kernel-headers-4.4.157-x86-1.txz\n9f531d40bd2151bc0276f8cb5342c38c kernel-huge-4.4.157-x86_64-1.txz\n9911b7530358ba7877eacc8bf1c7d215 kernel-modules-4.4.157-x86_64-1.txz\n91cfbd23a457cdf43ddcfd6b4ae567a5 kernel-source-4.4.157-noarch-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg kernel-*.txz\n\nIf you are using an initrd, you'll need to rebuild it.\n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.157-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.157 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren't sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.157-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.157 as the version.\n\nIf you are using lilo or elilo to boot the machine, you'll need to ensure\nthat the machine is properly prepared before rebooting.\n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou'll need to run \"lilo\" as root to reinstall the boot loader.\n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition.", "modified": "2018-09-21T19:47:55", "published": "2018-09-21T19:47:55", "id": "SSA-2018-264-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.693090", "type": "slackware", "title": "[slackware-security] Slackware 14.2 kernel", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2019-07-03T05:58:45", "bulletinFamily": "info", "cvelist": ["CVE-2018-17182"], "description": "A high-severity cache invalidation bug in the Linux kernel has been uncovered, which could allow an attacker to gain root privileges on the targeted system.\n\nThis is the second kernel flaw in Linux to debut in the last week; a local-privilege escalation issue was [also recently discovered](<https://threatpost.com/local-privilege-escalation-flaw-in-linux-kernel-allows-root-access/137748/>).\n\nThe flaw ([CVE-2018-17182](<https://access.redhat.com/security/cve/cve-2018-17182>)), which exists in Linux memory management in kernel versions 3.16 through 4.18.8, can be exploited in many different ways, \u201ceven from relatively strongly sandboxed contexts,\u201d according to Jann Horn, a researcher with Google Project Zero.\n\nThe Linux team [fixed the problem](<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/vmacache.c?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2>) in the upstream kernel tree within two days of Horn responsibly reporting it on Sept. 18, which Horn said was \u201cexceptionally fast, compared to the fix times of other software vendors.\u201d\n\nThe bad news is that [Debian stable](<https://security-tracker.debian.org/tracker/CVE-2018-17182>) and [Ubuntu](<https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17182.html>) releases 16.04 and 18.04 have not yet patched the vulnerability \u2013 and Android users remain at risk.\n\n\u201cAndroid only ships security updates once a month,\u201d Horn said, in a [blog post](<https://thehackernews.com/2018/09/linux-kernel-exploit.html>) on the flaw this week. \u201cTherefore, when a security-critical fix is available in an upstream stable kernel, it can still take weeks before the fix is actually available to users\u2014especially if the security impact is not announced publicly.\u201d\n\n**The Flaw**\n\nHorn explained that the bug stems from an overflow problem.\n\nWhen the Linux kernel looks up the virtual memory area (VMA) to handle a page fault, there\u2019s a slow path that involves crawling through all of the VMAs in the code in order to find the right resolution to the problem. Because this is inefficient and comes with a performance hit, coders built in a fast-track alternative that can be used if the VMA was recently used.\n\nThis caching approach however came with its own issues.\n\n\u201cWhen a VMA is freed, the VMA caches of all threads must be invalidated \u2013 otherwise, the next VMA lookup would follow a dangling pointer. However, since a process can have many threads, simply iterating through the VMA caches of all threads would be a performance problem,\u201d Horn explained.\n\nThe fix for this involves tagging threads with sequence numbers to distinguish the various fast-track paths from each other. But the sequence numbers are only 32 bits wide, meaning that it\u2019s possible for them to overflow. As an optimization in version 3.16, overflow handling logic was added to the mix, which introduced a flaw leading to a use-after-free (UAF) vulnerability, a.k.a. CVE-2018-17182.\n\nUAF specifically refers to the attempt to access memory after it has been freed; incorrect UAF coding (say, allowing a program to continue to use a pointer after it has been freed) can cause a program to crash. UAF vulnerabilities meanwhile are a class of memory corruption bug stemming from confusion over which part of the program is responsible for freeing the memory. In the case of this vulnerability, this opens the door to exploits that allow root access and the execution of arbitrary code.\n\nUsers can make CVE-2018-17182 a non-issue by updating to an upstream stable release, either 4.18.9, 4.14.71, 4.9.128, 4.4.157 or 3.16.58.\n\n\u201cThe bug [was fixed](<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/vmacache.c?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2>) by changing the [VMA] sequence numbers to 64 bits, thereby making an overflow infeasible and removing the overflow handling logic,\u201d Horn said.\n\n**Exploitation**\n\nFor unpatched systems, there are a myriad of ways to use the vulnerability to attack a target, Horn pointed out. However, the configuration of the kernel can have a big impact \u2013 and in this case, successful exploitation becomes a more trivial thing to do in environments that use Linux kernels that haven\u2019t been configured for increased security, according to Horn.\n\nFor instance, an attacker attempting to exploit a kernel bug might benefit from the ability to retry an attack multiple times without triggering system reboots.\n\n\u201cAn attacker with the ability to read the crash log produced by the first attempt might even be able to use that information for a more sophisticated second attempt,\u201d the researcher said.\n\nHorn built a [proof of concept](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1664>) (PoC) for specifically attacking Ubuntu 18.04 (with kernel linux-image-4.15.0-34-generic at version 4.15.0-34.37) demonstrating this \u2013 it allows someone with sufficiently lengthy access \u2013 about an hour \u2013 to gain root privileges on the targeted system.\n\n\u201cFundamentally, this bug can be triggered by any process that can run for a sufficiently long time to overflow the reference counter (about an hour if MAP_FIXED is usable) and has the ability to use mmap()/munmap() (to manage memory mappings) and clone() (to create a thread),\u201d he explained.\n\nIt seems like a no-brainer to increase security, but the researcher noted that it boils down to making tradeoffs between availability, reliability and security.\n\n\u201cA system owner might want a system to keep running as long as possible, even if parts of the system are crashing, if a sudden kernel panic would cause data loss or downtime of an important service,\u201d he explained.\n", "modified": "2018-09-28T18:11:18", "published": "2018-09-28T18:11:18", "id": "THREATPOST:121514CE8FD232B76B0CEC2C76565B3D", "href": "https://threatpost.com/another-linux-kernel-bug-surfaces-allowing-root-access/137800/", "type": "threatpost", "title": "Another Linux Kernel Bug Surfaces, Allowing Root Access", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2018-10-07T14:36:02", "description": "Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation. CVE-2018-17182. Local exploit for Linux platform. Tags:...", "published": "2018-09-26T00:00:00", "type": "exploitdb", "title": "Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-17182"], "modified": "2018-09-26T00:00:00", "id": "EDB-ID:45497", "href": "https://www.exploit-db.com/exploits/45497/", "sourceData": "Since commit 615d6e8756c8 (\"mm: per-thread vma caching\", first in 3.15),\r\nLinux has per-task VMA caches that contain up to four VMA pointers for\r\nfast lookup. VMA caches are invalidated by bumping the 32-bit per-mm\r\nsequence number mm->vmacache_seqnum; when the sequence number wraps,\r\nvmacache_flush_all() scans through all running tasks and wipes the\r\nVMA caches of all tasks that share current's mm.\r\n\r\nIn commit 6b4ebc3a9078 (\"mm,vmacache: optimize overflow system-wide\r\nflushing\", first in 3.16), a bogus fastpath was added that skips the\r\ninvalidation on overflow if current->mm->mm_users==1. This means that\r\nthe following sequence of events triggers a use-after-free:\r\n\r\n[A starts as a singlethreaded process]\r\nA: create mappings X and Y (in separate memory areas\r\n far away from other allocations)\r\nA: perform repeated invalidations until\r\n current->mm->vmacache_seqnum==0xffffffff and\r\n current->vmacache.seqnum==0xfffffffe\r\nA: dereference an address in mapping Y that is not\r\n paged in (thereby populating A's VMA cache with\r\n Y at seqnum 0xffffffff)\r\nA: unmap mapping X (thereby bumping\r\n current->mm->vmacache_seqnum to 0)\r\nA: without any more find_vma() calls (which could\r\n happen e.g. via pagefaults), create a thread B\r\nB: perform repeated invalidations until\r\n current->mm->vmacache_seqnum==0xfffffffe\r\nB: unmap mapping Y (thereby bumping\r\n current->mm->vmacache_seqnum to 0xffffffff)\r\nA: dereference an address in the freed mapping Y\r\n (or any address that isn't present in the\r\n pagetables and doesn't correspond to a valid\r\n VMA cache entry)\r\n\r\nA's VMA cache is still at sequence number 0xffffffff from before the\r\noverflow. The sequence number has wrapped around in the meantime, back\r\nto 0xffffffff, and A's outdated VMA cache is considered to be valid.\r\n\r\n\r\nI am attaching the following reproduction files:\r\n\r\nvmacache-debugging.patch: Kernel patch that adds some extra logging for\r\n VMA cache internals.\r\nvma_test.c: Reproducer code\r\ndmesg: dmesg output of running the reproducer in a VM\r\n\r\nIn a Debian 9 VM, I've tested the reproducer against a 4.19.0-rc3+\r\nkernel with vmacache-debugging.patch applied, configured with\r\nCONFIG_DEBUG_VM_VMACACHE=y.\r\n\r\nUsage:\r\n\r\nuser@debian:~/vma_bug$ gcc -O2 -o vma_test vma_test.c -g && ./vma_test\r\nSegmentation fault\r\n\r\n\r\nWithin around 40 minutes, I get the following warning in dmesg:\r\n\r\n=============================================\r\n[ 2376.292518] WARNING: CPU: 0 PID: 1103 at mm/vmacache.c:157 vmacache_find+0xbb/0xd0\r\n[ 2376.296813] Modules linked in: btrfs xor zstd_compress raid6_pq\r\n[ 2376.300095] CPU: 0 PID: 1103 Comm: vma_test Not tainted 4.19.0-rc3+ #161\r\n[ 2376.303650] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014\r\n[ 2376.305796] RIP: 0010:vmacache_find+0xbb/0xd0\r\n[ 2376.306963] Code: 48 85 c0 74 11 48 39 78 40 75 1f 48 39 30 77 06 48 39 70 08 77 19 83 c2 01 83 fa 04 41 0f 44 d1 83 e9 01 75 c7 31 c0 c3 f3 c3 <0f> 0b 31 c0 c3 65 48 ff 05 98 97 9b 6a c3 90 90 90 90 90 90 90 0f\r\n[ 2376.311881] RSP: 0000:ffffa934c1e3bec0 EFLAGS: 00010283\r\n[ 2376.313258] RAX: ffff8ac7eaf997d0 RBX: 0000133700204000 RCX: 0000000000000004\r\n[ 2376.315165] RDX: 0000000000000001 RSI: 0000133700204000 RDI: ffff8ac7f3820dc0\r\n[ 2376.316998] RBP: ffff8ac7f3820dc0 R08: 0000000000000001 R09: 0000000000000000\r\n[ 2376.318789] R10: 0000000000000000 R11: 0000000000000000 R12: ffffa934c1e3bf58\r\n[ 2376.320590] R13: ffff8ac7f3820dc0 R14: 0000000000000055 R15: ffff8ac7e9355140\r\n[ 2376.322481] FS: 00007f96165ca700(0000) GS:ffff8ac7f3c00000(0000) knlGS:0000000000000000\r\n[ 2376.324620] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\r\n[ 2376.326101] CR2: 0000133700204000 CR3: 0000000229d28001 CR4: 00000000003606f0\r\n[ 2376.327906] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\r\n[ 2376.329819] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\r\n[ 2376.331571] Call Trace:\r\n[ 2376.332208] find_vma+0x16/0x70\r\n[ 2376.332991] ? vfs_read+0x10f/0x130\r\n[ 2376.333852] __do_page_fault+0x191/0x470\r\n[ 2376.334816] ? async_page_fault+0x8/0x30\r\n[ 2376.335776] async_page_fault+0x1e/0x30\r\n[ 2376.336746] RIP: 0033:0x555e2a2b4c37\r\n[ 2376.337600] Code: 05 80 e8 9c fc ff ff 83 f8 ff 0f 84 ad 00 00 00 8b 3d 81 14 20 00 e8 48 02 00 00 48 b8 00 40 20 00 37 13 00 00 bf 37 13 37 13 <c6> 00 01 31 c0 e8 cf fc ff ff 48 83 ec 80 31 c0 5b 5d 41 5c c3 48\r\n[ 2376.342085] RSP: 002b:00007ffd505e8d30 EFLAGS: 00010206\r\n[ 2376.343334] RAX: 0000133700204000 RBX: 0000000100000000 RCX: 00007f9616102700\r\n[ 2376.345133] RDX: 0000000000000008 RSI: 00007ffd505e8d18 RDI: 0000000013371337\r\n[ 2376.346834] RBP: 00007f96165e4000 R08: 0000000000000000 R09: 0000000000000000\r\n[ 2376.348889] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000100000000\r\n[ 2376.350570] R13: 00007ffd505e8ea0 R14: 0000000000000000 R15: 0000000000000000\r\n[ 2376.352246] ---[ end trace 995fa641c5115cfb ]---\r\n[ 2376.353406] vma_test[1103]: segfault at 133700204000 ip 0000555e2a2b4c37 sp 00007ffd505e8d30 error 6 in vma_test[555e2a2b4000+2000]\r\n=============================================\r\n\r\nThe source code corresponding to the warning, which is triggered because\r\nthe VMA cache references a VMA struct that has been reallocated to\r\nanother process in the meantime:\r\n\r\n#ifdef CONFIG_DEBUG_VM_VMACACHE\r\n\t\t\tif (WARN_ON_ONCE(vma->vm_mm != mm))\r\n\t\t\t\tbreak;\r\n#endif\r\n\r\n\r\n################################################################################\r\n\r\n\r\nAttaching an ugly exploit for Ubuntu 18.04, kernel linux-image-4.15.0-34-generic at version 4.15.0-34.37. It takes about an hour to run before popping a root shell. Usage: First compile with ./compile.sh, then run ./puppeteer. Example run:\r\n\r\nuser@ubuntu-18-04-vm:~/vmacache$ ./puppeteer \r\nDo Sep 20 23:55:11 CEST 2018\r\npuppeteer: old kmsg consumed\r\ngot map from child!\r\ngot WARNING\r\ngot RSP line: 0xffff9e0bc2263c60\r\ngot RAX line: 0xffff8c7caf1d61a0\r\ngot RDI line: 0xffff8c7c214c7380\r\nreached WARNING part 2\r\ngot R8 line: 0xffffffffa7243680\r\ntrace consumed\r\noffset: 0x110\r\nfake vma pushed\r\nsuid file detected, launching rootshell...\r\nwe have root privs now...\r\nFr Sep 21 00:48:00 CEST 2018\r\nroot@ubuntu-18-04-vm:~/vmacache# \r\n\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/45497.zip", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/45497/"}], "openvas": [{"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-23T00:00:00", "id": "OPENVAS:1361412562310875093", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875093", "type": "openvas", "title": "Fedora Update for kernel-headers FEDORA-2018-e820fccd83", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_e820fccd83_kernel-headers_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel-headers FEDORA-2018-e820fccd83\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875093\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-23 08:00:07 +0200 (Sun, 23 Sep 2018)\");\n script_cve_id(\"CVE-2018-17182\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel-headers FEDORA-2018-e820fccd83\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-headers'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel-headers on Fedora 28\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-e820fccd83\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DPVHYLUSLEIHO6QWXWTWPCJ55GG5TTTM\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.18.9~200.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310875116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875116", "type": "openvas", "title": "Fedora Update for kernel-headers FEDORA-2018-d77cc41f35", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_d77cc41f35_kernel-headers_fc27.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for kernel-headers FEDORA-2018-d77cc41f35\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875116\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-09-28 13:36:18 +0200 (Fri, 28 Sep 2018)\");\n script_cve_id(\"CVE-2018-17182\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for kernel-headers FEDORA-2018-d77cc41f35\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel-headers'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n script_tag(name:\"affected\", value:\"kernel-headers on Fedora 27\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"FEDORA\", value:\"2018-d77cc41f35\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWXTYUSIN2E6WNY6RUN3Y3JWK7QZHIRT\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC27\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC27\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.18.9~100.fc27\", rls:\"FC27\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10853", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-14633", "CVE-2018-15572", "CVE-2018-6554"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-02T00:00:00", "id": "OPENVAS:1361412562310843647", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843647", "type": "openvas", "title": "Ubuntu Update for linux USN-3777-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3777_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3777-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843647\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:12:15 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-17182\", \"CVE-2018-15594\", \"CVE-2018-15572\", \"CVE-2018-10853\",\n \"CVE-2018-14633\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3777-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that the vmacache subsystem did not properly handle\nsequence number overflows, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux\nkernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A local\nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and\nprediction of return addresses via Return Stack Buffer (RSB) may allow\nunauthorized memory reads via sidechannel attacks. An attacker could use\nthis to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttil discovered that the KVM implementation\nin the Linux kernel did not properly check privilege levels when emulating\nsome instructions. An unprivileged attacker in a guest VM could use this to\nescalate privileges within the guest. (CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI\ntarget implementation of the Linux kernel. A remote attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the\nLinux kernel. A local attacker could use this to cause a denial of service\n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-6555)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 18.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3777-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3777-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1021-gcp\", ver:\"4.15.0-1021.22\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1021-oem\", ver:\"4.15.0-1021.24\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1023-aws\", ver:\"4.15.0-1023.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1023-kvm\", ver:\"4.15.0-1023.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1024-raspi2\", ver:\"4.15.0-1024.26\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-generic\", ver:\"4.15.0-36.39\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-generic-lpae\", ver:\"4.15.0-36.39\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-lowlatency\", ver:\"4.15.0-36.39\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-snapdragon\", ver:\"4.15.0-36.39\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1023.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1021.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.36.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.36.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1021.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1023.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.36.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.1021.23\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1024.22\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.15.0.36.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-10853", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-14633", "CVE-2018-15572", "CVE-2018-6554"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-02T00:00:00", "id": "OPENVAS:1361412562310843644", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843644", "type": "openvas", "title": "Ubuntu Update for linux-gcp USN-3777-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3777_2.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-gcp USN-3777-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843644\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:07:24 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-17182\", \"CVE-2018-15594\", \"CVE-2018-15572\", \"CVE-2018-10853\",\n \"CVE-2018-14633\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-gcp USN-3777-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-gcp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle\nsequence number overflows, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux\nkernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A local\nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and\nprediction of return addresses via Return Stack Buffer (RSB) may allow\nunauthorized memory reads via sidechannel attacks. An attacker could use\nthis to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttil discovered that the KVM implementation\nin the Linux kernel did not properly check privilege levels when emulating\nsome instructions. An unprivileged attacker in a guest VM could use this to\nescalate privileges within the guest. (CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI\ntarget implementation of the Linux kernel. A remote attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the\nLinux kernel. A local attacker could use this to cause a denial of service\n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-6555)\");\n script_tag(name:\"affected\", value:\"linux-gcp on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3777-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3777-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1021-gcp\", ver:\"4.15.0-1021.22~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-generic\", ver:\"4.15.0-36.39~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-generic-lpae\", ver:\"4.15.0-36.39~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-36-lowlatency\", ver:\"4.15.0-36.39~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1021.35\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.36.59\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.36.59\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1021.35\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.36.59\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.36.59\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2017-5715", "CVE-2018-14633", "CVE-2018-3639", "CVE-2018-15572", "CVE-2018-6554"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-23T00:00:00", "id": "OPENVAS:1361412562310843664", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843664", "type": "openvas", "title": "Ubuntu Update for linux-azure USN-3777-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3777_3.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-azure USN-3777-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843664\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-23 11:50:44 +0200 (Tue, 23 Oct 2018)\");\n script_cve_id(\"CVE-2018-17182\", \"CVE-2018-15594\", \"CVE-2018-15572\", \"CVE-2017-5715\", \"CVE-2018-14633\", \"CVE-2018-3639\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-azure USN-3777-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-azure'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\n%LTS. This update provides the corresponding updates for the\nLinux kernel for Azure Cloud systems.\n\nJann Horn discovered that the vmacache subsystem did not properly handle\nsequence number overflows, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux\nkernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A local\nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and\nprediction of return addresses via Return Stack Buffer (RSB) may allow\nunauthorized memory reads via sidechannel attacks. An attacker could use\nthis to expose sensitive information. (CVE-2018-15572)\n\nJann Horn discovered that microprocessors utilizing speculative execution\nand branch prediction may allow unauthorized memory reads via sidechannel\nattacks. This flaw is known as Spectre. A local attacker could use this to\nexpose sensitive information, including kernel memory. (CVE-2017-5715)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI\ntarget implementation of the Linux kernel. A remote attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14633)\n\nJann Horn and Ken Johnson discovered that microprocessors utilizing\nspeculative execution of a memory read may allow unauthorized memory reads\nvia a sidechannel attack. This flaw is known as Spectre Variant 4. A local\nattacker could use this to expose sensitive information, including kernel\nmemory. (CVE-2018-3639)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the\nLinux kernel. A local attacker could use this to cause a denial of service\n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-6555)\");\n script_tag(name:\"affected\", value:\"linux-azure on Ubuntu 18.04 LTS,\n Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3777-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3777-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(18\\.04 LTS|16\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1025-azure\", ver:\"4.15.0-1025.26\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1025.25\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1025-azure\", ver:\"4.15.0-1025.26~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1025.31\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-14633", "CVE-2017-18216", "CVE-2018-10902", "CVE-2018-15572", "CVE-2018-6554"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-02T00:00:00", "id": "OPENVAS:1361412562310843645", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843645", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3776-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3776_2.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-aws USN-3776-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843645\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:08:40 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-17182\", \"CVE-2018-15594\", \"CVE-2018-15572\", \"CVE-2017-18216\",\n \"CVE-2018-10902\", \"CVE-2018-14633\", \"CVE-2018-16276\", \"CVE-2018-6554\",\n \"CVE-2018-6555\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-aws USN-3776-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle\nsequence number overflows, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux\nkernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A local\nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and\nprediction of return addresses via Return Stack Buffer (RSB) may allow\nunauthorized memory reads via sidechannel attacks. An attacker could use\nthis to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the\nOCFS2 file system implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI\ntarget implementation of the Linux kernel. A remote attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the\nLinux kernel. A local attacker could use this to cause a denial of service\n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-6555)\");\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3776-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3776-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1031-aws\", ver:\"4.4.0-1031.34\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-generic\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-generic-lpae\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-lowlatency\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc-e500mc\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc-smp\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc64-emb\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc64-smp\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1031.31\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-14633", "CVE-2017-18216", "CVE-2018-10902", "CVE-2018-15572", "CVE-2018-6554"], "description": "The remote host is missing an update for the ", "modified": "2019-03-18T00:00:00", "published": "2018-10-02T00:00:00", "id": "OPENVAS:1361412562310843646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843646", "type": "openvas", "title": "Ubuntu Update for linux USN-3776-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3776_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3776-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843646\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:10:28 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-17182\", \"CVE-2018-15594\", \"CVE-2018-15572\", \"CVE-2017-18216\",\n \"CVE-2018-10902\", \"CVE-2018-14633\", \"CVE-2018-16276\", \"CVE-2018-6554\",\n \"CVE-2018-6555\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3776-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that the vmacache\nsubsystem did not properly handle sequence number overflows, leading to a\nuse-after-free vulnerability. A local attacker could use this to cause a\ndenial of service (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux\nkernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A local\nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and\nprediction of return addresses via Return Stack Buffer (RSB) may allow\nunauthorized memory reads via sidechannel attacks. An attacker could use\nthis to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the\nOCFS2 file system implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI\ntarget implementation of the Linux kernel. A remote attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the\nLinux kernel. A local attacker could use this to cause a denial of service\n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-6555)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3776-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3776-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1035-kvm\", ver:\"4.4.0-1035.41\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1069-aws\", ver:\"4.4.0-1069.79\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1098-raspi2\", ver:\"4.4.0-1098.106\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1102-snapdragon\", ver:\"4.4.0-1102.107\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-generic\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-generic-lpae\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-lowlatency\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc-e500mc\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc-smp\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc64-emb\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc64-smp\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1069.71\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1035.34\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1098.98\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1102.94\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-01-31T17:34:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-13096", "CVE-2018-13098", "CVE-2018-13100", "CVE-2018-17182", "CVE-2018-13099", "CVE-2018-7757", "CVE-2018-16597", "CVE-2018-16276", "CVE-2018-14617", "CVE-2018-7480", "CVE-2018-13097", "CVE-2018-14633", "CVE-2018-14613"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2018-10-18T00:00:00", "id": "OPENVAS:1361412562310851937", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851937", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2018:3202-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851937\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-18 06:28:53 +0200 (Thu, 18 Oct 2018)\");\n script_cve_id(\"CVE-2018-13096\", \"CVE-2018-13097\", \"CVE-2018-13098\", \"CVE-2018-13099\", \"CVE-2018-13100\", \"CVE-2018-14613\", \"CVE-2018-14617\", \"CVE-2018-14633\", \"CVE-2018-16276\", \"CVE-2018-16597\", \"CVE-2018-17182\", \"CVE-2018-7480\", \"CVE-2018-7757\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2018:3202-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.3 kernel was updated to 4.4.159\n to receive various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-13096: A denial of service (out-of-bounds memory access and\n BUG) can occur upon encountering an abnormal bitmap size when mounting a\n crafted f2fs image (bnc#1100062).\n\n - CVE-2018-13097: There is an out-of-bounds read or a divide-by-zero error\n for an incorrect user_block_count in a corrupted f2fs image, leading to\n a denial of service (BUG) (bnc#1100061).\n\n - CVE-2018-13098: A denial of service (slab out-of-bounds read and BUG)\n can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is\n set in an inode (bnc#1100060).\n\n - CVE-2018-13099: A denial of service (out-of-bounds memory access and\n BUG) can occur for a modified f2fs filesystem image in which an inline\n inode contains an invalid reserved blkaddr (bnc#1100059).\n\n - CVE-2018-13100: An issue was discovered in fs/f2fs/super.c which did not\n properly validate secs_per_zone in a corrupted f2fs image, as\n demonstrated by a divide-by-zero error (bnc#1100056).\n\n - CVE-2018-14613: There is an invalid pointer dereference in\n io_ctl_map_page() when mounting and operating a crafted btrfs image,\n because of a lack of block group item validation in check_leaf_item in\n fs/btrfs/tree-checker.c (bnc#1102896).\n\n - CVE-2018-14617: There is a NULL pointer dereference and panic in\n hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is\n purportedly a hard link) in an hfs+ filesystem that has malformed\n catalog data, and is mounted read-only without a metadata directory\n (bnc#1102870).\n\n - CVE-2018-14633: A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target code in the Linux\n kernel in a way an authentication request from an ISCSI initiator is\n processed. An unauthenticated remote attacker can cause a stack buffer\n overflow and smash up to 17 bytes of the stack. The attack requires the\n iSCSI target to be enabled on the victim host. Depending on how the\n target's code was built (i.e. depending on a compiler, compile flags and\n hardware architecture) an attack may lead to a system crash and thus to\n a denial-of-service or possibly to a non-authorized access to data\n exported by an iSCSI target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we believe it is highly\n unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be\n vulnerable (bnc#1107829).\n\n - CVE-2018-16276: Local attackers could use user access read/writes with\n incorrect bounds checking in the ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"the on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3202-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.159~73.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.159~73.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.159~73.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-01-29T20:07:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14609", "CVE-2018-7755", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-13099", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-9363", "CVE-2018-16276", "CVE-2018-14617", "CVE-2018-16658", "CVE-2018-14678", "CVE-2018-14633", "CVE-2018-9516", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-15572", "CVE-2018-6554"], "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\n\nA memory leak in the irda_bind function in the irda subsystem was\ndiscovered. A local user can take advantage of this flaw to cause a\ndenial of service (memory consumption).\n\nCVE-2018-6555\n\nA flaw was discovered in the irda_setsockopt function in the irda\nsubsystem, allowing a local user to cause a denial of service\n(use-after-free and system crash).\n\nCVE-2018-7755\n\nBrian Belleville discovered a flaw in the fd_locked_ioctl function\nin the floppy driver in the Linux kernel. The floppy driver copies a\nkernel pointer to user memory in response to the FDGETPRM ioctl. A\nlocal user with access to a floppy drive device can take advantage\nof this flaw to discover the location kernel code and data.\n\nDescription truncated. Please see the references for more information.", "modified": "2020-01-29T00:00:00", "published": "2018-10-04T00:00:00", "id": "OPENVAS:1361412562310891531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891531", "type": "openvas", "title": "Debian LTS: Security Advisory for linux-4.9 (DLA-1531-1)", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891531\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-10938\", \"CVE-2018-13099\", \"CVE-2018-14609\", \"CVE-2018-14617\",\n \"CVE-2018-14633\", \"CVE-2018-14678\", \"CVE-2018-14734\", \"CVE-2018-15572\", \"CVE-2018-15594\",\n \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\",\n \"CVE-2018-7755\", \"CVE-2018-9363\", \"CVE-2018-9516\");\n script_name(\"Debian LTS: Security Advisory for linux-4.9 (DLA-1531-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-04 00:00:00 +0200 (Thu, 04 Oct 2018)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"linux-4.9 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.9.110-3+deb9u5~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\n\nA memory leak in the irda_bind function in the irda subsystem was\ndiscovered. A local user can take advantage of this flaw to cause a\ndenial of service (memory consumption).\n\nCVE-2018-6555\n\nA flaw was discovered in the irda_setsockopt function in the irda\nsubsystem, allowing a local user to cause a denial of service\n(use-after-free and system crash).\n\nCVE-2018-7755\n\nBrian Belleville discovered a flaw in the fd_locked_ioctl function\nin the floppy driver in the Linux kernel. The floppy driver copies a\nkernel pointer to user memory in response to the FDGETPRM ioctl. A\nlocal user with access to a floppy drive device can take advantage\nof this flaw to discover the location kernel code and data.\n\nDescription truncated. Please see the references for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-arm\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-686\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-armel\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-i386\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-armmp\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-common\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-common-rt\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-marvell\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-686\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-armel\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-armhf\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-i386\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-armmp\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-armmp-lpae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-common\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-common-rt\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-marvell\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-rt-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-rt-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-armmp\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-marvell\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686-pae-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-amd64-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-armmp\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-armmp-lpae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-marvell\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.7\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.8\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-07-04T18:55:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-14609", "CVE-2018-7755", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-13099", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-9363", "CVE-2018-16276", "CVE-2018-14617", "CVE-2018-16658", "CVE-2018-14678", "CVE-2018-14633", "CVE-2018-9516", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-15572", "CVE-2018-6554"], "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\nA memory leak in the irda_bind function in the irda subsystem was\ndiscovered. A local user can take advantage of this flaw to cause a\ndenial of service (memory consumption).\n\nCVE-2018-6555\nA flaw was discovered in the irda_setsockopt function in the irda\nsubsystem, allowing a local user to cause a denial of service\n(use-after-free and system crash).\n\nCVE-2018-7755\nBrian Belleville discovered a flaw in the fd_locked_ioctl function\nin the floppy driver in the Linux kernel. The floppy driver copies a\nkernel pointer to user memory in response to the FDGETPRM ioctl. A\nlocal user with access to a floppy drive device can take advantage\nof this flaw to discover the location kernel code and data.\n\nDescription truncated. Please see the references for more information.", "modified": "2019-07-04T00:00:00", "published": "2018-10-01T00:00:00", "id": "OPENVAS:1361412562310704308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704308", "type": "openvas", "title": "Debian Security Advisory DSA 4308-1 (linux - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4308-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704308\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-10938\", \"CVE-2018-13099\", \"CVE-2018-14609\", \"CVE-2018-14617\",\n \"CVE-2018-14633\", \"CVE-2018-14678\", \"CVE-2018-14734\", \"CVE-2018-15572\", \"CVE-2018-15594\",\n \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\",\n \"CVE-2018-7755\", \"CVE-2018-9363\", \"CVE-2018-9516\");\n script_name(\"Debian Security Advisory DSA 4308-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-01 00:00:00 +0200 (Mon, 01 Oct 2018)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4308.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 4.9.110-3+deb9u5.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/linux\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\nA memory leak in the irda_bind function in the irda subsystem was\ndiscovered. A local user can take advantage of this flaw to cause a\ndenial of service (memory consumption).\n\nCVE-2018-6555\nA flaw was discovered in the irda_setsockopt function in the irda\nsubsystem, allowing a local user to cause a denial of service\n(use-after-free and system crash).\n\nCVE-2018-7755\nBrian Belleville discovered a flaw in the fd_locked_ioctl function\nin the floppy driver in the Linux kernel. The floppy driver copies a\nkernel pointer to user memory in response to the FDGETPRM ioctl. A\nlocal user with access to a floppy drive device can take advantage\nof this flaw to discover the location kernel code and data.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"hyperv-daemons\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower-dev\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower1\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libusbip-dev\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-arm\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-s390\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-x86\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-cpupower\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common-rt\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common-rt\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-common\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-common-rt\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-common\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-common-rt\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-common\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-common-rt\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-4\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-5\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-7\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-8\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"usbip\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "nessus": [{"lastseen": "2021-02-01T06:49:01", "description": "The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive a\nsecurity fix.\n\nThe following security bug was fixed :\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\nmishandled sequence number overflows. An attacker can trigger a\nuse-after-free (and possibly gain privileges) via certain thread\ncreation, map, unmap, invalidation, and dereference operations\n(bnc#1108399).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 22, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-09T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3032-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_107-xen", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_107-default", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-devel"], "id": "SUSE_SU-2018-3032-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117990", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3032-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117990);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2018-17182\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3032-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive a\nsecurity fix.\n\nThe following security bug was fixed :\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\nmishandled sequence number overflows. An attacker can trigger a\nuse-after-free (and possibly gain privileges) via certain thread\ncreation, map, unmap, invalidation, and dereference operations\n(bnc#1108399).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17182/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183032-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c64555e7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-2163=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2018-2163=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_107-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_107-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_107-default-1-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_107-xen-1-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.74-60.64.107.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.74-60.64.107.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-19T20:37:56", "description": "The remote host is running a version of RancherOS prior to v1.4.2, hence is\nvulnerable to a Privilege Escalation Vulnerability.\n\nAn issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c\nmishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges)\nvia certain thread creation, map, unmap, invalidation, and dereference operations.", "edition": 12, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-19T00:00:00", "title": "RancherOS < 1.4.2 Local Privilege Escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "modified": "2019-12-19T00:00:00", "cpe": ["cpe:/o:rancher:rancheros"], "id": "RANCHEROS_1_4_2.NASL", "href": "https://www.tenable.com/plugins/nessus/132254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @NOAGENT@\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132254);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/19\");\n\n script_cve_id(\"CVE-2018-17182\");\n script_bugtraq_id(105417);\n\n script_name(english:\"RancherOS < 1.4.2 Local Privilege Escalation\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of RancherOS prior to v1.4.2, hence is\nvulnerable to a Privilege Escalation Vulnerability.\n\nAn issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c\nmishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges)\nvia certain thread creation, map, unmap, invalidation, and dereference operations.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://rancher.com/docs/os/v1.x/en/about/security/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/rancher/os/releases/tag/v1.4.2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to RancherOS v1.4.2 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-17182\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rancher:rancheros\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint_linux_distro.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RancherOS/version\", \"Host/RancherOS\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\n# Fix version is v1.4.2\nfix_version = '1.4.2';\nos = get_kb_item('Host/RancherOS');\n\nif (!os) audit(AUDIT_OS_NOT, 'RancherOS');\n\nos_ver = get_kb_item('Host/RancherOS/version');\nif (!os_ver)\n{\n exit(1, 'Could not determine the RancherOS version');\n}\n\nmatch = pregmatch(pattern:\"v([0-9\\.]+)\", string:os_ver);\n\nif (!isnull(match))\n{ \n version = match[1]; \n if (ver_compare(ver:version, fix:fix_version, strict:TRUE) == -1)\n {\n security_report_v4(\n port:0,\n severity:SECURITY_HOLE,\n extra:\n '\\n Installed version : ' + os_ver +\n '\\n Fixed version : v' + fix_version +\n '\\n'\n );\n }\n}\n\naudit(AUDIT_INST_VER_NOT_VULN, 'RancherOS', os_ver);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:16:39", "description": "The 4.18.9 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.18.8 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 14, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 29 : kernel / kernel-headers (2018-272cf2f9f4)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:kernel-headers"], "id": "FEDORA_2018-272CF2F9F4.NASL", "href": "https://www.tenable.com/plugins/nessus/120303", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-272cf2f9f4.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120303);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-17182\");\n script_xref(name:\"FEDORA\", value:\"2018-272cf2f9f4\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers (2018-272cf2f9f4)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.18.9 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.18.8 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-272cf2f9f4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-17182\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-272cf2f9f4\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-4.18.9-300.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-4.18.9-300.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T01:12:11", "description": "New kernel packages are available for Slackware 14.2 to fix a\nsecurity issue.", "edition": 22, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-24T00:00:00", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-264-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-firmware", "p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-huge"], "id": "SLACKWARE_SSA_2018-264-01.NASL", "href": "https://www.tenable.com/plugins/nessus/117653", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2018-264-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117653);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/04/05 23:25:07\");\n\n script_cve_id(\"CVE-2018-17182\");\n script_xref(name:\"SSA\", value:\"2018-264-01\");\n\n script_name(english:\"Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-264-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New kernel packages are available for Slackware 14.2 to fix a\nsecurity issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2018&m=slackware-security.693090\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c76b6d4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-firmware\", pkgver:\"20180913_44d4fca\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic\", pkgver:\"4.4.157\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic-smp\", pkgver:\"4.4.157_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-headers\", pkgver:\"4.4.157_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge\", pkgver:\"4.4.157\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge-smp\", pkgver:\"4.4.157_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules\", pkgver:\"4.4.157\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules-smp\", pkgver:\"4.4.157_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-source\", pkgver:\"4.4.157_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-firmware\", pkgver:\"20180913_44d4fca\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.4.157\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.4.157\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.4.157\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.4.157\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.4.157\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T05:18:11", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - bnxt_en: xdp: don't make drivers report attachment mode\n (partial backport) (Somasundaram Krishnasamy) [Orabug:\n 27988326]\n\n - bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (Nikita\n V. Shirokov) \n\n - bnxt_en: add meta pointer for direct access (partial\n backport) (Somasundaram Krishnasamy) [Orabug: 27988326]\n\n - bnxt_en: Fix bug in ethtool -L. (Michael Chan) [Orabug:\n 27988326]\n\n - bpf: bnxt: Report bpf_prog ID during XDP_QUERY_PROG\n (Martin KaFai Lau) [Orabug: 27988326]\n\n - bnxt_en: Optimize doorbell write operations for newer\n chips (reapply). (Michael Chan) [Orabug: 27988326]\n\n - bnxt_en: Use short TX BDs for the XDP TX ring. (Michael\n Chan) \n\n - bnxt_en: Add ethtool mac loopback self test (reapply).\n (Michael Chan) \n\n - bnxt_en: Add support for XDP_TX action. (Michael Chan)\n [Orabug: 27988326]\n\n - bnxt_en: Add basic XDP support. (Michael Chan) [Orabug:\n 27988326]\n\n - x86/ia32: Restore r8 correctly in 32bit SYSCALL\n instruction entry. (Gayatri Vasudevan) [Orabug:\n 28529706]\n\n - net: enable RPS on vlan devices (Shannon Nelson)\n [Orabug: 28645929]\n\n - xen-blkback: hold write vbd-lock while swapping the vbd\n (Ankur Arora) \n\n - xen-blkback: implement swapping of active vbd (Ankur\n Arora) [Orabug: 28651655]\n\n - xen-blkback: emit active physical device to xenstore\n (Ankur Arora) \n\n - xen-blkback: refactor backend_changed (Ankur Arora)\n [Orabug: 28651655]\n\n - xen-blkback: pull out blkif grant features from vbd\n (Ankur Arora) \n\n - mm: get rid of vmacache_flush_all entirely (Linus\n Torvalds) [Orabug: 28701016] (CVE-2018-17182)\n\n - rds: crash at rds_ib_inc_copy_to_user+104 due to NULL\n ptr reference (Venkat Venkatsubra) [Orabug: 28506569]\n\n - IB/core: For multicast functions, verify that LIDs are\n multicast LIDs (Michael J. Ruhl) [Orabug: 28700490]", "edition": 23, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-11T00:00:00", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0266)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware"], "id": "ORACLEVM_OVMSA-2018-0266.NASL", "href": "https://www.tenable.com/plugins/nessus/118052", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2018-0266.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118052);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/27 13:00:35\");\n\n script_cve_id(\"CVE-2018-17182\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0266)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - bnxt_en: xdp: don't make drivers report attachment mode\n (partial backport) (Somasundaram Krishnasamy) [Orabug:\n 27988326]\n\n - bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (Nikita\n V. Shirokov) \n\n - bnxt_en: add meta pointer for direct access (partial\n backport) (Somasundaram Krishnasamy) [Orabug: 27988326]\n\n - bnxt_en: Fix bug in ethtool -L. (Michael Chan) [Orabug:\n 27988326]\n\n - bpf: bnxt: Report bpf_prog ID during XDP_QUERY_PROG\n (Martin KaFai Lau) [Orabug: 27988326]\n\n - bnxt_en: Optimize doorbell write operations for newer\n chips (reapply). (Michael Chan) [Orabug: 27988326]\n\n - bnxt_en: Use short TX BDs for the XDP TX ring. (Michael\n Chan) \n\n - bnxt_en: Add ethtool mac loopback self test (reapply).\n (Michael Chan) \n\n - bnxt_en: Add support for XDP_TX action. (Michael Chan)\n [Orabug: 27988326]\n\n - bnxt_en: Add basic XDP support. (Michael Chan) [Orabug:\n 27988326]\n\n - x86/ia32: Restore r8 correctly in 32bit SYSCALL\n instruction entry. (Gayatri Vasudevan) [Orabug:\n 28529706]\n\n - net: enable RPS on vlan devices (Shannon Nelson)\n [Orabug: 28645929]\n\n - xen-blkback: hold write vbd-lock while swapping the vbd\n (Ankur Arora) \n\n - xen-blkback: implement swapping of active vbd (Ankur\n Arora) [Orabug: 28651655]\n\n - xen-blkback: emit active physical device to xenstore\n (Ankur Arora) \n\n - xen-blkback: refactor backend_changed (Ankur Arora)\n [Orabug: 28651655]\n\n - xen-blkback: pull out blkif grant features from vbd\n (Ankur Arora) \n\n - mm: get rid of vmacache_flush_all entirely (Linus\n Torvalds) [Orabug: 28701016] (CVE-2018-17182)\n\n - rds: crash at rds_ib_inc_copy_to_user+104 due to NULL\n ptr reference (Venkat Venkatsubra) [Orabug: 28506569]\n\n - IB/core: For multicast functions, verify that LIDs are\n multicast LIDs (Michael J. Ruhl) [Orabug: 28700490]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2018-October/000900.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d06bca0e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.20.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.20.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T14:56:23", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-17182: An issue was discovered in the Linux kernel The\nvmacache_flush_all function in mm/vmacache.c mishandled sequence\nnumber overflows. An attacker can trigger a use-after-free (and\npossibly gain privileges) via certain thread creation, map, unmap,\ninvalidation, and dereference operations (bnc#1108399).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 19, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-12T00:00:00", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3100-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "modified": "2018-10-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-trace", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel"], "id": "SUSE_SU-2018-3100-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118079", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3100-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118079);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-17182\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3100-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-17182: An issue was discovered in the Linux kernel The\nvmacache_flush_all function in mm/vmacache.c mishandled sequence\nnumber overflows. An attacker can trigger a use-after-free (and\npossibly gain privileges) via certain thread creation, map, unmap,\ninvalidation, and dereference operations (bnc#1108399).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17182/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183100-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bdf3748f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-20181003-13812=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-20181003-13812=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-20181003-13812=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-20181003-13812=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-108.77.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-108.77.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:22:05", "description": "The 4.18.9 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 14, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : kernel / kernel-headers (2018-e820fccd83)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-E820FCCD83.NASL", "href": "https://www.tenable.com/plugins/nessus/120871", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-e820fccd83.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120871);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-17182\");\n script_xref(name:\"FEDORA\", value:\"2018-e820fccd83\");\n\n script_name(english:\"Fedora 28 : kernel / kernel-headers (2018-e820fccd83)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.18.9 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-e820fccd83\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-17182\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-e820fccd83\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"kernel-4.18.9-200.fc28\")) flag++;\nif (rpm_check(release:\"FC28\", reference:\"kernel-headers-4.18.9-200.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:21:48", "description": "The 4.18.9 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.18.8 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 16, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-27T00:00:00", "title": "Fedora 27 : kernel / kernel-headers (2018-d77cc41f35)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "modified": "2018-09-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:27", "p-cpe:/a:fedoraproject:fedora:kernel-headers"], "id": "FEDORA_2018-D77CC41F35.NASL", "href": "https://www.tenable.com/plugins/nessus/117720", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-d77cc41f35.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117720);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-17182\");\n script_xref(name:\"FEDORA\", value:\"2018-d77cc41f35\");\n\n script_name(english:\"Fedora 27 : kernel / kernel-headers (2018-d77cc41f35)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.18.9 stable update contains a number of important fixes across\nthe tree.\n\n----\n\nThe 4.18.8 update contains a number of important fixes across the tree\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-d77cc41f35\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-17182\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2018-d77cc41f35\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"kernel-4.18.9-100.fc27\")) flag++;\nif (rpm_check(release:\"FC27\", reference:\"kernel-headers-4.18.9-100.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T05:09:18", "description": "Description of changes:\n\n[4.1.12-124.20.1.el7uek]\n- bnxt_en: xdp: don't make drivers report attachment mode (partial \nbackport) (Somasundaram Krishnasamy) [Orabug: 27988326]\n- bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (Nikita V. Shirokov) \n[Orabug: 27988326]\n- bnxt_en: add meta pointer for direct access (partial backport) \n(Somasundaram Krishnasamy) [Orabug: 27988326]\n- bnxt_en: Fix bug in ethtool -L. (Michael Chan) [Orabug: 27988326]\n- bpf: bnxt: Report bpf_prog ID during XDP_QUERY_PROG (Martin KaFai Lau) \n [Orabug: 27988326]\n- bnxt_en: Optimize doorbell write operations for newer chips (reapply). \n(Michael Chan) [Orabug: 27988326]\n- bnxt_en: Use short TX BDs for the XDP TX ring. (Michael Chan) \n[Orabug: 27988326]\n- bnxt_en: Add ethtool mac loopback self test (reapply). (Michael Chan) \n[Orabug: 27988326]\n- bnxt_en: Add support for XDP_TX action. (Michael Chan) [Orabug: \n27988326]\n- bnxt_en: Add basic XDP support. (Michael Chan) [Orabug: 27988326]\n- x86/ia32: Restore r8 correctly in 32bit SYSCALL instruction entry. \n(Gayatri Vasudevan) [Orabug: 28529706]\n- net: enable RPS on vlan devices (Shannon Nelson) [Orabug: 28645929]\n- xen-blkback: hold write vbd-lock while swapping the vbd (Ankur Arora) \n[Orabug: 28651655]\n- xen-blkback: implement swapping of active vbd (Ankur Arora) [Orabug: \n28651655]\n- xen-blkback: emit active physical device to xenstore (Ankur Arora) \n[Orabug: 28651655]\n- xen-blkback: refactor backend_changed() (Ankur Arora) [Orabug: 28651655]\n- xen-blkback: pull out blkif grant features from vbd (Ankur Arora) \n[Orabug: 28651655]\n- mm: get rid of vmacache_flush_all() entirely (Linus Torvalds) \n[Orabug: 28701016] {CVE-2018-17182}\n\n[4.1.12-124.19.9.el7uek]\n- rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference \n(Venkat Venkatsubra) [Orabug: 28506569]\n\n[4.1.12-124.19.8.el7uek]\n- IB/core: For multicast functions, verify that LIDs are multicast LIDs \n(Michael J. Ruhl) [Orabug: 28700490]", "edition": 23, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-11T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4244)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2018-4244.NASL", "href": "https://www.tenable.com/plugins/nessus/118054", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2018-4244.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118054);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/27 13:00:39\");\n\n script_cve_id(\"CVE-2018-17182\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4244)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.1.12-124.20.1.el7uek]\n- bnxt_en: xdp: don't make drivers report attachment mode (partial \nbackport) (Somasundaram Krishnasamy) [Orabug: 27988326]\n- bpf: make bnxt compatible w/ bpf_xdp_adjust_tail (Nikita V. Shirokov) \n[Orabug: 27988326]\n- bnxt_en: add meta pointer for direct access (partial backport) \n(Somasundaram Krishnasamy) [Orabug: 27988326]\n- bnxt_en: Fix bug in ethtool -L. (Michael Chan) [Orabug: 27988326]\n- bpf: bnxt: Report bpf_prog ID during XDP_QUERY_PROG (Martin KaFai Lau) \n [Orabug: 27988326]\n- bnxt_en: Optimize doorbell write operations for newer chips (reapply). \n(Michael Chan) [Orabug: 27988326]\n- bnxt_en: Use short TX BDs for the XDP TX ring. (Michael Chan) \n[Orabug: 27988326]\n- bnxt_en: Add ethtool mac loopback self test (reapply). (Michael Chan) \n[Orabug: 27988326]\n- bnxt_en: Add support for XDP_TX action. (Michael Chan) [Orabug: \n27988326]\n- bnxt_en: Add basic XDP support. (Michael Chan) [Orabug: 27988326]\n- x86/ia32: Restore r8 correctly in 32bit SYSCALL instruction entry. \n(Gayatri Vasudevan) [Orabug: 28529706]\n- net: enable RPS on vlan devices (Shannon Nelson) [Orabug: 28645929]\n- xen-blkback: hold write vbd-lock while swapping the vbd (Ankur Arora) \n[Orabug: 28651655]\n- xen-blkback: implement swapping of active vbd (Ankur Arora) [Orabug: \n28651655]\n- xen-blkback: emit active physical device to xenstore (Ankur Arora) \n[Orabug: 28651655]\n- xen-blkback: refactor backend_changed() (Ankur Arora) [Orabug: 28651655]\n- xen-blkback: pull out blkif grant features from vbd (Ankur Arora) \n[Orabug: 28651655]\n- mm: get rid of vmacache_flush_all() entirely (Linus Torvalds) \n[Orabug: 28701016] {CVE-2018-17182}\n\n[4.1.12-124.19.9.el7uek]\n- rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference \n(Venkat Venkatsubra) [Orabug: 28506569]\n\n[4.1.12-124.19.8.el7uek]\n- IB/core: For multicast functions, verify that LIDs are multicast LIDs \n(Michael J. Ruhl) [Orabug: 28700490]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-October/008128.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-October/008129.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-17182\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2018-4244\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"4.1\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-124.20.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-124.20.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-124.20.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-124.20.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-124.20.1.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-124.20.1.el6uek\")) flag++;\n\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-124.20.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-124.20.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-124.20.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-124.20.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-124.20.1.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-124.20.1.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-14T06:15:47", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\nmishandled sequence number overflows. An attacker can trigger a\nuse-after-free (and possibly gain privileges) via certain thread\ncreation, map, unmap, invalidation, and dereference operations\n(bnc#1108399).\n\nCVE-2018-14633: A security flaw was found in the\nchap_server_compute_md5() function in the ISCSI target code in a way\nan authentication request from an ISCSI initiator is processed. An\nunauthenticated remote attacker can cause a stack-based buffer\noverflow and smash up to 17 bytes of the stack. The attack requires\nthe iSCSI target to be enabled on the victim host. Depending on how\nthe target's code was built (i.e. depending on a compiler, compile\nflags and hardware architecture) an attack may lead to a system crash\nand thus to a denial-of-service or possibly to a non-authorized access\nto data exported by an iSCSI target. Due to the nature of the flaw,\nprivilege escalation cannot be fully ruled out, although we believe it\nis highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are\nbelieved to be vulnerable (bnc#1107829).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 11, "cvss3": {"score": 7.0, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2019-01-02T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:3159-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-17182", "CVE-2018-14633"], "modified": "2019-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build"], "id": "SUSE_SU-2018-3159-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120130", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3159-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120130);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-14633\", \"CVE-2018-17182\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2018:3159-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\nmishandled sequence number overflows. An attacker can trigger a\nuse-after-free (and possibly gain privileges) via certain thread\ncreation, map, unmap, invalidation, and dereference operations\n(bnc#1108399).\n\nCVE-2018-14633: A security flaw was found in the\nchap_server_compute_md5() function in the ISCSI target code in a way\nan authentication request from an ISCSI initiator is processed. An\nunauthenticated remote attacker can cause a stack-based buffer\noverflow and smash up to 17 bytes of the stack. The attack requires\nthe iSCSI target to be enabled on the victim host. Depending on how\nthe target's code was built (i.e. depending on a compiler, compile\nflags and hardware architecture) an attack may lead to a system crash\nand thus to a denial-of-service or possibly to a non-authorized access\nto data exported by an iSCSI target. Due to the nature of the flaw,\nprivilege escalation cannot be fully ruled out, although we believe it\nis highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are\nbelieved to be vulnerable (bnc#1107829).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098782\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107928\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110301\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110639\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110642\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110643\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110644\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110649\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17182/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183159-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?12886332\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15:zypper in -t patch\nSUSE-SLE-Product-WE-15-2018-2241=1\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2018-2241=1\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2018-2241=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-2241=1\n\nSUSE Linux Enterprise High Availability 15:zypper in -t patch\nSUSE-SLE-Product-HA-15-2018-2241=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-syms-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-syms-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-25.22.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-25.22.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "googleprojectzero": [{"lastseen": "2020-12-14T19:21:45", "bulletinFamily": "info", "cvelist": ["CVE-2018-17182"], "description": "Posted by Jann Horn, Google Project Zero\n\n \n\n\nThis blogpost describes a way to exploit a Linux kernel bug (CVE-2018-17182) that exists since kernel version 3.16. While the bug itself is in code that is reachable even from relatively strongly sandboxed contexts, this blogpost only describes a way to exploit it in environments that use Linux kernels that haven't been configured for increased security (specifically, Ubuntu 18.04 with kernel linux-image-4.15.0-34-generic at version 4.15.0-34.37). This demonstrates how the kernel configuration can have a big impact on the difficulty of exploiting a kernel bug.\n\n** \n**\n\nThe bug report and the exploit are filed in our issue tracker as [issue 1664](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1664>).\n\n** \n**\n\nFixes for the issue are in the upstream stable releases 4.18.9, 4.14.71, 4.9.128, 4.4.157 and 3.16.58.\n\n# The bug\n\nWhenever a userspace page fault occurs because e.g. a page has to be paged in on demand, the Linux kernel has to look up the VMA (virtual memory area; struct vm_area_struct) that contains the fault address to figure out how the fault should be handled. The slowpath for looking up a VMA (in find_vma()) has to walk a red-black tree of VMAs. To avoid this performance hit, Linux also has a fastpath that can bypass the tree walk if the VMA was recently used.\n\n** \n**\n\nThe implementation of the fastpath has changed over time; [since version 3.15](<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=615d6e8756c87149f2d4c1b93d471bca002bd849>), Linux uses per-thread VMA caches with four slots, implemented in mm/vmacache.c and include/linux/vmacache.h. Whenever a successful lookup has been performed through the slowpath, vmacache_update() stores a pointer to the VMA in an entry of the array current-&gt;vmacache.vmas, allowing the next lookup to use the fastpath.\n\n** \n**\n\nNote that VMA caches are per-thread, but VMAs are associated with a whole process (more precisely with a struct mm_struct; from now on, this distinction will largely be ignored, since it isn't relevant to this bug). Therefore, when a VMA is freed, the VMA caches of all threads must be invalidated - otherwise, the next VMA lookup would follow a dangling pointer. However, since a process can have many threads, simply iterating through the VMA caches of all threads would be a performance problem.\n\n** \n**\n\nTo solve this, both the struct mm_struct and the per-thread struct vmacache are tagged with sequence numbers; when the VMA lookup fastpath discovers in vmacache_valid() that current-&gt;vmacache.seqnum and current-&gt;mm-&gt;vmacache_seqnum don't match, it wipes the contents of the current thread's VMA cache and updates its sequence number.\n\n** \n**\n\nThe sequence numbers of the mm_struct and the VMA cache were only 32 bits wide, meaning that it was possible for them to overflow. To ensure that a VMA cache can't incorrectly appear to be valid when current-&gt;mm-&gt;vmacache_seqnum has actually been incremented 232 times, vmacache_invalidate() (the helper that increments current-&gt;mm-&gt;vmacache_seqnum) had a special case: When current-&gt;mm-&gt;vmacache_seqnum wrapped to zero, it would call vmacache_flush_all() to wipe the contents of all VMA caches associated with current-&gt;mm. Executing vmacache_flush_all() was very expensive: It would iterate over every thread on the entire machine, check which struct mm_struct it is associated with, then if necessary flush the thread's VMA cache.\n\n** \n**\n\nIn version 3.16, [an optimization was added](<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6b4ebc3a9078c5b7b8c4cf495a0b1d2d0e0bfe7a>): If the struct mm_struct was only associated with a single thread, vmacache_flush_all() would do nothing, based on the realization that every VMA cache invalidation is preceded by a VMA lookup; therefore, in a single-threaded process, the VMA cache's sequence number is always close to the mm_struct's sequence number:\n\n** \n**\n\n/*\n\n* Single threaded tasks need not iterate the entire\n\n* list of process. We can avoid the flushing as well\n\n* since the mm's seqnum was increased and don't have\n\n* to worry about other threads' seqnum. Current's\n\n* flush will occur upon the next lookup.\n\n*/\n\nif (atomic_read(&amp;mm-&gt;mm_users) == 1)\n\nreturn;\n\n** \n**\n\nHowever, this optimization is incorrect because it doesn't take into account what happens if a previously single-threaded process creates a new thread immediately after the mm_struct's sequence number has wrapped around to zero. In this case, the sequence number of the first thread's VMA cache will still be 0xffffffff, and the second thread can drive the mm_struct's sequence number up to 0xffffffff again. At that point, the first thread's VMA cache, which can contain dangling pointers, will be considered valid again, permitting the use of freed VMA pointers in the first thread's VMA cache.\n\n** \n**\n\nThe bug [was fixed](<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/vmacache.c?id=7a9cdebdcc17e426fb5287e4a82db1dfe86339b2>) by changing the sequence numbers to 64 bits, thereby making an overflow infeasible, and removing the overflow handling logic.\n\n# Reachability and Impact\n\nFundamentally, this bug can be triggered by any process that can run for a sufficiently long time to overflow the reference counter (about an hour if MAP_FIXED is usable) and has the ability to use mmap()/munmap() (to manage memory mappings) and clone() (to create a thread). These syscalls do not require any privileges, and they are often permitted even in seccomp-sandboxed contexts, such as the Chrome renderer sandbox ([mmap](<https://cs.chromium.org/chromium/src/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc?l=192>), [munmap](<https://cs.chromium.org/chromium/src/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc?l=498&dr=C>), [clone](<https://cs.chromium.org/chromium/src/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc?l=144>)), [the sandbox of the main gVisor host component](<https://github.com/google/gvisor/blob/master/runsc/boot/filter/config.go>), and [Docker's seccomp policy](<https://github.com/moby/moby/blob/master/profiles/seccomp/seccomp_default.go>).\n\n** \n**\n\nTo make things easy, my exploit uses various other kernel interfaces, and therefore doesn't just work from inside such sandboxes; in particular, it uses /dev/kmsg to read dmesg logs and uses an eBPF array to spam the kernel's page allocator with user-controlled, mutable single-page allocations. However, an attacker willing to invest more time into an exploit would probably be able to avoid using such interfaces.\n\n** \n**\n\nInterestingly, it looks like Docker in its default config [doesn't prevent containers from accessing the host's dmesg logs](<https://github.com/moby/moby/issues/37897>) if the kernel permits dmesg access for normal users - while /dev/kmsg doesn't exist in the container, [the seccomp policy whitelists the syslog() syscall](<https://github.com/moby/moby/blob/47dfff68e4365668279e235bf8c7778b637f2517/profiles/seccomp/seccomp_default.go#L325>) for some reason.\n\n# BUG_ON(), WARN_ON_ONCE(), and dmesg\n\nThe function in which the first use-after-free access occurs is vmacache_find(). [When this function was first added](<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/vmacache.c?id=615d6e8756c87149f2d4c1b93d471bca002bd849>) \\- before the bug was introduced -, it accessed the VMA cache as follows:\n\n** \n**\n\nfor (i = 0; i &lt; VMACACHE_SIZE; i++) {\n\nstruct vm_area_struct *vma = current-&gt;vmacache[i];\n\n** \n**\n\nif (vma &amp;&amp; vma-&gt;vm_start &lt;= addr &amp;&amp; vma-&gt;vm_end &gt; addr) {\n\nBUG_ON(vma-&gt;vm_mm != mm);\n\nreturn vma;\n\n}\n\n}\n\n** \n**\n\nWhen this code encountered a cached VMA whose bounds contain the supplied address addr, it checked whether the VMA's -&gt;vm_mm pointer matches the expected mm_struct \\- which should always be the case, unless a memory safety problem has happened -, and if not, terminated with a BUG_ON() assertion failure. BUG_ON() is intended to handle cases in which a kernel thread detects a severe problem that can't be cleanly handled by bailing out of the current context. In a default upstream kernel configuration, BUG_ON() will normally print a backtrace with register dumps to the dmesg log buffer, then forcibly terminate the current thread. This can sometimes prevent the rest of the system from continuing to work properly - for example, if the crashing code held an important lock, any other thread that attempts to take that lock will then deadlock -, but it is often successful in keeping the rest of the system in a reasonably usable state. Only when the kernel detects that the crash is in a critical context such as an interrupt handler, it brings down the whole system with a kernel panic.\n\n** \n**\n\nThe same handler code is used for dealing with unexpected crashes in kernel code, like page faults and general protection faults at non-whitelisted addresses: By default, if possible, the kernel will attempt to terminate only the offending thread.\n\n** \n**\n\nThe handling of kernel crashes is a tradeoff between availability, reliability and security. A system owner might want a system to keep running as long as possible, even if parts of the system are crashing, if a sudden kernel panic would cause data loss or downtime of an important service. Similarly, a system owner might want to debug a kernel bug on a live system, without an external debugger; if the whole system terminated as soon as the bug is triggered, it might be harder to debug an issue properly.\n\nOn the other hand, an attacker attempting to exploit a kernel bug might benefit from the ability to retry an attack multiple times without triggering system reboots; and an attacker with the ability to read the crash log produced by the first attempt might even be able to use that information for a more sophisticated second attempt.\n\n** \n**\n\nThe kernel provides two sysctls that can be used to adjust this behavior, depending on the desired tradeoff:\n\n** \n**\n\n * kernel.panic_on_oops will automatically cause a kernel panic when a BUG_ON() assertion triggers or the kernel crashes; its initial value can be configured using the build configuration variable CONFIG_PANIC_ON_OOPS. It is off by default in the upstream kernel - and enabling it by default in distributions would probably be a bad idea -, but it is e.g. [enabled by Android](<https://android.googlesource.com/platform/system/core/+/fa14d21ca44377f2c70769b6ebb2cc28a65d53d7/rootdir/init.rc#118>).\n\n * kernel.dmesg_restrict controls whether non-root users can access dmesg logs, which, among other things, contain register dumps and stack traces for kernel crashes; its initial value can be configured using the build configuration variable CONFIG_SECURITY_DMESG_RESTRICT. It is off by default in the upstream kernel, but is enabled by some distributions, e.g. [Debian](<https://salsa.debian.org/kernel-team/linux/raw/master/debian/config/config>). (Android relies on SELinux to block access to dmesg.)\n\n** \n**\n\nUbuntu, for example, enables neither of these.\n\n** \n** \n\n\nThe code snippet from above [was amended](<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/vmacache.c?id=50f5aa8a9b248fa4262cf379863ec9a531b49737>) in the same month as it was committed:\n\n** \n**\n\nfor (i = 0; i &lt; VMACACHE_SIZE; i++) {\n\nstruct vm_area_struct *vma = current-&gt;vmacache[i];\n\n\\- if (vma &amp;&amp; vma-&gt;vm_start &lt;= addr &amp;&amp; vma-&gt;vm_end &gt; addr) {\n\n\\- BUG_ON(vma-&gt;vm_mm != mm);\n\n\\+ if (!vma)\n\n\\+ continue;\n\n\\+ if (WARN_ON_ONCE(vma-&gt;vm_mm != mm))\n\n\\+ break;\n\n\\+ if (vma-&gt;vm_start &lt;= addr &amp;&amp; vma-&gt;vm_end &gt; addr)\n\nreturn vma;\n\n\\- }\n\n}\n\n** \n**\n\nThis amended code is what distributions like Ubuntu are currently shipping.\n\n** \n**\n\nThe first change here is that the sanity check for a dangling pointer happens before the address comparison. The second change is somewhat more interesting: BUG_ON() is replaced with WARN_ON_ONCE().\n\n** \n**\n\nWARN_ON_ONCE() prints debug information to dmesg that is similar to what BUG_ON() would print. The differences to BUG_ON() are that WARN_ON_ONCE() only prints debug information the first time it triggers, and that execution continues: Now when the kernel detects a dangling pointer in the VMA cache lookup fastpath - in other words, when it heuristically detects that a use-after-free has happened -, it just bails out of the fastpath and falls back to the red-black tree walk. The process continues normally.\n\n** \n**\n\nThis fits in with the kernel's policy of attempting to keep the system running as much as possible by default; if an accidental use-after-free bug occurs here for some reason, the kernel can probably heuristically mitigate its effects and keep the process working.\n\n** \n**\n\nThe policy of only printing a warning even when the kernel has discovered a memory corruption is problematic for systems that should kernel panic when the kernel notices security-relevant events like kernel memory corruption. Simply making WARN() trigger kernel panics isn't really an option because WARN() is also used for various events that are not important to the kernel's security. For this reason, a few uses of WARN_ON() in security-relevant places have been replaced with CHECK_DATA_CORRUPTION(), which permits toggling the behavior between BUG() and WARN() at kernel configuration time. However, CHECK_DATA_CORRUPTION() is only used in the linked list manipulation code and in addr_limit_user_check(); the check in the VMA cache, for example, still uses a classic WARN_ON_ONCE().\n\n** \n** \n\n\nA third important change [was made to this function](<https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/vmacache.c?id=ddbf369c0a33924f76d092985bd20d9310f43d7f>); however, this change is relatively recent and will first be in the 4.19 kernel, which hasn't been released yet, so it is irrelevant for attacking currently deployed kernels.\n\n** \n**\n\nfor (i = 0; i &lt; VMACACHE_SIZE; i++) {\n\n\\- struct vm_area_struct *vma = current-&gt;vmacache.vmas[i];\n\n\\+ struct vm_area_struct *vma = current-&gt;vmacache.vmas[idx];\n\n\\- if (!vma)\n\n\\- continue;\n\n\\- if (WARN_ON_ONCE(vma-&gt;vm_mm != mm))\n\n\\- break;\n\n\\- if (vma-&gt;vm_start &lt;= addr &amp;&amp; vma-&gt;vm_end &gt; addr) {\n\n\\- count_vm_vmacache_event(VMACACHE_FIND_HITS);\n\n\\- return vma;\n\n\\+ if (vma) {\n\n+#ifdef CONFIG_DEBUG_VM_VMACACHE\n\n\\+ if (WARN_ON_ONCE(vma-&gt;vm_mm != mm))\n\n\\+ break;\n\n+#endif\n\n\\+ if (vma-&gt;vm_start &lt;= addr &amp;&amp; vma-&gt;vm_end &gt; addr) {\n\n\\+ count_vm_vmacache_event(VMACACHE_FIND_HITS);\n\n\\+ return vma;\n\n\\+ }\n\n}\n\n\\+ if (++idx == VMACACHE_SIZE)\n\n\\+ idx = 0;\n\n}\n\n** \n**\n\nAfter this change, the sanity check is skipped altogether unless the kernel is built with the debugging option CONFIG_DEBUG_VM_VMACACHE.\n\n# The exploit: Incrementing the sequence number\n\nThe exploit has to increment the sequence number roughly 233 times. Therefore, the efficiency of the primitive used to increment the sequence number is important for the runtime of the whole exploit.\n\n** \n**\n\nIt is possible to cause two sequence number increments per syscall as follows: Create an anonymous VMA that spans three pages. Then repeatedly use mmap() with MAP_FIXED to replace the middle page with an equivalent VMA. This causes mmap() to first split the VMA into three VMAs, then replace the middle VMA, and then merge the three VMAs together again, causing VMA cache invalidations for the two VMAs that are deleted while merging the VMAs.\n\n# The exploit: Replacing the VMA\n\nEnumerating all potential ways to attack the use-after-free without releasing the slab's backing page (according to /proc/slabinfo, the Ubuntu kernel uses one page per vm_area_struct slab) back to the buddy allocator / page allocator:\n\n** \n**\n\n 1. Get the vm_area_struct reused in the same process. The process would then be able to use this VMA, but this doesn't result in anything interesting, since the VMA caches of the process would be allowed to contain pointers to the VMA anyway.\n\n 2. Free the vm_area_struct such that it is on the slab allocator's freelist, then attempt to access it. However, at least the SLUB allocator that Ubuntu uses replaces the first 8 bytes of the vm_area_struct (which contain vm_start, the userspace start address) with a kernel address. This makes it impossible for the VMA cache lookup function to return it, since the condition vma-&gt;vm_start &lt;= addr &amp;&amp; vma-&gt;vm_end &gt; addr can't be fulfilled, and therefore nothing interesting happens.\n\n 3. Free the vm_area_struct such that it is on the slab allocator's freelist, then allocate it in another process. This would (with the exception of a very narrow race condition that can't easily be triggered repeatedly) result in hitting the WARN_ON_ONCE(), and therefore the VMA cache lookup function wouldn't return the VMA.\n\n 4. Free the vm_area_struct such that it is on the slab allocator's freelist, then make an allocation from a slab that has been merged with the vm_area_struct slab. This requires the existence of an aliasing slab; in a Ubuntu 18.04 VM, no such slab seems to exist.\n\n** \n**\n\nTherefore, to exploit this bug, it is necessary to release the backing page back to the page allocator, then reallocate the page in some way that permits placing controlled data in it. There are various kernel interfaces that could be used for this; for example:\n\n** \n**\n\npipe pages:\n\n * advantage: not wiped on allocation\n\n * advantage: permits writing at an arbitrary in-page offset if splice() is available\n\n * advantage: page-aligned\n\n * disadvantage: can't do multiple writes without first freeing the page, then reallocating it\n\n** \n**\n\nBPF maps:\n\n * advantage: can repeatedly read and write contents from userspace\n\n * advantage: page-aligned\n\n * disadvantage: wiped on allocation\n\n** \n**\n\nThis exploit uses BPF maps.\n\n# The exploit: Leaking pointers from dmesg\n\nThe exploit wants to have the following information:\n\n** \n**\n\n * address of the mm_struct\n\n * address of the use-after-free'd VMA\n\n * load address of kernel code\n\n** \n**\n\nAt least in the Ubuntu 18.04 kernel, the first two of these are directly visible in the register dump triggered by WARN_ON_ONCE(), and can therefore easily be extracted from dmesg: The mm_struct's address is in RDI, and the VMA's address is in RAX. However, an instruction pointer is not directly visible because RIP and the stack are symbolized, and none of the general-purpose registers contain an instruction pointer.\n\n** \n**\n\nA kernel backtrace can contain multiple sets of registers: When the stack backtracing logic encounters an interrupt frame, it generates another register dump. Since we can trigger the WARN_ON_ONCE() through a page fault on a userspace address, and page faults on userspace addresses can happen at any userspace memory access in syscall context (via copy_from_user()/copy_to_user()/...), we can pick a call site that has the relevant information in a register from a wide range of choices. It turns out that writing to an eventfd triggers a usercopy while R8 still contains the pointer to the eventfd_fops structure.\n\n** \n**\n\nWhen the exploit runs, it replaces the VMA with zeroed memory, then triggers a VMA lookup against the broken VMA cache, intentionally triggering the WARN_ON_ONCE(). This generates a warning that looks as follows - the leaks used by the exploit are highlighted:\n\n** \n**\n\n[ 3482.271265] WARNING: CPU: 0 PID: 1871 at /build/linux-SlLHxe/linux-4.15.0/mm/vmacache.c:102 vmacache_find+0x9c/0xb0\n\n[...]\n\n[ 3482.271298] RIP: 0010:vmacache_find+0x9c/0xb0\n\n[ 3482.271299] RSP: 0018:ffff9e0bc2263c60 EFLAGS: 00010203\n\n[ 3482.271300] RAX: ffff8c7caf1d61a0 RBX: 00007fffffffd000 RCX: 0000000000000002\n\n[ 3482.271301] RDX: 0000000000000002 RSI: 00007fffffffd000 RDI: ffff8c7c214c7380\n\n[ 3482.271301] RBP: ffff9e0bc2263c60 R08: 0000000000000000 R09: 0000000000000000\n\n[ 3482.271302] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8c7c214c7380\n\n[ 3482.271303] R13: ffff9e0bc2263d58 R14: ffff8c7c214c7380 R15: 0000000000000014\n\n[ 3482.271304] FS: 00007f58c7bf6a80(0000) GS:ffff8c7cbfc00000(0000) knlGS:0000000000000000\n\n[ 3482.271305] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n\n[ 3482.271305] CR2: 00007fffffffd000 CR3: 00000000a143c004 CR4: 00000000003606f0\n\n[ 3482.271308] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n\n[ 3482.271309] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n\n[ 3482.271309] Call Trace:\n\n[ 3482.271314] find_vma+0x1b/0x70\n\n[ 3482.271318] __do_page_fault+0x174/0x4d0\n\n[ 3482.271320] do_page_fault+0x2e/0xe0\n\n[ 3482.271323] do_async_page_fault+0x51/0x80\n\n[ 3482.271326] async_page_fault+0x25/0x50\n\n[ 3482.271329] RIP: 0010:copy_user_generic_unrolled+0x86/0xc0\n\n[ 3482.271330] RSP: 0018:ffff9e0bc2263e08 EFLAGS: 00050202\n\n[ 3482.271330] RAX: 00007fffffffd008 RBX: 0000000000000008 RCX: 0000000000000001\n\n[ 3482.271331] RDX: 0000000000000000 RSI: 00007fffffffd000 RDI: ffff9e0bc2263e30\n\n[ 3482.271332] RBP: ffff9e0bc2263e20 R08: ffffffffa7243680 R09: 0000000000000002\n\n[ 3482.271333] R10: ffff8c7bb4497738 R11: 0000000000000000 R12: ffff9e0bc2263e30\n\n[ 3482.271333] R13: ffff8c7bb4497700 R14: ffff8c7cb7a72d80 R15: ffff8c7bb4497700\n\n[ 3482.271337] ? _copy_from_user+0x3e/0x60\n\n[ 3482.271340] eventfd_write+0x74/0x270\n\n[ 3482.271343] ? common_file_perm+0x58/0x160\n\n[ 3482.271345] ? wake_up_q+0x80/0x80\n\n[ 3482.271347] __vfs_write+0x1b/0x40\n\n[ 3482.271348] vfs_write+0xb1/0x1a0\n\n[ 3482.271349] SyS_write+0x55/0xc0\n\n[ 3482.271353] do_syscall_64+0x73/0x130\n\n[ 3482.271355] entry_SYSCALL_64_after_hwframe+0x3d/0xa2\n\n[ 3482.271356] RIP: 0033:0x55a2e8ed76a6\n\n[ 3482.271357] RSP: 002b:00007ffe71367ec8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n\n[ 3482.271358] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 000055a2e8ed76a6\n\n[ 3482.271358] RDX: 0000000000000008 RSI: 00007fffffffd000 RDI: 0000000000000003\n\n[ 3482.271359] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000\n\n[ 3482.271359] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffe71367ec8\n\n[ 3482.271360] R13: 00007fffffffd000 R14: 0000000000000009 R15: 0000000000000000\n\n[ 3482.271361] Code: 00 48 8b 84 c8 10 08 00 00 48 85 c0 74 11 48 39 78 40 75 17 48 39 30 77 06 48 39 70 08 77 8d 83 c2 01 83 fa 04 75 ce 31 c0 5d c3 &lt;0f&gt; 0b 31 c0 5d c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f \n\n[ 3482.271381] ---[ end trace bf256b6e27ee4552 ]---\n\n** \n**\n\nAt this point, the exploit can create a fake VMA that contains the correct mm_struct pointer (leaked from RDI). It also populates other fields with references to fake data structures (by creating pointers back into the fake VMA using the leaked VMA pointer from RAX) and with pointers into the kernel's code (using the leaked R8 from the page fault exception frame to bypass KASLR).\n\n# The exploit: JOP (the boring part)\n\nIt is probably possible to exploit this bug in some really elegant way by abusing the ability to overlay a fake writable VMA over existing readonly pages, or something like that; however, this exploit just uses classic jump-oriented programming.\n\n** \n**\n\nTo trigger the use-after-free a second time, a writing memory access is performed on an address that has no pagetable entries. At this point, the kernel's page fault handler comes in via page_fault -&gt; do_page_fault -&gt; __do_page_fault -&gt; handle_mm_fault -&gt; __handle_mm_fault -&gt; handle_pte_fault -&gt; do_fault -&gt; do_shared_fault -&gt; __do_fault, at which point it performs an indirect call:\n\n** \n**\n\nstatic int __do_fault(struct vm_fault *vmf)\n\n{\n\nstruct vm_area_struct *vma = vmf-&gt;vma;\n\nint ret;\n\n** \n**\n\nret = vma-&gt;vm_ops-&gt;fault(vmf);\n\n** \n**\n\nvma is the VMA structure we control, so at this point, we can gain instruction pointer control. R13 contains a pointer to vma. The JOP chain that is used from there on follows; it is quite crude (for example, it crashes after having done its job), but it works.\n\n** \n**\n\nFirst, to move the VMA pointer to RDI:\n\n** \n**\n\nffffffff810b5c21: 49 8b 45 70 mov rax,QWORD PTR [r13+0x70]\n\nffffffff810b5c25: 48 8b 80 88 00 00 00 mov rax,QWORD PTR [rax+0x88]\n\nffffffff810b5c2c: 48 85 c0 test rax,rax\n\nffffffff810b5c2f: 74 08 je ffffffff810b5c39\n\nffffffff810b5c31: 4c 89 ef mov rdi,r13\n\nffffffff810b5c34: e8 c7 d3 b4 00 call ffffffff81c03000 &lt;__x86_indirect_thunk_rax&gt;\n\n** \n**\n\nThen, to get full control over RDI:\n\n** \n**\n\nffffffff810a4aaa: 48 89 fb mov rbx,rdi\n\nffffffff810a4aad: 48 8b 43 20 mov rax,QWORD PTR [rbx+0x20]\n\nffffffff810a4ab1: 48 8b 7f 28 mov rdi,QWORD PTR [rdi+0x28]\n\nffffffff810a4ab5: e8 46 e5 b5 00 call ffffffff81c03000 &lt;__x86_indirect_thunk_rax&gt;\n\n** \n**\n\nAt this point, we can call into run_cmd(), which spawns a root-privileged usermode helper, using a space-delimited path and argument list as its only argument. This gives us the ability to run a binary we have supplied with root privileges. (Thanks to Mark for pointing out that if you control RDI and RIP, you don't have to try to do crazy things like flipping the SM*P bits in CR4, you can just spawn a usermode helper...)\n\n** \n**\n\nAfter launching the usermode helper, the kernel crashes with a page fault because the JOP chain doesn't cleanly terminate; however, since that only kills the process in whose context the fault occured, it doesn't really matter.\n\n# Fix timeline\n\nThis bug was reported 2018-09-12. Two days later, 2018-09-14, a fix was in the upstream kernel tree. This is exceptionally fast, compared to the fix times of other software vendors. At this point, downstream vendors could theoretically backport and apply the patch. The bug is essentially public at this point, even if its security impact is obfuscated by the commit message, which is [frequently](<https://twitter.com/grsecurity/status/1042376315045916672>) [demonstrated](<https://twitter.com/grsecurity/status/1036346838121689091>) [by](<https://twitter.com/grsecurity/status/1034034322389573632>) grsecurity.\n\n** \n**\n\nHowever, a fix being in the upstream kernel does not automatically mean that users' systems are actually patched. The normal process for shipping fixes to users who use distribution kernels based on upstream stable branches works roughly as follows:\n\n** \n**\n\n 1. A patch lands in the upstream kernel.\n\n 2. The patch is backported to an upstream-supported stable kernel.\n\n 3. The distribution merges the changes from upstream-supported stable kernels into its kernels.\n\n 4. Users install the new distribution kernel.\n\n** \n**\n\nNote that the patch becomes public after step 1, potentially allowing attackers to develop an exploit, but users are only protected after step 4.\n\n** \n**\n\nIn this case, the backport to the upstream-supported stable kernels 4.18, 4.14, 4.9 and 4.4 were published 2018-09-19, five days after the patch became public, at which point the distributions could pull in the patch.\n\n** \n**\n\nUpstream stable kernel updates are published very frequently. For example, looking at the last few [stable releases for the 4.14 stable kernel](<https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/log/?h=linux-4.14.y&qt=grep&q=Linux+4.14.>), which is the newest upstream longterm maintenance release:\n\n** \n**\n\n4.14.72 on 2018-09-26\n\n4.14.71 on 2018-09-19\n\n4.14.70 on 2018-09-15\n\n4.14.69 on 2018-09-09\n\n4.14.68 on 2018-09-05\n\n4.14.67 on 2018-08-24\n\n4.14.66 on 2018-08-22\n\n** \n**\n\nThe 4.9 and 4.4 longterm maintenance kernels are updated similarly frequently; only the 3.16 longterm maintenance kernel has not received any updates between the most recent update on 2018-09-25 ([3.16.58](<https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable.git/tag/?h=v3.16.58>)) and the previous one on 2018-06-16 ([3.16.57](<https://git.kernel.org/pub/scm/linux/kernel/git/bwh/linux-stable.git/tag/?h=v3.16.57>)).\n\n** \n**\n\nHowever, Linux distributions often don't publish distribution kernel updates very frequently. For example, Debian stable [ships a kernel based on 4.9](<https://packages.debian.org/search?keywords=linux-image-amd64&searchon=names&suite=stable&section=all>), but as of 2018-09-26, this kernel [was last updated 2018-08-21](<http://metadata.ftp-master.debian.org/changelogs//main/l/linux/linux_4.9.110-3+deb9u4_changelog>). Similarly, Ubuntu 16.04 ships a kernel that was [last updated 2018-08-27](<http://changelogs.ubuntu.com/changelogs/pool/main/l/linux-signed/linux-signed_4.15.0-34.37/changelog>). Android only ships security updates once a month. Therefore, when a security-critical fix is available in an upstream stable kernel, it can still take weeks before the fix is actually available to users - especially if the security impact is not announced publicly.\n\n** \n**\n\nIn this case, the security issue was announced on the oss-security mailing list on 2018-09-18, with a CVE allocation on 2018-09-19, making the need to ship new distribution kernels to users clearer. Still: As of 2018-09-26, both Debian and Ubuntu (in releases 16.04 and 18.04) track the bug as unfixed:\n\n** \n**\n\n[https://security-tracker.debian.org/tracker/CVE-2018-17182](<https://security-tracker.debian.org/tracker/CVE-2018-17182>)\n\n[https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17182.html](<https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-17182.html>)\n\n** \n**\n\nFedora pushed an update to users on 2018-09-22: [https://bugzilla.redhat.com/show_bug.cgi?id=1631206#c8](<https://bugzilla.redhat.com/show_bug.cgi?id=1631206#c8>)\n\n# Conclusion\n\nThis exploit shows how much impact the kernel configuration can have on how easy it is to write an exploit for a kernel bug. While simply turning on every security-related kernel configuration option is probably a bad idea, some of them - like the kernel.dmesg_restrict sysctl - seem to provide a reasonable tradeoff when enabled.\n\n \n\n\nThe fix timeline shows that the kernel's approach to handling severe security bugs is very efficient at quickly landing fixes in the git master tree, but leaves a window of exposure between the time an upstream fix is published and the time the fix actually becomes available to users - and this time window is sufficiently large that a kernel exploit could be written by an attacker in the meantime.\n", "modified": "2018-09-26T00:00:00", "published": "2018-09-26T00:00:00", "id": "GOOGLEPROJECTZERO:D7DEB3818D827701DD24C3DC04B54055", "href": "https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html", "type": "googleprojectzero", "title": "\nA cache invalidation bug in Linux memory management\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2019-01-14T20:46:20", "bulletinFamily": "blog", "cvelist": ["CVE-2018-14634", "CVE-2018-17182"], "description": "In our latest security news digest, we check out the Facebook hack heard 'round the world, a Twitter bug that rattled users but may not amount to much, and a pair of serious Linux kernel vulnerabilities.\n\n### Facebook scrambles to investigate major breach affecting tens of millions of users\n\n\n\nThe cyber security world shook on Friday upon learning that attackers exploited a software flaw on Facebook that allowed them to [obtain access tokens](<https://www.nytimes.com/2018/09/28/technology/facebook-hack-data-breach.html>) for 50 million accounts, with another 40 million accounts possibly also affected.\n\nEqually or even more concerning: The purloined tokens could have been used to access accounts in other websites into which their users log in with their Facebook credentials, such as Spotify and AirBnB.\n\nFacebook inadvertently introduced the bug in July of last year. After investigating unusual activity detected in mid-September of this year, [Facebook discovered the attack last week](<https://newsroom.fb.com/news/2018/09/security-update/>).\n\nThe attack has made global headlines since its disclosure on Sept. 28, and has naturally drawn scrutiny from security experts, government regulators, Facebook users, and industry observers.\n\n\"It's surprising to me that as popular as Facebook is, no white hat hacker ever discovered and reported this flaw in the past, neither an external pen tester nor Facebook's internal IT security team,\" Paul Bischoff, privacy advocate with Comparitech, told [Dark Reading](<https://www.darkreading.com/attacks-breaches/facebook-hacked-50-million-users-affected/d/d-id/1332927>).\n\nIt\u2019s not clear if nor how the accounts may have been misused, but the company warned that the investigation is in its very early stages.\n\nMany are speculating whether the incident will land Facebook in hot water with r[egulators globally](<https://www.theverge.com/2018/10/1/17922946/facebook-breach-gdpr-lawsuit-privacy-commissioner-europe>), especially [in the EU](<https://www.wsj.com/articles/facebook-faces-potential-1-63-billion-fine-in-europe-over-data-breach-1538330906>), whose severe General Data Protection Regulation (GDPR) went into effect in May, with potential fines of up to 4% of a company's annual revenue.\n\nThe vulnerability is triggered in a specific scenario involving the \u201cView As\u201d feature and a video uploader launched in July 2017:\n\n * \u201cView As,\u201d which lets Facebook account holders see how their timeline looks like to other users, mistakenly included the video uploader in certain cases.\n * The video uploader in turn generated a token for accessing the account of the user whose view of the timeline was being replicated.\n * With this token, that user\u2019s account could be accessed and taken over.\n\nGuy Rosen, a Facebook VP of Product Management, said during a [press conference](<https://fbnewsroomus.files.wordpress.com/2018/09/9-28-press-call-transcript.pdf>) that the attack was carried out in a large scale. More details were provided during a [second press call](<https://fbnewsroomus.files.wordpress.com/2018/09/9-28-afternoon-press-call.pdf>).\n\nFacebook reset the access tokens of the 50 million affected accounts, as well as the tokens of another 40 million accounts that were subject to a \u201cView As\u201d look-up in the last year. It also notified law enforcement agencies. The company said it will provide more details as its investigation progresses.\n\nMore information:\n\n[Facebook's security flaws exposed more than Facebook \u2014 here's what (little) you can do](<https://www.nbcnews.com/tech/tech-news/facebook-s-security-flaws-exposed-more-facebook-here-s-what-n915321>) (NBC News)\n\n[MPs demand answer from Facebook boss over hack shock](<https://www.telegraph.co.uk/business/2018/09/30/mps-demand-answer-facebook-boss-hack-shock/>) (The Telegraph)\n\n[Facebook warns that third-party apps could have been affected by recent breach](<https://www.digitaltrends.com/news/facebook-security-hack-3rd-parties/>) (Digital Trends)\n\n[Facebook Security Bug Affects 90M Users](<https://krebsonsecurity.com/2018/09/facebook-security-bug-affects-90m-users/>) (Krebs on Security)\n\n### Twitter misdirects DMs, private tweets -- sorta, maybe\n\nFacebook wasn\u2019t the only social media giant that discovered a year-old bug that put user data at risk. A flaw in Twitter\u2019s [Account Activity API](<https://developer.twitter.com/en/products/accounts-and-users/account-activity-api.html>) (AAAPI) may have caused direct messages or private tweets to be sent to the wrong recipients.\n\n\n\nIn all potential cases, the errant DMs or tweets would have been sent from a personal account to a business account, such as those of an airline or a restaurant, and would have been incorrectly delivered to a developer registered in Twitter\u2019s developer program.\n\nThe bug was active for about 15 months -- between May 2017 and Sept. 10 of this year -- but Twitter believes that instances of the routing error were probably rare.\n\n\u201cBased on our initial analysis, a complex series of technical circumstances had to occur at the same time for this bug to have resulted in account information definitively being shared with the wrong source,\u201d [reads](<https://help.twitter.com/en/account-activity-api>) a company statement.\n\nA detailed explanation of the combination of variables needed for the flaw to be triggered can be found in a [Twitter statement aimed at developers](<https://blog.twitter.com/developer/en_us/topics/tools/2018/details-for-developers-on-Account-Activity-API-bug.html>).\n\nTwitter estimates that less than 1% of Twitter\u2019s 336 million users may have been affected, and it hasn\u2019t yet found an instance in which a DM or private tweet went to the wrong recipient. \u201cBut we can\u2019t conclusively confirm it didn\u2019t happen,\u201d the company\u2019s tech support team said in a [tweet](<https://twitter.com/TwitterSupport/status/1043186915455819776>).\n\nIn addition to patching the bug, Twitter has contacted potentially-impacted users and developers.\n\nMore information:\n\n[Twitter may have sent your private DMs to the wrong people -- but probably not](<https://www.cnet.com/news/twitter-may-have-sent-your-private-dms-to-the-wrong-people-but-probably-not/>) (Cnet)\n\n[Twitter Flaw Exposed Direct Messages To External Developers](<https://threatpost.com/twitter-flaw-exposed-direct-messages-to-external-developers/137608/>) (ThreatPost)\n\n[Twitter Bug That 'May Have' Exposed Direct Messages Probably Didn't Expose Anything](<https://gizmodo.com/twitter-bug-that-may-have-exposed-direct-messages-proba-1829236101>) (Gizmodo)\n\n### Serious Linux kernel bugs discovered\n\nA pair of Linux kernel bugs were separately discovered -- one by Google\u2019s Project Zero team, the other by Qualys researchers.\n\nGoogle\u2019s team found a cache invalidation bug ([CVE-2018-17182](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17182>)) in Linux's memory management from version 3.16 through version 4.18.8, in which the vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. \n\n\u201cAn attacker can trigger a use-after-free -- and possibly gain privileges -- via certain thread creation, map, unmap, invalidation, and dereference operations,\u201d explains NIST in the National Vulnerability Database [entry](<https://nvd.nist.gov/vuln/detail/CVE-2018-17182>).\n\nThe Project Zero blog has a [detailed rundown](<https://googleprojectzero.blogspot.com/2018/09/a-cache-invalidation-bug-in-linux.html>) of the bug.\n\n\n\nMeanwhile, Qualys discovered an integer overflow flaw ([CVE-2018-14634](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14634>)) in the Linux kernel's create_elf_tables() function. \u201cOn a 64-bit system, a local attacker can exploit this vulnerability via a SUID-root binary and obtain full root privileges,\u201d [reads](<https://www.qualys.com/2018/09/25/cve-2018-14634/mutagen-astronomy-integer-overflow-linux-create_elf_tables-cve-2018-14634.txt>) the Qualys advisory.\n\nThreatPost has [more details](<https://threatpost.com/local-privilege-escalation-flaw-in-linux-kernel-allows-root-access/137748/>) about the so-called \u201cMutagen Astronomy\u201d flaw, which is believed to affect Linux kernel versions 2.6.x, 3.10.x and 4.14.x, according to the NIST vulnerability database [entry](<https://nvd.nist.gov/vuln/detail/CVE-2018-14634>).\n\nMore information\n\n[Linux: VMA use-after-free via buggy vmacache_flush_all() fastpath](<https://bugs.chromium.org/p/project-zero/issues/detail?id=1664>) (Chromium blog)\n\n[Another Linux Kernel Bug Surfaces, Allowing Root Access](<https://threatpost.com/another-linux-kernel-bug-surfaces-allowing-root-access/137800/>) (ThreatPost)\n\n[Google Hacker Discloses New Linux Kernel Vulnerability and PoC Exploit](<https://thehackernews.com/2018/09/linux-kernel-exploit.html>) (The Hacker News)\n\n[Red Hat advisory about CVE-2018-17182](<https://access.redhat.com/security/cve/cve-2018-17182>) (Red Hat)\n\n[New Linux 'Mutagen Astronomy' security flaw impacts Red Hat and CentOS distros](<https://www.zdnet.com/article/new-linux-mutagen-astronomy-security-flaw-impacts-red-hat-and-centos-distros/>) (ZDNet)\n\n[Linux Kernel Vulnerability Affects Red Hat, CentOS, Debian](<https://www.securityweek.com/linux-kernel-vulnerability-affects-red-hat-centos-debian>) (SecurityWeek)\n\n**In other security news \u2026**\n\n * Between roughly mid-August and mid-September, hackers stole credit card data from electronics retailer Newegg\u2019s website after inserting card-skimming code on the payments page, [TechCrunch reported](<https://techcrunch.com/2018/09/19/newegg-credit-card-data-breach/>). The company [confirmed](<https://twitter.com/Newegg/status/1042466284577779712>) the incident happened, and posted an [FAQ](<https://kb.newegg.com/knowledge-base/2018-data-security-update-faq/?cm_mmc=snc-twitter-_-kb-faq-_-na-_-na>) about the issue.\n * Fashion retailer SHEIN suffered a breach in which personal information from almost 6.5 million customers was stolen over a period of about two months -- between June and August of this year, the [company said](<https://www.prnewswire.com/news-releases/shein-notifies-customers-who-may-have-been-affected-by-data-breach-300717103.html>). SHEIN also has an [FAQ](<https://us.shein.com/datasecurity?ref=www&rep=dir&ret=us>) for concerned customers.\n * Cisco\u2019s Talos division published [research](<https://blog.talosintelligence.com/2018/09/vpnfilter-part-3.html>) shedding more light on the VPNFilter malware that has [infected routers](<https://threatpost.com/vpnfilter-malware-infects-500k-routers-including-linksys-mikrotik-netgear/132212/>) worldwide recently. \u201cAs a result of the capabilities we previously discovered in VPNFilter coupled with our new findings, we now confirm that VPNFilter provides attackers all of the functionality required to leverage compromised network and storage devices to further pivot into and attack systems within the network environments that are being targeted,\u201d the researchers wrote.", "modified": "2018-10-02T00:02:16", "published": "2018-10-02T00:02:16", "id": "QUALYSBLOG:E0BBF71ADDC85C29DACA1D4E2072567E", "href": "https://blog.qualys.com/news/2018/10/01/hackers-exploit-facebook-bug-as-twitter-dms-maybe-got-misrouted", "type": "qualysblog", "title": "Hackers Exploit Facebook Bug, As Twitter DMs (Maybe) Got Misrouted", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17182", "CVE-2018-18021"], "description": "The kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es):\n\n* kernel: Use-after-free in the vmacache_flush_all function resulting in a possible privilege escalation (CVE-2018-17182)\n\n* kernel: Privilege escalation on arm64 via KVM hypervisor (CVE-2018-18021)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\nThese updated kernel packages include also numerous bug fixes. Space precludes documenting all of the bug fixes in this advisory. See the descriptions in the related Knowledge Article: https://access.redhat.com/articles/3714391", "modified": "2018-11-27T04:00:51", "published": "2018-11-27T04:00:21", "id": "RHSA-2018:3656", "href": "https://access.redhat.com/errata/RHSA-2018:3656", "type": "redhat", "title": "(RHSA-2018:3656) Important: kernel-alt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:35:46", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17182", "CVE-2018-16658", "CVE-2018-14633"], "description": "**Issue Overview:**\n\nA security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.([CVE-2018-14633 __](<https://access.redhat.com/security/cve/CVE-2018-14633>) )\n\nAn information leak was discovered in the Linux kernel in cdrom_ioctl_drive_status() function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location.([CVE-2018-16658 __](<https://access.redhat.com/security/cve/CVE-2018-16658>) )\n\nA security flaw was discovered in the Linux kernel. The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.([CVE-2018-17182 __](<https://access.redhat.com/security/cve/CVE-2018-17182>) )\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ and reboot your instance to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-headers-4.14.72-73.55.amzn2.i686 \n \n src: \n kernel-4.14.72-73.55.amzn2.src \n \n x86_64: \n kernel-4.14.72-73.55.amzn2.x86_64 \n kernel-headers-4.14.72-73.55.amzn2.x86_64 \n kernel-debuginfo-common-x86_64-4.14.72-73.55.amzn2.x86_64 \n perf-4.14.72-73.55.amzn2.x86_64 \n perf-debuginfo-4.14.72-73.55.amzn2.x86_64 \n python-perf-4.14.72-73.55.amzn2.x86_64 \n python-perf-debuginfo-4.14.72-73.55.amzn2.x86_64 \n kernel-tools-4.14.72-73.55.amzn2.x86_64 \n kernel-tools-devel-4.14.72-73.55.amzn2.x86_64 \n kernel-tools-debuginfo-4.14.72-73.55.amzn2.x86_64 \n kernel-devel-4.14.72-73.55.amzn2.x86_64 \n kernel-debuginfo-4.14.72-73.55.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2018-10-08T22:12:00", "published": "2018-10-08T22:12:00", "id": "ALAS2-2018-1086", "href": "https://alas.aws.amazon.com/AL2/ALAS-2018-1086.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-11-10T12:35:12", "bulletinFamily": "unix", "cvelist": ["CVE-2018-17182", "CVE-2018-20856", "CVE-2018-16658", "CVE-2018-14633"], "description": "**Issue Overview:**\n\nA security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target&#x27;s code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.([CVE-2018-14633 __](<https://access.redhat.com/security/cve/CVE-2018-14633>))\n\nAn information leak was discovered in the Linux kernel in cdrom_ioctl_drive_status() function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location.([CVE-2018-16658 __](<https://access.redhat.com/security/cve/CVE-2018-16658>))\n\nA security flaw was discovered in the Linux kernel. The vmacache_flush_all() function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.([CVE-2018-17182 __](<https://access.redhat.com/security/cve/CVE-2018-17182>))\n\nA flaw was found in the Linux kernels block driver implementation (blk_drain_queue() function) where a use-after-free condition could be triggered while draining the outstanding command queue in the systems block device subsystem. An attacker could use this flaw to crash the system or corrupt local memory, which may lead to privilege escalation.([CVE-2018-20856 __](<https://access.redhat.com/security/cve/CVE-2018-20856>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ and reboot your instance to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-common-i686-4.14.72-68.55.amzn1.i686 \n kernel-headers-4.14.72-68.55.amzn1.i686 \n kernel-tools-devel-4.14.72-68.55.amzn1.i686 \n kernel-4.14.72-68.55.amzn1.i686 \n kernel-tools-4.14.72-68.55.amzn1.i686 \n perf-4.14.72-68.55.amzn1.i686 \n kernel-debuginfo-4.14.72-68.55.amzn1.i686 \n kernel-tools-debuginfo-4.14.72-68.55.amzn1.i686 \n kernel-devel-4.14.72-68.55.amzn1.i686 \n perf-debuginfo-4.14.72-68.55.amzn1.i686 \n \n src: \n kernel-4.14.72-68.55.amzn1.src \n \n x86_64: \n kernel-debuginfo-4.14.72-68.55.amzn1.x86_64 \n perf-debuginfo-4.14.72-68.55.amzn1.x86_64 \n perf-4.14.72-68.55.amzn1.x86_64 \n kernel-devel-4.14.72-68.55.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.72-68.55.amzn1.x86_64 \n kernel-tools-4.14.72-68.55.amzn1.x86_64 \n kernel-headers-4.14.72-68.55.amzn1.x86_64 \n kernel-4.14.72-68.55.amzn1.x86_64 \n kernel-tools-devel-4.14.72-68.55.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.14.72-68.55.amzn1.x86_64 \n \n \n", "edition": 8, "modified": "2018-10-03T02:57:00", "published": "2018-10-03T02:57:00", "id": "ALAS-2018-1086", "href": "https://alas.aws.amazon.com/ALAS-2018-1086.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:50", "bulletinFamily": "software", "cvelist": ["CVE-2018-10853", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-14633", "CVE-2018-15572", "CVE-2018-6554"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 16.04\n\n# Description\n\nUSN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttil\u00e4 discovered that the KVM implementation in the Linux kernel did not properly check privilege levels when emulating some instructions. An unprivileged attacker in a guest VM could use this to escalate privileges within the guest. (CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555)\n\nCVEs contained in this USN include: CVE-2018-10853, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 97.x versions prior to 97.19\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 97.x versions to 97.19\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3777-2](<https://usn.ubuntu.com/3777-2>)\n * [CVE-2018-10853](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10853>)\n * [CVE-2018-14633](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14633>)\n * [CVE-2018-15572](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15572>)\n * [CVE-2018-15594](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15594>)\n * [CVE-2018-17182](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17182>)\n * [CVE-2018-6554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6554>)\n * [CVE-2018-6555](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6555>)\n", "edition": 4, "modified": "2018-10-09T00:00:00", "published": "2018-10-09T00:00:00", "id": "CFOUNDRY:2AA1F360A02E665F9D2B19AB7EF0CAA9", "href": "https://www.cloudfoundry.org/blog/usn-3777-2/", "title": "USN-3777-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:32:51", "bulletinFamily": "software", "cvelist": ["CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-14633", "CVE-2017-18216", "CVE-2018-10902", "CVE-2018-15572", "CVE-2018-6554"], "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555)\n\nCVEs contained in this USN include: CVE-2017-18216, CVE-2018-10902, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-16276, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.46\n * 3541.x versions prior to 3541.52\n * 3468.x versions prior to 3468.73\n * 3445.x versions prior to 3445.71\n * 3421.x versions prior to 3421.86\n * 3363.x versions prior to 3363.78\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.46\n * Upgrade 3541.x versions to 3541.52\n * Upgrade 3468.x versions to 3468.73\n * Upgrade 3445.x versions to 3445.71\n * Upgrade 3421.x versions to 3421.86\n * Upgrade 3363.x versions to 3363.78\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n\n# References\n\n * [USN-3776-2](<https://usn.ubuntu.com/3776-2>)\n * [CVE-2017-18216](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18216>)\n * [CVE-2018-10902](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10902>)\n * [CVE-2018-14633](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14633>)\n * [CVE-2018-15572](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15572>)\n * [CVE-2018-15594](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15594>)\n * [CVE-2018-16276](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16276>)\n * [CVE-2018-17182](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17182>)\n * [CVE-2018-6554](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6554>)\n * [CVE-2018-6555](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6555>)\n", "edition": 4, "modified": "2018-10-03T00:00:00", "published": "2018-10-03T00:00:00", "id": "CFOUNDRY:90693B873E1E97B4D1CACB5D7BD374ED", "href": "https://www.cloudfoundry.org/blog/usn-3776-2/", "title": "USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:35:56", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2017-5715", "CVE-2018-14633", "CVE-2018-3639", "CVE-2018-15572", "CVE-2018-6554"], "description": "USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 \n%LTS. This update provides the corresponding updates for the \nLinux kernel for Azure Cloud systems.\n\nJann Horn discovered that the vmacache subsystem did not properly handle \nsequence number overflows, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux \nkernel did not properly handle some indirect calls, reducing the \neffectiveness of Spectre v2 mitigations for paravirtual guests. A local \nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and \nprediction of return addresses via Return Stack Buffer (RSB) may allow \nunauthorized memory reads via sidechannel attacks. An attacker could use \nthis to expose sensitive information. (CVE-2018-15572)\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand branch prediction may allow unauthorized memory reads via sidechannel \nattacks. This flaw is known as Spectre. A local attacker could use this to \nexpose sensitive information, including kernel memory. (CVE-2017-5715)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI \ntarget implementation of the Linux kernel. A remote attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14633)\n\nJann Horn and Ken Johnson discovered that microprocessors utilizing \nspeculative execution of a memory read may allow unauthorized memory reads \nvia a sidechannel attack. This flaw is known as Spectre Variant 4. A local \nattacker could use this to expose sensitive information, including kernel \nmemory. (CVE-2018-3639)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the \nLinux kernel. A local attacker could use this to cause a denial of service \n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-6555)", "edition": 4, "modified": "2018-10-23T00:00:00", "published": "2018-10-23T00:00:00", "id": "USN-3777-3", "href": "https://ubuntu.com/security/notices/USN-3777-3", "title": "Linux kernel (Azure) vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-07-02T11:41:23", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10853", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-14633", "CVE-2018-3639", "CVE-2018-15572", "CVE-2018-6554"], "description": "Jann Horn discovered that the vmacache subsystem did not properly handle \nsequence number overflows, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux \nkernel did not properly handle some indirect calls, reducing the \neffectiveness of Spectre v2 mitigations for paravirtual guests. A local \nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and \nprediction of return addresses via Return Stack Buffer (RSB) may allow \nunauthorized memory reads via sidechannel attacks. An attacker could use \nthis to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttil\u00e4 discovered that the KVM implementation \nin the Linux kernel did not properly check privilege levels when emulating \nsome instructions. An unprivileged attacker in a guest VM could use this to \nescalate privileges within the guest. (CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI \ntarget implementation of the Linux kernel. A remote attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the \nLinux kernel. A local attacker could use this to cause a denial of service \n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-6555)\n\nUSN 3652-1 added a mitigation for Speculative Store Bypass \na.k.a. Spectre Variant 4 (CVE-2018-3639). This update provides the \ncorresponding mitigation for ARM64 processors. Please note that for \nthis mitigation to be effective, an updated firmware for the processor \nmay be required.", "edition": 70, "modified": "2018-10-01T00:00:00", "published": "2018-10-01T00:00:00", "id": "USN-3777-1", "href": "https://ubuntu.com/security/notices/USN-3777-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-07-02T11:33:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10853", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-14633", "CVE-2018-3639", "CVE-2018-15572", "CVE-2018-6554"], "description": "USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu \n16.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle \nsequence number overflows, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux \nkernel did not properly handle some indirect calls, reducing the \neffectiveness of Spectre v2 mitigations for paravirtual guests. A local \nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and \nprediction of return addresses via Return Stack Buffer (RSB) may allow \nunauthorized memory reads via sidechannel attacks. An attacker could use \nthis to expose sensitive information. (CVE-2018-15572)\n\nAndy Lutomirski and Mika Penttil\u00e4 discovered that the KVM implementation \nin the Linux kernel did not properly check privilege levels when emulating \nsome instructions. An unprivileged attacker in a guest VM could use this to \nescalate privileges within the guest. (CVE-2018-10853)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI \ntarget implementation of the Linux kernel. A remote attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the \nLinux kernel. A local attacker could use this to cause a denial of service \n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-6555)\n\nUSN 3653-2 added a mitigation for Speculative Store Bypass \na.k.a. Spectre Variant 4 (CVE-2018-3639). This update provides the \ncorresponding mitigation for ARM64 processors. Please note that for \nthis mitigation to be effective, an updated firmware for the processor \nmay be required. \n'", "edition": 70, "modified": "2018-10-01T00:00:00", "published": "2018-10-01T00:00:00", "id": "USN-3777-2", "href": "https://ubuntu.com/security/notices/USN-3777-2", "title": "Linux kernel (HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-07-02T11:44:54", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-14633", "CVE-2017-18216", "CVE-2018-10902", "CVE-2018-15572", "CVE-2018-6554"], "description": "Jann Horn discovered that the vmacache subsystem did not properly handle \nsequence number overflows, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux \nkernel did not properly handle some indirect calls, reducing the \neffectiveness of Spectre v2 mitigations for paravirtual guests. A local \nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and \nprediction of return addresses via Return Stack Buffer (RSB) may allow \nunauthorized memory reads via sidechannel attacks. An attacker could use \nthis to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the \nOCFS2 file system implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI \ntarget implementation of the Linux kernel. A remote attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A physically proximate \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the \nLinux kernel. A local attacker could use this to cause a denial of service \n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-6555)", "edition": 6, "modified": "2018-10-01T00:00:00", "published": "2018-10-01T00:00:00", "id": "USN-3776-1", "href": "https://ubuntu.com/security/notices/USN-3776-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-07-02T11:39:19", "bulletinFamily": "unix", "cvelist": ["CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-14633", "CVE-2017-18216", "CVE-2018-10902", "CVE-2018-15572", "CVE-2018-6554"], "description": "USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle \nsequence number overflows, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux \nkernel did not properly handle some indirect calls, reducing the \neffectiveness of Spectre v2 mitigations for paravirtual guests. A local \nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and \nprediction of return addresses via Return Stack Buffer (RSB) may allow \nunauthorized memory reads via sidechannel attacks. An attacker could use \nthis to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the \nOCFS2 file system implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI \ntarget implementation of the Linux kernel. A remote attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A physically proximate \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the \nLinux kernel. A local attacker could use this to cause a denial of service \n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-6555)", "edition": 6, "modified": "2018-10-01T00:00:00", "published": "2018-10-01T00:00:00", "id": "USN-3776-2", "href": "https://ubuntu.com/security/notices/USN-3776-2", "title": "Linux kernel (Xenial HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "suse": [{"lastseen": "2018-10-17T22:30:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-13096", "CVE-2018-13098", "CVE-2018-13100", "CVE-2018-17182", "CVE-2018-13099", "CVE-2018-7757", "CVE-2018-16597", "CVE-2018-16276", "CVE-2018-14617", "CVE-2018-7480", "CVE-2018-13097", "CVE-2018-14633", "CVE-2018-14613"], "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.159 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-13096: A denial of service (out-of-bounds memory access and\n BUG) can occur upon encountering an abnormal bitmap size when mounting a\n crafted f2fs image (bnc#1100062).\n - CVE-2018-13097: There is an out-of-bounds read or a divide-by-zero error\n for an incorrect user_block_count in a corrupted f2fs image, leading to\n a denial of service (BUG) (bnc#1100061).\n - CVE-2018-13098: A denial of service (slab out-of-bounds read and BUG)\n can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is\n set in an inode (bnc#1100060).\n - CVE-2018-13099: A denial of service (out-of-bounds memory access and\n BUG) can occur for a modified f2fs filesystem image in which an inline\n inode contains an invalid reserved blkaddr (bnc#1100059).\n - CVE-2018-13100: An issue was discovered in fs/f2fs/super.c which did not\n properly validate secs_per_zone in a corrupted f2fs image, as\n demonstrated by a divide-by-zero error (bnc#1100056).\n - CVE-2018-14613: There is an invalid pointer dereference in\n io_ctl_map_page() when mounting and operating a crafted btrfs image,\n because of a lack of block group item validation in check_leaf_item in\n fs/btrfs/tree-checker.c (bnc#1102896).\n - CVE-2018-14617: There is a NULL pointer dereference and panic in\n hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is\n purportedly a hard link) in an hfs+ filesystem that has malformed\n catalog data, and is mounted read-only without a metadata directory\n (bnc#1102870).\n - CVE-2018-14633: A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target code in the Linux\n kernel in a way an authentication request from an ISCSI initiator is\n processed. An unauthenticated remote attacker can cause a stack buffer\n overflow and smash up to 17 bytes of the stack. The attack requires the\n iSCSI target to be enabled on the victim host. Depending on how the\n target's code was built (i.e. depending on a compiler, compile flags and\n hardware architecture) an attack may lead to a system crash and thus to\n a denial-of-service or possibly to a non-authorized access to data\n exported by an iSCSI target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we believe it is highly\n unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be\n vulnerable (bnc#1107829).\n - CVE-2018-16276: Local attackers could use user access read/writes with\n incorrect bounds checking in the yurex USB driver to crash the kernel or\n potentially escalate privileges (bnc#1106095).\n - CVE-2018-16597: Incorrect access checking in overlayfs mounts could be\n used by local attackers to modify or truncate files in the underlying\n filesystem (bnc#1106512).\n - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\n mishandled sequence number overflows. An attacker can trigger a\n use-after-free (and possibly gain privileges) via certain thread\n creation, map, unmap, invalidation, and dereference operations\n (bnc#1108399).\n - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c\n allowed local users to cause a denial of service (double free) or\n possibly have unspecified other impact by triggering a creation failure\n (bnc#1082863).\n - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in\n drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial\n of service (memory consumption) via many read accesses to files in the\n /sys/class/sas_phy directory, as demonstrated by the\n /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).\n\n The following non-security bugs were fixed:\n\n - alsa: bebob: use address returned by kmalloc() instead of kernel stack\n for streaming DMA mapping (bnc#1012382).\n - alsa: emu10k1: fix possible info leak to userspace on\n SNDRV_EMU10K1_IOCTL_INFO (bnc#1012382).\n - alsa: hda - Fix cancel_work_sync() stall from jackpoll work\n (bnc#1012382).\n - alsa: msnd: Fix the default sample sizes (bnc#1012382).\n - alsa: pcm: Fix snd_interval_refine first/last with open min/max\n (bnc#1012382).\n - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro\n (bnc#1012382).\n - arc: [plat-axs*]: Enable SWAP (bnc#1012382).\n - arm64: bpf: jit JMP_JSET_{X,K} (bsc#1110613).\n - arm64: Correct type for PUD macros (bsc#1110600).\n - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger (bnc#1012382).\n - arm64: fix erroneous __raw_read_system_reg() cases (bsc#1110606).\n - arm64: Fix potential race with hardware DBM in ptep_set_access_flags()\n (bsc#1110605).\n - arm64: fpsimd: Avoid FPSIMD context leakage for the init task\n (bsc#1110603).\n - arm64: kasan: avoid bad virt_to_pfn() (bsc#1110612).\n - arm64: kasan: avoid pfn_to_nid() before page array is initialized\n (bsc#1110619).\n - arm64/kasan: do not allocate extra shadow memory (bsc#1110611).\n - arm64: kernel: Update kerneldoc for cpu_suspend() rename (bsc#1110602).\n - arm64: kgdb: handle read-only text / modules (bsc#1110604).\n - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow\n (bsc#1110618).\n - arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails\n (bsc#1110601).\n - arm64: supported.conf: mark armmmci as not supported\n - arm64 Update config files. (bsc#1110468) Set MMC_QCOM_DML to build-in\n and delete driver from supported.conf\n - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1110614).\n - arm: exynos: Clear global variable on init error path (bnc#1012382).\n - arm: hisi: check of_iomap and fix missing of_node_put (bnc#1012382).\n - arm: hisi: fix error handling and missing of_node_put (bnc#1012382).\n - arm: hisi: handle of_iomap and fix missing of_node_put (bnc#1012382).\n - asm/sections: add helpers to check for section data (bsc#1063026).\n - asoc: cs4265: fix MMTLR Data switch control (bnc#1012382).\n - asoc: wm8994: Fix missing break in switch (bnc#1012382).\n - ata: libahci: Correct setting of DEVSLP register (bnc#1012382).\n - ath10k: disable bundle mgmt tx completion event support (bnc#1012382).\n - ath10k: prevent active scans on potential unusable channels\n (bnc#1012382).\n - audit: fix use-after-free in audit_add_watch (bnc#1012382).\n - autofs: fix autofs_sbi() does not check super block type (bnc#1012382).\n - binfmt_elf: Respect error return from `regset-&gt;active' (bnc#1012382).\n - block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979).\n - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bnc#1012382).\n - Bluetooth: hidp: Fix handling of strncpy for hid-&gt;name information\n (bnc#1012382).\n - bpf: fix overflow in prog accounting (bsc#1012382).\n - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Add sanity check for EXTENT_DATA when reading out leaf\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Check that each block group has corresponding chunk at mount time\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Introduce mount time chunk &lt;-&gt; dev extent mapping check\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Move leaf and node validation checker to tree-checker.c\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: relocation: Only remove reloc rb_trees if reloc control has been\n initialized (bnc#1012382).\n - btrfs: replace: Reset on-disk dev stats value after replace\n (bnc#1012382).\n - btrfs: scrub: Do not use inode page cache in\n scrub_handle_errored_block() (bsc#1108096).\n - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Detect invalid and empty essential trees\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance output for check_extent_data_item\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: use correct compare function of dirty_metadata_bytes\n (bnc#1012382).\n - btrfs: Verify that every chunk has corresponding block group at mount\n time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - cfq: Give a chance for arming slice idle timer in case of group_idle\n (bnc#1012382).\n - cifs: check if SMB2 PDU size has been padded and suppress the warning\n (bnc#1012382).\n - cifs: fix wrapping bugs in num_entries() (bnc#1012382).\n - cifs: integer overflow in in SMB2_ioctl() (bsc#1012382).\n - cifs: prevent integer overflow in nxt_dir_entry() (bnc#1012382).\n - clk: imx6ul: fix missing of_node_put() (bnc#1012382).\n - coresight: Handle errors in finding input/output ports (bnc#1012382).\n - coresight: tpiu: Fix disabling timeouts (bnc#1012382).\n - cpu/hotplug: Fix SMT supported evaluation (bsc#1089343).\n - crypto: clarify licensing of OpenSSL asm code ().\n - crypto: sharah - Unregister correct algorithms for SAHARA 3\n (bnc#1012382).\n - crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes).\n - debugobjects: Make stack check warning more informative (bnc#1012382).\n - Define early_radix_enabled() (bsc#1094244).\n - Delete\n patches.fixes/slab-__GFP_ZERO-is-incompatible-with-a-constructor.patch\n (bnc#1110297) we still have a code which uses both __GFP_ZERO and\n constructors. The code seems to be correct and the warning does more\n harm than good so revert for the the meantime until we catch offenders.\n - dmaengine: pl330: fix irq race with terminate_all (bnc#1012382).\n - dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382).\n - dm-mpath: do not try to access NULL rq (bsc#1110337).\n - dm-mpath: finally fixup cmd_flags (bsc#1110930).\n - drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac\n config (bnc#1012382).\n - drivers: net: cpsw: fix segfault in case of bad phy-handle (bnc#1012382).\n - drm/amdkfd: Fix error codes in kfd_get_process (bnc#1012382).\n - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in\n connector_detect() (bnc#1012382).\n - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bnc#1012382).\n - EDAC: Fix memleak in module init error path (bsc#1109441).\n - EDAC, i7core: Fix memleaks and use-after-free on probe and remove\n (1109441).\n - ethernet: ti: davinci_emac: add missing of_node_put after calling\n of_parse_phandle (bnc#1012382).\n - ethtool: Remove trailing semicolon for static inline (bnc#1012382).\n - ext4: avoid divide by zero fault when deleting corrupted inline\n directories (bnc#1012382).\n - ext4: do not mark mmp buffer head dirty (bnc#1012382).\n - ext4: fix online resize's handling of a too-small final block group\n (bnc#1012382).\n - ext4: fix online resizing for bigalloc file systems with a 1k block size\n (bnc#1012382).\n - ext4: recalucate superblock checksum after updating free blocks/inodes\n (bnc#1012382).\n - f2fs: do not set free of current section (bnc#1012382).\n - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize\n (bnc#1012382).\n - fat: validate -&gt;i_start before using (bnc#1012382).\n - fbdev: Distinguish between interlaced and progressive modes\n (bnc#1012382).\n - fbdev/via: fix defined but not used warning (bnc#1012382).\n - Follow-up fix for\n patches.arch/01-jump_label-reduce-the-size-of-struct-static_key-kabi.patch.\n (bsc#1108803)\n - fork: do not copy inconsistent signal handler state to child\n (bnc#1012382).\n - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()\n (bnc#1012382).\n - fs/eventpoll: loosen irq-safety when possible (bsc#1096052).\n - genirq: Delay incrementing interrupt count if it's disabled/pending\n (bnc#1012382).\n - gfs2: Special-case rindex for gfs2_grow (bnc#1012382).\n - gpiolib: Mark gpio_suffixes array with __maybe_unused (bnc#1012382).\n - gpio: ml-ioh: Fix buffer underwrite on probe error path (bnc#1012382).\n - gpio: tegra: Move driver registration to subsys_init level (bnc#1012382).\n - gso_segment: Reset skb-&gt;mac_len after modifying network header\n (bnc#1012382).\n - hfsplus: do not return 0 when fill_super() failed (bnc#1012382).\n - hfs: prevent crash on exit from failed search (bnc#1012382).\n - HID: sony: Support DS4 dongle (bnc#1012382).\n - HID: sony: Update device ids (bnc#1012382).\n - i2c: i801: fix DNV's SMBCTRL register offset (bnc#1012382).\n - i2c: xiic: Make the start and the byte count write atomic (bnc#1012382).\n - i2c: xlp9xx: Add support for SMBAlert (bsc#1103308).\n - i2c: xlp9xx: Fix case where SSIF read transaction completes early\n (bsc#1103308).\n - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1103308).\n - i2c: xlp9xx: Make sure the transfer size is not more than\n I2C_SMBUS_BLOCK_SIZE (bsc#1103308).\n - ib/ipoib: Avoid a race condition between start_xmit and cm_rep_handler\n (bnc#1012382).\n - ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562).\n - input: atmel_mxt_ts - only use first T9 instance (bnc#1012382).\n - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105).\n - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register\n (bnc#1012382).\n - iommu/ipmmu-vmsa: Fix allocation in atomic context (bnc#1012382).\n - ipmi:ssif: Add support for multi-part transmit messages &gt; 2 parts\n (bsc#1103308).\n - ipv6: fix possible use-after-free in ip6_xmit() (bnc#1012382).\n - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()\n (bnc#1012382).\n - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP\n (bnc#1012382).\n - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar()\n (bnc#1012382).\n - iw_cxgb4: only allow 1 flush on user qps (bnc#1012382).\n - KABI: move the new handler to end of machdep_calls and hide it from\n genksyms (bsc#1094244).\n - kabi protect hnae_ae_ops (bsc#1107924).\n - kbuild: add .DELETE_ON_ERROR special target (bnc#1012382).\n - kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382).\n - kernel/params.c: downgrade warning for unsafe parameters (bsc#1050549).\n - kprobes/x86: Release insn_slot in failure path (bsc#1110006).\n - kthread: fix boot hang (regression) on MIPS/OpenRISC (bnc#1012382).\n - kthread: Fix use-after-free if kthread fork fails (bnc#1012382).\n - kvm: nVMX: Do not expose MPX VMX controls when guest MPX disabled\n (bsc#1106240).\n - kvm: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240).\n - kvm: x86: Do not re-{try,execute} after failed emulation in L2\n (bsc#1106240).\n - kvm: x86: Do not use kvm_x86_ops-&gt;mpx_supported() directly (bsc#1106240).\n - kvm: x86: fix APIC page invalidation (bsc#1106240).\n - kvm/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240).\n - kvm: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts\n disabled (bsc#1106240).\n - l2tp: cast l2tp traffic counter to unsigned (bsc#1099810).\n - locking/osq_lock: Fix osq_lock queue corruption (bnc#1012382).\n - locking/rwsem-xadd: Fix missed wakeup due to reordering of load\n (bnc#1012382).\n - lpfc: fixup crash in lpfc_els_unsol_buffer() (bsc#1107318).\n - mac80211: restrict delayed tailroom needed decrement (bnc#1012382).\n - macintosh/via-pmu: Add missing mmio accessors (bnc#1012382).\n - md/raid1: exit sync request if MD_RECOVERY_INTR is set (git-fixes).\n - md/raid5: fix data corruption of replacements after originals dropped\n (bnc#1012382).\n - media: videobuf2-core: check for q-&gt;error in vb2_core_qbuf()\n (bnc#1012382).\n - mei: bus: type promotion bug in mei_nfc_if_version() (bnc#1012382).\n - mei: me: allow runtime pm for platform with D0i3 (bnc#1012382).\n - mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382).\n - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bnc#1012382).\n - misc: hmc6352: fix potential Spectre v1 (bnc#1012382).\n - misc: mic: SCIF Fix scif_get_new_port() error handling (bnc#1012382).\n - misc: ti-st: Fix memory leak in the error path of probe() (bnc#1012382).\n - mmc: mmci: stop building qcom dml as module (bsc#1110468).\n - mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382).\n - mm: fix devmem_is_allowed() for sub-page System RAM intersections\n (bsc#1110006).\n - mm: get rid of vmacache_flush_all() entirely (bnc#1012382).\n - mm: shmem.c: Correctly annotate new inodes for lockdep (bnc#1012382).\n - mtdchar: fix overflows in adjustment of `count` (bnc#1012382).\n - mtd/maps: fix solutionengine.c printk format warnings (bnc#1012382).\n - neighbour: confirm neigh entries when ARP packet is received\n (bnc#1012382).\n - net/9p: fix error path of p9_virtio_probe (bnc#1012382).\n - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT\n (bnc#1012382).\n - net: bcmgenet: use MAC link status for fixed phy (bnc#1012382).\n - net: dcb: For wild-card lookups, use priority -1, not 0 (bnc#1012382).\n - net: ena: Eliminate duplicate barriers on weakly-ordered archs\n (bsc#1108240).\n - net: ena: fix device destruction to gracefully free resources\n (bsc#1108240).\n - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240).\n - net: ena: fix incorrect usage of memory barriers (bsc#1108240).\n - net: ena: fix missing calls to READ_ONCE (bsc#1108240).\n - net: ena: fix missing lock during device destruction (bsc#1108240).\n - net: ena: fix potential double ena_destroy_device() (bsc#1108240).\n - net: ena: fix surprise unplug NULL dereference kernel crash\n (bsc#1108240).\n - net: ethernet: mvneta: Fix napi structure mixup on armada 3700\n (bsc#1110616).\n - net: ethernet: ti: cpsw: fix mdio device reference leak (bnc#1012382).\n - netfilter: x_tables: avoid stack-out-of-bounds read in\n xt_copy_counters_from_user (bnc#1012382).\n - net: hns: add netif_carrier_off before change speed and duplex\n (bsc#1107924).\n - net: hns: add the code for cleaning pkt in chip (bsc#1107924).\n - net: hp100: fix always-true check for link up state (bnc#1012382).\n - net: mvneta: fix mtu change on port without link (bnc#1012382).\n - net: mvneta: fix mvneta_config_rss on armada 3700 (bsc#1110615).\n - nfc: Fix possible memory corruption when handling SHDLC I-Frame commands\n (bnc#1012382).\n - nfc: Fix the number of pipes (bnc#1012382).\n - nfs: Use an appropriate work queue for direct-write completion\n (bsc#1082519).\n - nfsv4.0 fix client reference leak in callback (bnc#1012382).\n - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device\n (bsc#1044189).\n - nvmet: fixup crash on NULL device path (bsc#1082979).\n - ocfs2: fix ocfs2 read block panic (bnc#1012382).\n - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512)\n - ovl: proper cleanup of workdir (bnc#1012382).\n - ovl: rename is_merge to is_lowest (bnc#1012382).\n - parport: sunbpp: fix error return code (bnc#1012382).\n - partitions/aix: append null character to print data from disk\n (bnc#1012382).\n - partitions/aix: fix usage of uninitialized lv_info and lvname structures\n (bnc#1012382).\n - PCI: altera: Fix bool initialization in tlp_read_packet() (bsc#1109806).\n - PCI: designware: Fix I/O space page leak (bsc#1109806).\n - PCI: designware: Fix pci_remap_iospace() failure path (bsc#1109806).\n - PCI: mvebu: Fix I/O space end address calculation (bnc#1012382).\n - PCI: OF: Fix I/O space page leak (bsc#1109806).\n - PCI: pciehp: Fix unprotected list iteration in IRQ handler (bsc#1109806).\n - PCI: shpchp: Fix AMD POGO identification (bsc#1109806).\n - PCI: Supply CPU physical address (not bus address) to\n iomem_is_exclusive() (bsc#1109806).\n - PCI: versatile: Fix I/O space page leak (bsc#1109806).\n - PCI: versatile: Fix pci_remap_iospace() failure path (bsc#1109806).\n - PCI: xgene: Fix I/O space page leak (bsc#1109806).\n - PCI: xilinx: Add missing of_node_put() (bsc#1109806).\n - perf powerpc: Fix callchain ip filtering (bnc#1012382).\n - perf powerpc: Fix callchain ip filtering when return address is in a\n register (bnc#1012382).\n - perf tools: Allow overriding MAX_NR_CPUS at compile time (bnc#1012382).\n - phy: qcom-ufs: add MODULE_LICENSE tag (bsc#1110468).\n - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant\n (bnc#1012382).\n - pipe: actually allow root to exceed the pipe buffer limit (git-fixes).\n - platform/x86: alienware-wmi: Correct a memory leak (bnc#1012382).\n - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360\n (bnc#1012382).\n - platform/x86: toshiba_acpi: Fix defined but not used build warnings\n (bnc#1012382).\n - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244).\n - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244).\n - powerpc/book3s: Fix MCE console messages for unrecoverable MCE\n (bsc#1094244).\n - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269).\n - powerpc/fadump: re-register firmware-assisted dump if already registered\n (bsc#1108170, bsc#1108823).\n - powerpc: Fix size calculation using resource_size() (bnc#1012382).\n - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244).\n - powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244).\n - powerpc/numa: Use associativity if VPHN hcall is successful\n (bsc#1110363).\n - powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check\n (git-fixes).\n - powerpc/powernv/ioda2: Reduce upper limit for DMA window size\n (bsc#1066223).\n - powerpc/powernv: opal_put_chars partial write fix (bnc#1012382).\n - powerpc/powernv: Rename machine_check_pSeries_early() to powernv\n (bsc#1094244).\n - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX\n (bnc#1012382).\n - powerpc/pseries: Defer the logging of rtas error to irq work queue\n (bsc#1094244).\n - powerpc/pseries: Define MCE error event section (bsc#1094244).\n - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223).\n - powerpc/pseries: Display machine check error details (bsc#1094244).\n - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244).\n - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244).\n - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337).\n - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495,\n bsc#1109337).\n - powerpc/tm: Avoid possible userspace r1 corruption on reclaim\n (bsc#1109333).\n - powerpc/tm: Fix userspace r13 corruption (bsc#1109333).\n - printk: do not spin in printk when in nmi (bsc#1094244).\n - pstore: Fix incorrect persistent ram buffer mapping (bnc#1012382).\n - rdma/cma: Do not ignore net namespace for unbound cm_id (bnc#1012382).\n - rdma/cma: Protect cma dev list with lock (bnc#1012382).\n - rdma/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header\n (bsc#1082979).\n - reiserfs: change j_timestamp type to time64_t (bnc#1012382).\n - Revert &quot;ARM: imx_v6_v7_defconfig: Select ULPI support&quot; (bnc#1012382).\n - Revert &quot;dma-buf/sync-file: Avoid enable fence signaling if\n poll(.timeout=0)&quot; (bsc#1111363).\n - Revert &quot;Drop kernel trampoline stack.&quot; This reverts commit\n 85dead31706c1c1755adff90405ff9861c39c704.\n - Revert &quot;kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)&quot;\n This reverts commit edde1f21880e3bfe244c6f98a3733b05b13533dc.\n - Revert &quot;mm: get rid of vmacache_flush_all() entirely&quot; (kabi).\n - Revert &quot;NFC: Fix the number of pipes&quot; (kabi).\n - ring-buffer: Allow for rescheduling when removing pages (bnc#1012382).\n - rtc: bq4802: add error handling for devm_ioremap (bnc#1012382).\n - s390/dasd: fix hanging offline processing due to canceled worker\n (bnc#1012382).\n - s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT\n (bnc#1108315, LTC#171326).\n - s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382\n bnc#1106934).\n - s390/qeth: fix race in used-buffer accounting (bnc#1012382).\n - s390/qeth: reset layer2 attribute on layer switch (bnc#1012382).\n - s390/qeth: use vzalloc for QUERY OAT buffer (bnc#1108315, LTC#171527).\n - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes).\n - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup\n (Git-fixes).\n - sch_hhf: fix null pointer dereference on init failure (bnc#1012382).\n - sch_htb: fix crash on init failure (bnc#1012382).\n - sch_multiq: fix double free on init failure (bnc#1012382).\n - sch_netem: avoid null pointer deref on init failure (bnc#1012382).\n - sch_tbf: fix two null pointer dereferences on init failure (bnc#1012382).\n - scripts: modpost: check memory allocation results (bnc#1012382).\n - scsi: 3ware: fix return 0 on the error path of probe (bnc#1012382).\n - scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382).\n - scsi: ipr: System hung while dlpar adding primary ipr adapter back\n (bsc#1109336).\n - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427).\n - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427).\n - scsi: qla2xxx: Add longer window for chip reset (bsc#1094555).\n - scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555).\n - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling\n (bsc#1084427).\n - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555).\n - scsi: qla2xxx: correctly shift host byte (bsc#1094555).\n - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555).\n - scsi: qla2xxx: Delete session for nport id change (bsc#1094555).\n - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427).\n - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555).\n - scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555).\n - scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555).\n - scsi: qla2xxx: fix error message on &lt;qla2400 (bsc#1094555).\n - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427).\n - scsi: qla2xxx: Fix function argument descriptions (bsc#1094555).\n - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode\n (bsc#1094555).\n - scsi: qla2xxx: Fix issue reported by static checker for\n qla2x00_els_dcmd2_sp_done() (bsc#1094555).\n - scsi: qla2xxx: Fix login retry count (bsc#1094555).\n - scsi: qla2xxx: Fix Management Server NPort handle reservation logic\n (bsc#1094555).\n - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1094555).\n - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change\n (bsc#1084427).\n - scsi: qla2xxx: Fix N2N link re-connect (bsc#1094555).\n - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion\n (bsc#1094555).\n - scsi: qla2xxx: Fix race between switch cmd completion and timeout\n (bsc#1094555).\n - scsi: qla2xxx: Fix race condition between iocb timeout and\n initialisation (bsc#1094555).\n - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1094555).\n - scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427).\n - scsi: qla2xxx: Fix Rport and session state getting out of sync\n (bsc#1094555).\n - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1094555).\n - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1094555).\n - scsi: qla2xxx: Fix stalled relogin (bsc#1094555).\n - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1094555).\n - scsi: qla2xxx: Fix unintended Logout (bsc#1094555).\n - scsi: qla2xxx: Fix unintialized List head crash (bsc#1094555).\n - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1094555).\n - scsi: qla2xxx: fx00 copypaste typo (bsc#1094555).\n - scsi: qla2xxx: Migrate NVME N2N handling into state machine\n (bsc#1094555).\n - scsi: qla2xxx: Move GPSC and GFPNID out of session management\n (bsc#1094555).\n - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1094555).\n - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1094555).\n - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1094555).\n - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1094555).\n - scsi: qla2xxx: Remove nvme_done_list (bsc#1084427).\n - scsi: qla2xxx: Remove stale debug value for login_retry flag\n (bsc#1094555).\n - scsi: qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe\n (bsc#1084427).\n - scsi: qla2xxx: Restore ZIO threshold setting (bsc#1084427).\n - scsi: qla2xxx: Return busy if rport going away (bsc#1084427).\n - scsi: qla2xxx: Save frame payload size from ICB (bsc#1094555).\n - scsi: qla2xxx: Set IIDMA and fcport state before\n qla_nvme_register_remote() (bsc#1084427).\n - scsi: qla2xxx: Silent erroneous message (bsc#1094555).\n - scsi: qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427).\n - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1094555).\n - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1094555).\n - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1094555).\n - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function\n (bsc#1094555).\n - scsi: target: fix __transport_register_session locking (bnc#1012382).\n - selftests/powerpc: Kill child processes on SIGINT (bnc#1012382).\n - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock\n adjustments are in progress (bnc#1012382).\n - selinux: use GFP_NOWAIT in the AVC kmem_caches (bnc#1012382).\n - smb3: fix reset of bytes read and written stats (bnc#1012382).\n - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS\n (bnc#1012382).\n - srcu: Allow use of Tiny/Tree SRCU from both process and interrupt\n context (bsc#1050549).\n - staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free\n (bnc#1012382).\n - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice\n (bnc#1012382).\n - staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page (bnc#1012382).\n - staging/rts5208: Fix read overflow in memcpy (bnc#1012382).\n - stop_machine: Atomically queue and wake stopper threads (git-fixes).\n - tcp: do not restart timewait timer on rst reception (bnc#1012382).\n - Tools: hv: Fix a bug in the key delete code (bnc#1012382).\n - tty: Drop tty-&gt;count on tty_reopen() failure (bnc#1105428). As this\n depends on earlier tty patches, they were moved to the sorted section\n too.\n - tty: rocket: Fix possible buffer overwrite on register_PCI (bnc#1012382).\n - tty: vt_ioctl: fix potential Spectre v1 (bnc#1012382).\n - uio: potential double frees if __uio_register_device() fails\n (bnc#1012382).\n - Update\n patches.suse/dm-Always-copy-cmd_flags-when-cloning-a-request.patch\n (bsc#1088087, bsc#1103156).\n - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB\n controller (bnc#1012382).\n - USB: Add quirk to support DJI CineSSD (bnc#1012382).\n - usb: Avoid use-after-free by flushing endpoints early in\n usb_set_interface() (bnc#1012382).\n - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in\n service_outstanding_interrupt() (bnc#1012382).\n - usb: Do not die twice if PCI xhci host is not responding in resume\n (bnc#1012382).\n - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in\n u132_get_frame() (bnc#1012382).\n - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547).\n - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bnc#1012382).\n - USB: net2280: Fix erroneous synchronization change (bnc#1012382).\n - USB: serial: io_ti: fix array underflow in completion handler\n (bnc#1012382).\n - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler\n (bnc#1012382).\n - USB: yurex: Fix buffer over-read in yurex_write() (bnc#1012382).\n - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405).\n - video: goldfishfb: fix memory leak on driver remove (bnc#1012382).\n - vmw_balloon: include asm/io.h (bnc#1012382).\n - vti6: remove !skb-&gt;ignore_df check from vti6_xmit() (bnc#1012382).\n - watchdog: w83627hf: Added NCT6102D support (bsc#1106434).\n - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).\n - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump\n (bsc#1110006).\n - x86/apic: Split disable_IO_APIC() into two functions to fix\n CONFIG_KEXEC_JUMP=y (bsc#1110006).\n - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC()\n (bsc#1110006).\n - x86/boot: Fix &quot;run_size&quot; calculation (bsc#1110006).\n - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).\n - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293\n bsc#1099597).\n - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bnc#1012382).\n - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006).\n - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear\n (bnc#1012382).\n - x86/speculation/l1tf: Fix up pte-&gt;pfn conversion for PAE (bnc#1012382).\n - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006).\n - x86/vdso: Fix vDSO build if a retpoline is emitted (bsc#1110006).\n - x86/vdso: Fix vDSO syscall fallback asm constraint regression\n (bsc#1110006).\n - x86/vdso: Only enable vDSO retpolines when enabled and supported\n (bsc#1110006).\n - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).\n - xen/blkfront: correct purging of persistent grants (bnc#1065600).\n - xen: issue warning message when out of grant maptrack entries\n (bsc#1105795).\n - xen/netfront: do not bug in case of too many frags (bnc#1012382).\n - xen-netfront: fix queue name setting (bnc#1012382).\n - xen/netfront: fix waiting for xenbus state change (bnc#1012382).\n - xen-netfront: fix warn message as irq device name has '/' (bnc#1012382).\n - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling\n code (bnc#1012382).\n - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344).\n - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space\n (bsc#1095344).\n - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).\n - xfs: add a xfs_iext_update_extent helper (bsc#1095344).\n - xfs: add comments documenting the rebalance algorithm (bsc#1095344).\n - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node\n (bsc#1095344).\n - xfs: add xfs_trim_extent (bsc#1095344).\n - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all\n (bsc#1095344).\n - xfs: borrow indirect blocks from freed extent when available\n (bsc#1095344).\n - xfs: cleanup xfs_bmap_last_before (bsc#1095344).\n - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: do not rely on extent indices in xfs_bmap_collapse_extents\n (bsc#1095344).\n - xfs: do not rely on extent indices in xfs_bmap_insert_extents\n (bsc#1095344).\n - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344).\n - xfs: during btree split, save new block key &amp; ptr for future insertion\n (bsc#1095344).\n - xfs: factor out a helper to initialize a local format inode fork\n (bsc#1095344).\n - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344).\n - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344).\n - xfs: fix transaction allocation deadlock in IO path (bsc#1090535).\n - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344).\n - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344).\n - xfs: improve kmem_realloc (bsc#1095344).\n - xfs: inline xfs_shift_file_space into callers (bsc#1095344).\n - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344).\n - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344).\n - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344).\n - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real\n (bsc#1095344).\n - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344).\n - xfs: move pre/post-bmap tracing into xfs_iext_update_extent\n (bsc#1095344).\n - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344).\n - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344).\n - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344).\n - xfs: move xfs_iext_insert tracepoint to report useful information\n (bsc#1095344).\n - xfs: new inode extent list lookup helpers (bsc#1095344).\n - xfs: only run torn log write detection on dirty logs (bsc#1095753).\n - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344).\n - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344).\n - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344).\n - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344).\n - xfs: provide helper for counting extents from if_bytes (bsc#1095344).\n - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: refactor delalloc indlen reservation split into helper\n (bsc#1095344).\n - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344).\n - xfs: refactor in-core log state update to helper (bsc#1095753).\n - xfs: refactor unmount record detection into helper (bsc#1095753).\n - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344).\n - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344).\n - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344).\n - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344).\n - xfs: refactor xfs_bunmapi_cow (bsc#1095344).\n - xfs: refactor xfs_del_extent_real (bsc#1095344).\n - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all\n (bsc#1095344).\n - xfs: remove a superflous assignment in xfs_iext_remove_node\n (bsc#1095344).\n - xfs: remove if_rdev (bsc#1095344).\n - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344).\n - xfs: remove support for inlining data/extents into the inode fork\n (bsc#1095344).\n - xfs: remove the never fully implemented UUID fork format (bsc#1095344).\n - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344).\n - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344).\n - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).\n - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).\n - xfs: remove xfs_bmbt_get_state (bsc#1095344).\n - xfs: remove xfs_bmse_shift_one (bsc#1095344).\n - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).\n - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344).\n - xfs: replace xfs_qm_get_rtblks with a direct call to\n xfs_bmap_count_leaves (bsc#1095344).\n - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344).\n - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent\n (bsc#1095344).\n - xfs: rewrite xfs_bmap_first_unused to make better use of\n xfs_iext_get_extent (bsc#1095344).\n - xfs: separate log head record discovery from verification (bsc#1095753).\n - xfs: simplify the xfs_getbmap interface (bsc#1095344).\n - xfs: simplify validation of the unwritten extent bit (bsc#1095344).\n - xfs: split indlen reservations fairly when under reserved (bsc#1095344).\n - xfs: split xfs_bmap_shift_extents (bsc#1095344).\n - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344).\n - xfs: update freeblocks counter after extent deletion (bsc#1095344).\n - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344).\n - xfs: use a b+tree for the in-core extent list (bsc#1095344).\n - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay}\n (bsc#1095344).\n - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344).\n - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344).\n - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344).\n - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344).\n - xfs: use xfs_bmap_del_extent_delay for the data fork as well\n (bsc#1095344).\n - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents\n (bsc#1095344).\n - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at\n (bsc#1095344).\n - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344).\n - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344).\n - xfrm: fix 'passing zero to ERR_PTR()' warning (bnc#1012382).\n\n", "edition": 1, "modified": "2018-10-17T21:08:13", "published": "2018-10-17T21:08:13", "id": "OPENSUSE-SU-2018:3202-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-10-08T16:29:39", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10940", "CVE-2018-13095", "CVE-2018-6555", "CVE-2018-13093", "CVE-2018-17182", "CVE-2018-9363", "CVE-2018-14617", "CVE-2018-16658", "CVE-2018-14633", "CVE-2018-1129", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-1128", "CVE-2018-12896", "CVE-2018-15572", "CVE-2018-6554", "CVE-2018-13094", "CVE-2018-14613"], "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-14633: A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target code in a way an\n authentication request from an ISCSI initiator is processed. An\n unauthenticated remote attacker can cause a stack buffer overflow and\n smash up to 17 bytes of the stack. The attack requires the iSCSI target\n to be enabled on the victim host. Depending on how the target's code was\n built (i.e. depending on a compiler, compile flags and hardware\n architecture) an attack may lead to a system crash and thus to a\n denial-of-service or possibly to a non-authorized access to data\n exported by an iSCSI target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we believe it is highly\n unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be\n vulnerable (bnc#1107829).\n - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\n mishandled sequence number overflows. An attacker can trigger a\n use-after-free (and possibly gain privileges) via certain thread\n creation, map, unmap, invalidation, and dereference operations\n (bnc#1108399).\n - CVE-2018-14617: There is a NULL pointer dereference and panic in\n hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is\n purportedly a hard link) in an hfs+ filesystem that has malformed\n catalog data, and is mounted read-only without a metadata directory\n (bnc#1102870).\n - CVE-2018-14613: There is an invalid pointer dereference in\n io_ctl_map_page() when mounting and operating a crafted btrfs image,\n because of a lack of block group item validation in check_leaf_item in\n fs/btrfs/tree-checker.c (bnc#1102896).\n - CVE-2018-10940: The cdrom_ioctl_media_changed function in\n drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds\n check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel\n memory (bnc#1092903).\n - CVE-2018-13093: There is a NULL pointer dereference and panic in\n lookup_slow() on a NULL inode-&gt;i_ops pointer when doing pathwalks on a\n corrupted xfs image. This occurs because of a lack of proper validation\n that cached inodes are free during allocation (bnc#1100001).\n - CVE-2018-13094: An OOPS may occur for a corrupted xfs image after\n xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000).\n - CVE-2018-13095: A denial of service (memory corruption and BUG) can\n occur for a corrupted xfs image upon encountering an inode that is in\n extent format, but has more extents than fit in the inode fork\n (bnc#1099999).\n - CVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the\n POSIX timer code is caused by the way the overrun accounting works.\n Depending on interval and expiry time values, the overrun can be larger\n than INT_MAX, but the accounting is int based. This basically made the\n accounting values, which are visible to user space via\n timer_getoverrun(2) and siginfo::si_overrun, random. For example, a\n local user can cause a denial of service (signed integer overflow) via\n crafted mmap, futex, timer_create, and timer_settime system calls\n (bnc#1099922).\n - CVE-2018-16658: An information leak in cdrom_ioctl_drive_status in\n drivers/cdrom/cdrom.c could be used by local attackers to read kernel\n memory because a cast from unsigned long to int interferes with bounds\n checking. This is similar to CVE-2018-10940 (bnc#1107689).\n - CVE-2018-6555: The irda_setsockopt function allowed local users to cause\n a denial of service (ias_object use-after-free and system crash) or\n possibly have unspecified other impact via an AF_IRDA socket\n (bnc#1106511).\n - CVE-2018-6554: Memory leak in the irda_bind function kernel allowed\n local users to cause a denial of service (memory consumption) by\n repeatedly binding an AF_IRDA socket (bnc#1106509).\n - CVE-2018-1129: An attacker having access to ceph cluster network who is\n able to alter the message payload was able to bypass signature checks\n done by cephx protocol. Ceph branches master, mimic, luminous and jewel\n are believed to be vulnerable (bnc#1096748).\n - CVE-2018-1128: It was found that cephx authentication protocol did not\n verify ceph clients correctly and was vulnerable to replay attack. Any\n attacker having access to ceph cluster network who is able to sniff\n packets on network can use this vulnerability to authenticate with ceph\n service and perform actions allowed by ceph service. Ceph branches\n master, mimic, luminous and jewel are believed to be vulnerable\n (bnc#1096748).\n - CVE-2018-10938: A crafted network packet sent remotely by an attacker\n may force the kernel to enter an infinite loop in the cipso_v4_optptr()\n function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A\n certain non-default configuration of LSM (Linux Security Module) and\n NetLabel should be set up on a system before an attacker could leverage\n this flaw (bnc#1106016).\n - CVE-2018-15572: The spectre_v2_select_mitigation function in\n arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context\n switch, which made it easier for attackers to conduct\n userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296).\n - CVE-2018-10902: It was found that the raw midi kernel driver did not\n protect against concurrent access which leads to a double realloc\n (double free) in snd_rawmidi_input_params() and\n snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl()\n handler in rawmidi.c file. A malicious local attacker could possibly use\n this for privilege escalation (bnc#1105322).\n - CVE-2018-9363: A buffer overflow in bluetooth HID report processing\n could be used by malicious bluetooth devices to crash the kernel or\n potentially execute code (bnc#1105292).\n\n The following non-security bugs were fixed:\n\n - 9p: fix multiple NULL-pointer-dereferences (bsc#1051510).\n - 9p/net: Fix zero-copy path in the 9p virtio transport (bsc#1051510).\n - 9p/virtio: fix off-by-one error in sg list bounds check (bsc#1051510).\n - ACPI / APEI: Remove ghes_ioremap_area (bsc#1051510).\n - ACPI / bus: Only call dmi_check_system on X86 (bsc#1105597, bsc#1106178).\n - ACPICA: iasl: Add SMMUv3 device ID mapping index support (bsc#1103387).\n - ACPI / EC: Add another entry for Thinkpad X1 Carbon 6th (bsc#1051510).\n - ACPI / EC: Add parameter to force disable the GPE on suspend\n (bsc#1051510).\n - ACPI / EC: Use ec_no_wakeup on more Thinkpad X1 Carbon 6th systems\n (bsc#1051510).\n - ACPI / EC: Use ec_no_wakeup on Thinkpad X1 Carbon 6th (bsc#1051510).\n - ACPI / EC: Use ec_no_wakeup on ThinkPad X1 Yoga 3rd (bsc#1051510).\n - ACPI/IORT: Remove temporary iort_get_id_mapping_index() ACPICA guard\n (bsc#1103387).\n - ACPI / pci: Bail early in acpi_pci_add_bus() if there is no ACPI handle\n (bsc#1051510).\n - ACPI / pci: pci_link: Allow the absence of _PRS and change log level\n (bsc#1104172).\n - ACPI/pci: pci_link: reduce verbosity when IRQ is enabled (bsc#1104172).\n - ACPI / PM: save NVS memory for ASUS 1025C laptop (bsc#1051510).\n - ACPI / scan: Initialize status to ACPI_STA_DEFAULT (bsc#1051510).\n - affs_lookup(): close a race with affs_remove_link() (bsc#1105355).\n - ahci: Add Intel Ice Lake LP PCI ID (bsc#1051510).\n - ALSA: bebob: fix memory leak for M-Audio FW1814 and ProjectMix I/O at\n error path (bsc#1051510).\n - ALSA: bebob: use address returned by kmalloc() instead of kernel stack\n for streaming DMA mapping (bsc#1051510).\n - ALSA: cs46xx: Deliver indirect-PCM transfer error ().\n - ALSA: cs5535audio: Fix invalid endian conversion (bsc#1051510).\n - ALSA: emu10k1: Deliver indirect-PCM transfer error ().\n - ALSA: emu10k1: fix possible info leak to userspace on\n SNDRV_EMU10K1_IOCTL_INFO (bsc#1051510).\n - ALSA: fireface: fix memory leak in ff400_switch_fetching_mode()\n (bsc#1051510).\n - ALSA: firewire-digi00x: fix memory leak of private data (bsc#1051510).\n - ALSA: firewire-tascam: fix memory leak of private data (bsc#1051510).\n - ALSA: fireworks: fix memory leak of response buffer at error path\n (bsc#1051510).\n - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bsc#1051510).\n - ALSA: hda: Correct Asrock B85M-ITX power_save blacklist entry\n (bsc#1051510).\n - ALSA: hda - Fix cancel_work_sync() stall from jackpoll work\n (bsc#1051510).\n - ALSA: hda - Sleep for 10ms after entering D3 on Conexant codecs\n (bsc#1051510).\n - ALSA: hda - Turn CX8200 into D3 as well upon reboot (bsc#1051510).\n - ALSA: memalloc: Do not exceed over the requested size (bsc#1051510).\n - ALSA: mips: Deliver indirect-PCM transfer error ().\n - ALSA: msnd: Fix the default sample sizes (bsc#1051510).\n - ALSA: oxfw: fix memory leak for model-dependent data at error path\n (bsc#1051510).\n - ALSA: oxfw: fix memory leak of discovered stream formats at error path\n (bsc#1051510).\n - ALSA: oxfw: fix memory leak of private data (bsc#1051510).\n - ALSA: pcm: Fix negative appl_ptr handling in pcm-indirect helpers ().\n - ALSA: pcm: Fix snd_interval_refine first/last with open min/max\n (bsc#1051510).\n - ALSA: pcm: Simplify forward/rewind codes ().\n - ALSA: pcm: Use a common helper for PCM state check and hwsync ().\n - ALSA: pcm: Workaround for weird PulseAudio behavior on rewind error ().\n - ALSA: rme32: Deliver indirect-PCM transfer error ().\n - ALSA: snd-aoa: add of_node_put() in error path (bsc#1051510).\n - ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro\n (bsc#1051510).\n - ALSA: virmidi: Fix too long output trigger loop (bsc#1051510).\n - ALSA: vx222: Fix invalid endian conversions (bsc#1051510).\n - ALSA: vxpocket: Fix invalid endian conversions (bsc#1051510).\n - apparmor: ensure that undecidable profile attachments fail (bsc#1106427).\n - apparmor: fix an error code in __aa_create_ns() (bsc#1106427).\n - apparmor: Fix regression in profile conflict logic (bsc#1106427)\n - apparmor: remove no-op permission check in policy_unpack (bsc#1106427).\n - arm64/acpi: Create arch specific cpu to acpi id helper (bsc#1106903).\n - arm64: dma-mapping: clear buffers allocated with FORCE_CONTIGUOUS flag\n (bsc#1106902).\n - arm64: enable thunderx gpio driver\n - arm64: Enforce BBM for huge IO/VMAP mappings (bsc#1106890).\n - arm64: export memblock_reserve()d regions via /proc/iomem (bsc#1106892).\n - arm64: fix unwind_frame() for filtered out fn for function graph tracing\n (bsc#1106900).\n - arm64: fix vmemmap BUILD_BUG_ON() triggering on !vmemmap setups\n (bsc#1106896).\n - arm64: fpsimd: Avoid FPSIMD context leakage for the init task\n (bsc#1106894).\n - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()\n (bsc#1108010).\n - arm64: kasan: avoid pfn_to_nid() before page array is initialized\n (bsc#1106899).\n - arm64/kasan: do not allocate extra shadow memory (bsc#1106897).\n - arm64: Make sure permission updates happen for pmd/pud (bsc#1106891).\n - arm64: mm: check for upper PAGE_SHIFT bits in pfn_valid() (bsc#1106893).\n - arm64: mm: Ensure writes to swapper are ordered wrt subsequent cache\n maintenance (bsc#1106906).\n - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow\n (bsc#1106898).\n - arm64: numa: rework ACPI NUMA initialization (bsc#1106905).\n - arm64: Update config files. (bsc#1110716) Enable ST LPS25H pressure\n sensor.\n - arm64: vgic-v2: Fix proxying of cpuif access (bsc#1106901).\n - ARM: 8780/1: ftrace: Only set kernel memory back to read-only after boot\n (bsc#1051510).\n - arm/asm/tlb.h: Fix build error implicit func declaration (bnc#1105467\n Reduce IPIs and atomic ops with improved lazy TLB).\n - ARM: DRA7/OMAP5: Enable ACTLR[0] (Enable invalidates of BTB) for\n secondary cores (bsc#1051510).\n - ARM: hisi: fix error handling and missing of_node_put (bsc#1051510).\n - ARM: hisi: handle of_iomap and fix missing of_node_put (bsc#1051510).\n - ARM: imx: flag failure of of_iomap (bsc#1051510).\n - ARM: imx_v4_v5_defconfig: Select ULPI support (bsc#1051510).\n - ARM: imx_v6_v7_defconfig: Select ULPI support (bsc#1051510).\n - ARM: pxa: irq: fix handling of ICMR registers in suspend/resume\n (bsc#1051510).\n - ASoC: cs4265: fix MMTLR Data switch control (bsc#1051510).\n - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs\n (bsc#1051510).\n - ASoC: dpcm: do not merge format from invalid codec dai (bsc#1051510).\n - ASoC: es7134: remove 64kHz rate from the supported rates (bsc#1051510).\n - ASoC: Intel: cht_bsw_max98090: remove useless code, align with ChromeOS\n driver (bsc#1051510).\n - ASoC: Intel: cht_bsw_max98090_ti: Fix jack initialization (bsc#1051510).\n - ASoC: msm8916-wcd-digital: fix RX2 MIX1 and RX3 MIX1 (bsc#1051510).\n - ASoC: rsnd: cmd: Add missing newline to debug message (bsc#1051510).\n - ASoC: rsnd: fixup not to call clk_get/set under non-atomic (bsc#1051510).\n - ASoC: rsnd: move rsnd_ssi_config_init() execute condition into it\n (bsc#1051510).\n - ASoC: rsnd: update pointer more accurate (bsc#1051510).\n - ASoC: rt5514: Add the I2S ASRC support (bsc#1051510).\n - ASoC: rt5514: Add the missing register in the readable table\n (bsc#1051510).\n - ASoC: rt5514: Eliminate the noise in the ASRC case (bsc#1051510).\n - ASoC: rt5514: Fix the issue of the delay volume applied (bsc#1051510).\n - ASoC: sirf: Fix potential NULL pointer dereference (bsc#1051510).\n - ASoC: wm8994: Fix missing break in switch (bsc#1051510).\n - ASoC: zte: Fix incorrect PCM format bit usages (bsc#1051510).\n - ata: Fix ZBC_OUT all bit handling (bsc#1051510).\n - ata: Fix ZBC_OUT command block check (bsc#1051510).\n - ata: libahci: Allow reconfigure of DEVSLP register (bsc#1051510).\n - ata: libahci: Correct setting of DEVSLP register (bsc#1051510).\n - ath10k: disable bundle mgmt tx completion event support (bsc#1051510).\n - ath10k: prevent active scans on potential unusable channels\n (bsc#1051510).\n - ath10k: update the phymode along with bandwidth change request\n (bsc#1051510).\n - ath9k: add MSI support ().\n - ath9k_hw: fix channel maximum power level test (bsc#1051510).\n - ath9k: report tx status on EOSP (bsc#1051510).\n - atm: horizon: Fix irq release error (bsc#1105355).\n - atm: Preserve value of skb-&gt;truesize when accounting to vcc\n (networking-stable-18_07_19).\n - atm: zatm: fix memcmp casting (bsc#1105355).\n - atm: zatm: Fix potential Spectre v1 (networking-stable-18_07_19).\n - audit: allow not equal op for audit by executable (bsc#1051510).\n - audit: Fix extended comparison of GID/EGID (bsc#1051510).\n - ax88179_178a: Check for supported Wake-on-LAN modes (bsc#1051510).\n - b43/leds: Ensure NUL-termination of LED name string (bsc#1051510).\n - b43legacy/leds: Ensure NUL-termination of LED name string (bsc#1051510).\n - bcache: avoid unncessary cache prefetch bch_btree_node_get().\n - bcache: calculate the number of incremental GC nodes according to the\n total of btree nodes.\n - bcache: display rate debug parameters to 0 when writeback is not running.\n - bcache: do not check return value of debugfs_create_dir().\n - bcache: finish incremental GC.\n - bcache: fix error setting writeback_rate through sysfs interface.\n - bcache: fix I/O significant decline while backend devices registering.\n - bcache: free heap cache_set-&gt;flush_btree in bch_journal_free.\n - bcache: make the pr_err statement used for ENOENT only in sysfs_attatch\n section.\n - bcache: release dc-&gt;writeback_lock properly in bch_writeback_thread().\n - bcache: set max writeback rate when I/O request is idle.\n - bcache: simplify the calculation of the total amount of flash dirty data.\n - binfmt_elf: Respect error return from `regset-&gt;active' (bsc#1051510).\n - blkdev: __blkdev_direct_IO_simple: fix leak in error case (bsc#1083663).\n - blk-mq: avoid to synchronize rcu inside blk_cleanup_queue()\n (bsc#1077989).\n - block, bfq: return nbytes and not zero from struct cftype .write()\n method (bsc#1106238).\n - block: bio_iov_iter_get_pages: fix size of last iovec (bsc#1083663).\n - block: bio_iov_iter_get_pages: pin more pages for multi-segment IOs\n (bsc#1083663).\n - block, dax: remove dead code in blkdev_writepages() (bsc#1104888).\n - block: do not print a message when the device went away (bsc#1098459).\n - block: do not warn for flush on read-only device (bsc#1107756).\n - block: fix warning when I/O elevator is changed as request_queue is\n being removed (bsc#1109979).\n - block: Invalidate cache on discard v2 (bsc#1109992).\n - block: pass inclusive 'lend' parameter to truncate_inode_pages_range\n (bsc#1109992).\n - block: properly protect the 'queue' kobj in blk_unregister_queue\n (bsc#1109979).\n - bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bsc#1051510).\n - bluetooth: avoid killing an already killed socket (bsc#1051510).\n - bluetooth: btsdio: Do not bind to non-removable BCM43430 (bsc#1103587).\n - bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bsc#1051510).\n - bluetooth: hidp: buffer overflow in hidp_process_report (bsc#1051510).\n - bluetooth: hidp: Fix handling of strncpy for hid-&gt;name information\n (bsc#1051510).\n - bluetooth: Use lock_sock_nested in bt_accept_enqueue (bsc#1051510).\n - bnxt_en: Clean up unused functions (bsc#1086282).\n - bnxt_en: Do not adjust max_cp_rings by the ones used by RDMA\n (bsc#1086282).\n - bnxt_en: Fix VF mac address regression (bsc#1086282 ).\n - bnxt_re: Fix couple of memory leaks that could lead to IOMMU call traces\n (bsc#1050244).\n - bonding: avoid lockdep confusion in bond_get_stats()\n (netfilter-stable-18_08_04).\n - bpf: fix references to free_bpf_prog_info() in comments (bsc#1083647).\n - bpf: fix uninitialized variable in bpf tools (bsc#1083647).\n - bpf: hash map: decrement counter on error (bsc#1083647).\n - bpf: powerpc64: pad function address loads with NOPs (bsc#1083647).\n - bpf, s390: fix potential memleak when later bpf_jit_prog fails\n (bsc#1083647).\n - bpf: use GFP_ATOMIC instead of GFP_KERNEL in bpf_parse_prog()\n (bsc#1083647).\n - brcmfmac: stop watchdog before detach and free everything (bsc#1051510).\n - brcmsmac: fix wrap around in conversion from constant to s16\n (bsc#1051510).\n - btrfs: add a comp_refs() helper (dependency for bsc#1031392).\n - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Add sanity check for EXTENT_DATA when reading out leaf\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: add tracepoints for outstanding extents mods (dependency for\n bsc#1031392).\n - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: check-integrity: Fix NULL pointer dereference for degraded mount\n (bsc#1107947).\n - btrfs: Check that each block group has corresponding chunk at mount time\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: cleanup extent locking sequence (dependency for bsc#1031392).\n - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls\n (bsc#1031392).\n - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item\n (bsc#1031392).\n - btrfs: fix data corruption when deduplicating between different files\n (bsc#1110647).\n - btrfs: fix duplicate extents after fsync of file with prealloc extents\n (bsc#1110644).\n - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535).\n - btrfs: fix fsync after hole punching when using no-holes feature\n (bsc#1110642).\n - btrfs: fix loss of prealloc extents past i_size after fsync log replay\n (bsc#1110643).\n - btrfs: fix return value on rename exchange failure (bsc#1110645).\n - btrfs: fix send failure when root has deleted files still open\n (bsc#1110650).\n - btrfs: Fix use-after-free when cleaning up fs_devs with a single stale\n device (bsc#1097105).\n - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392).\n - btrfs: Handle error from btrfs_uuid_tree_rem call in\n _btrfs_ioctl_set_received_subvol (bsc#1097105).\n - btrfs: Introduce mount time chunk &lt;-&gt; dev extent mapping check\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: log csums for all modified extents (bsc#1110639).\n - btrfs: make the delalloc block rsv per inode (dependency for\n bsc#1031392).\n - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912).\n - btrfs: Move leaf and node validation checker to tree-checker.c\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: qgroup: Add quick exit for non-fs extents (dependency for\n bsc#1031392).\n - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function\n (dependency for bsc#1031392).\n - btrfs: qgroup: Cleanup the remaining old reservation counters\n (bsc#1031392).\n - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT\n (bsc#1031392).\n - btrfs: qgroup: Do not use root-&gt;qgroup_meta_rsv for qgroup (bsc#1031392).\n - btrfs: qgroup: Fix qgroup reserved space underflow by only freeing\n reserved ranges (dependency for bsc#1031392).\n - btrfs: qgroup: Fix qgroup reserved space underflow caused by buffered\n write and quotas being enabled (dependency for bsc#1031392).\n - btrfs: qgroup: Fix wrong qgroup reservation update for relationship\n modification (bsc#1031392).\n - btrfs: qgroup: Introduce extent changeset for qgroup reserve functions\n (dependency for bsc#1031392).\n - btrfs: qgroup: Introduce function to convert META_PREALLOC into\n META_PERTRANS (bsc#1031392).\n - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv\n (bsc#1031392).\n - btrfs: qgroup: Make qgroup_reserve and its callers to use separate\n reservation type (bsc#1031392).\n - btrfs: qgroup: Return actually freed bytes for qgroup release or free\n data (dependency for bsc#1031392).\n - btrfs: qgroup: Skeleton to support separate qgroup reservation type\n (bsc#1031392).\n - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans\n (bsc#1031392).\n - btrfs: qgroup: Update trace events for metadata reservation\n (bsc#1031392).\n - btrfs: qgroup: Update trace events to use new separate rsv types\n (bsc#1031392).\n - btrfs: qgroup: Use independent and accurate per inode qgroup rsv\n (bsc#1031392).\n - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta\n reserved space (bsc#1031392).\n - btrfs: qgroup: Use separate meta reservation type for delalloc\n (bsc#1031392).\n - btrfs: remove type argument from comp_tree_refs (dependency for\n bsc#1031392).\n - btrfs: Remove unused parameters from various functions (bsc#1110649).\n - btrfs: rework outstanding_extents (dependency for bsc#1031392).\n - btrfs: round down size diff when shrinking/growing device (bsc#1097105).\n - btrfs: Round down values which are written for total_bytes_size\n (bsc#1043912).\n - btrfs: scrub: Do not use inode page cache in\n scrub_handle_errored_block() (follow up for bsc#1108096).\n - btrfs: scrub: Do not use inode pages for device replace (follow up for\n bsc#1108096).\n - btrfs: switch args for comp_*_refs (dependency for bsc#1031392).\n - btrfs: sync log after logging new name (bsc#1110646).\n - btrfs: tests/qgroup: Fix wrong tree backref level (bsc#1107928).\n - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Detect invalid and empty essential trees\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance output for check_extent_data_item\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Verify that every chunk has corresponding block group at mount\n time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (bsc#1051510).\n - ceph: fix incorrect use of strncpy (bsc#1107319).\n - ceph: return errors from posix_acl_equiv_mode() correctly (bsc#1107320).\n - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE\n (bsc#1051510).\n - cfg80211: reg: Init wiphy_idx in regulatory_hint_core() (bsc#1051510).\n - cgroup: avoid copying strings longer than the buffers (bsc#1051510).\n - cifs: check kmalloc before use (bsc#1051510).\n - cifs: Fix stack out-of-bounds in smb{2,3}_create_lease_buf()\n (bsc#1051510).\n - cifs: store the leaseKey in the fid on SMB2_open (bsc#1051510).\n - clk: core: Potentially free connection id (bsc#1051510).\n - clk: imx6ul: fix missing of_node_put() (bsc#1051510).\n - clk: meson: gxbb: remove HHI_GEN_CLK_CTNL duplicate definition\n (bsc#1051510).\n - clk: mvebu: armada-38x: add support for 1866MHz variants (bsc#1105355).\n - clk: mvebu: armada-38x: add support for missing clocks (bsc#1105355).\n - clk: rockchip: fix clk_i2sout parent selection bits on rk3399\n (bsc#1051510).\n - cls_matchall: fix tcf_unbind_filter missing (networking-stable-18_08_21).\n - coresight: Handle errors in finding input/output ports (bsc#1051510).\n - coresight: tpiu: Fix disabling timeouts (bsc#1051510).\n - cpufreq: CPPC: Do not set transition_latency (bsc#1101480).\n - cpufreq / CPPC: Set platform specific transition_delay_us (bsc#1101480).\n - cpufreq: CPPC: Use transition_delay_us depending transition_latency\n (bsc#1101480).\n - cpufreq: remove setting of policy-&gt;cpu in policy-&gt;cpus during init\n (bsc#1101480).\n - crypto: ablkcipher - fix crash flushing dcache in error path\n (bsc#1051510).\n - crypto: blkcipher - fix crash flushing dcache in error path\n (bsc#1051510).\n - crypto: caam/jr - fix descriptor DMA unmapping (bsc#1051510).\n - crypto: caam/qi - fix error path in xts setkey (bsc#1051510).\n - crypto: ccp - Check for NULL PSP pointer at module unload (bsc#1051510).\n - crypto: ccp - Fix command completion detection race (bsc#1051510).\n - crypto: clarify licensing of OpenSSL asm code ().\n - crypto: sharah - Unregister correct algorithms for SAHARA 3\n (bsc#1051510).\n - crypto: skcipher - fix aligning block size in skcipher_copy_iv()\n (bsc#1051510).\n - crypto: skcipher - fix crash flushing dcache in error path (bsc#1051510).\n - crypto: skcipher - Fix -Wstringop-truncation warnings (bsc#1051510).\n - crypto: vmac - require a block cipher with 128-bit block size\n (bsc#1051510).\n - crypto: vmac - separate tfm and request context (bsc#1051510).\n - crypto: vmx - Fix sleep-in-atomic bugs (bsc#1051510).\n - crypto: vmx - Use skcipher for ctr fallback to SLE12-SP4 (bsc#1106464).\n - crypto: x86/sha256-mb - fix digest copy in\n sha256_mb_mgr_get_comp_job_avx2() (bsc#1051510).\n - cxgb4: Fix the condition to check if the card is T5 (bsc#1097585\n bsc#1097586 bsc#1097587 bsc#1097588 bsc#1097583 bsc#1097584).\n - cxl: Configure PSL to not use APC virtual machines (bsc#1055014,\n git-fixes).\n - cxl: Fix wrong comparison in cxl_adapter_context_get() (bsc#1055014,\n git-fixes).\n - dax: Introduce a -&gt;copy_to_iter dax operation (bsc#1098782).\n - dax: Make extension of dax_operations transparent (bsc#1098782).\n - dax: remove default copy_from_iter fallback (bsc#1098782).\n - dax: remove VM_MIXEDMAP for fsdax and device dax (bsc#1106007).\n - dax: Report bytes remaining in dax_iomap_actor() (bsc#1098782).\n - dax: require 'struct page' by default for filesystem dax (bsc#1104888).\n - dax: store pfns in the radix (bsc#1104888).\n - dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart()\n (netfilter-stable-18_08_17).\n - devicectree: bindings: fix location of leds common file (bsc#1051510).\n - device-dax: Add missing address_space_operations (bsc#1107783).\n - device-dax: Enable page_mapping() (bsc#1107783).\n - device-dax: Set page-&gt;index (bsc#1107783).\n - /dev/mem: Add bounce buffer for copy-out (git-fixes).\n - /dev/mem: Avoid overwriting &quot;err&quot; in read_mem() (git-fixes).\n - dma-buf: remove redundant initialization of sg_table (bsc#1051510).\n - dmaengine: hsu: Support dmaengine_terminate_sync() (bsc#1051510).\n - dmaengine: idma64: Support dmaengine_terminate_sync() (bsc#1051510).\n - dmaengine: mv_xor_v2: kill the tasklets upon exit (bsc#1051510).\n - doc/README.SUSE: Remove mentions of cloneconfig (bsc#1103636).\n - docs: zh_CN: fix location of oops-tracing.txt (bsc#1051510).\n - Documentation: add some docs for errseq_t (bsc#1107008).\n - Documentation: ip-sysctl.txt: document addr_gen_mode (bsc#1051510).\n - driver core: add __printf verification to __ata_ehi_pushv_desc\n (bsc#1051510).\n - drivers: hv: vmbus: do not mark HV_PCIE as perf_device (bsc#1051510).\n - drivers: hv: vmbus: Fix the offer_in_progress in vmbus_process_offer()\n (bsc#1051510).\n - drm: Add and handle new aspect ratios in DRM layer ().\n - drm: Add aspect ratio parsing in DRM layer ().\n - drm: Add DRM client cap for aspect-ratio ().\n - drm/amdgpu:add new firmware id for VCN (bsc#1051510).\n - drm/amdgpu:add tmr mc address into amdgpu_firmware_info (bsc#1051510).\n - drm/amdgpu: Fix RLC safe mode test in gfx_v9_0_enter_rlc_safe_mode\n (bsc#1051510).\n - drm/amdgpu: fix swapped emit_ib_size in vce3 (bsc#1051510).\n - drm/amdgpu: update tmr mc address (bsc#1100132).\n - drm/amd/pp/Polaris12: Fix a chunk of registers missed to program\n (bsc#1051510).\n - drm/armada: fix colorkey mode property (bsc#1051510).\n - drm/armada: fix irq handling (bsc#1051510).\n - drm/arm/malidp: Preserve LAYER_FORMAT contents when setting format\n (bsc#1051510).\n - drm/bridge: adv7511: Reset registers on hotplug (bsc#1051510).\n - drm/bridge/sii8620: Fix display of packed pixel modes (bsc#1051510).\n - drm/bridge/sii8620: fix display of packed pixel modes in MHL2\n (bsc#1051510).\n - drm/bridge/sii8620: fix loops in EDID fetch logic (bsc#1051510).\n - drm/cirrus: Use drm_framebuffer_put to avoid kernel oops in clean-up\n (bsc#1101822).\n - drm/edid: Add 6 bpc quirk for SDC panel in Lenovo B50-80 (bsc#1051510).\n - drm: Expose modes with aspect ratio, only if requested ().\n - drm/exynos: decon5433: Fix per-plane global alpha for XRGB modes\n (bsc#1051510).\n - drm/exynos: decon5433: Fix WINCONx reset value (bsc#1051510).\n - drm/exynos: gsc: Fix support for NV16/61, YUV420/YVU420 and YUV422 modes\n (bsc#1051510).\n - drm/fb-helper: Fix typo on kerneldoc (bsc#1051510).\n - drm: Handle aspect ratio info in legacy modeset path ().\n - drm/i915/aml: Introducing Amber Lake platform ().\n - drm/i915/audio: Fix audio enumeration issue on BXT ().\n - drm/i915/cfl: Add a new CFL PCI ID ().\n - drm/i915/gvt: clear ggtt entries when destroy vgpu (bsc#1051510).\n - drm/i915/gvt: Fix the incorrect length of child_device_config issue\n (bsc#1051510).\n - drm/i915/gvt: Off by one in intel_vgpu_write_fence() (bsc#1051510).\n - drm/i915/gvt: request srcu_read_lock before checking if one gfn is valid\n (bsc#1051510).\n - drm/i915: Increase LSPCON timeout (bsc#1051510).\n - drm/i915/kvmgt: Fix potential Spectre v1 (bsc#1051510).\n - drm/i915/lpe: Mark LPE audio runtime pm as &quot;no callbacks&quot; (bsc#1051510).\n - drm/i915: Nuke the LVDS lid notifier (bsc#1051510).\n - drm/i915: Only show debug for state changes when banning (bsc#1051510).\n - drm/i915/overlay: Allocate physical registers from stolen (bsc#1051510).\n - drm/i915: Restore user forcewake domains across suspend (bsc#1100132).\n - drm/i915: set DP Main Stream Attribute for color range on DDI platforms\n (bsc#1051510).\n - drm/i915: Unmask user interrupts writes into HWSP on snb/ivb/vlv/hsw\n (bsc#1051510).\n - drm/i915/whl: Introducing Whiskey Lake platform ().\n - drm/imx: imx-ldb: check if channel is enabled before printing warning\n (bsc#1051510).\n - drm/imx: imx-ldb: disable LDB on driver bind (bsc#1051510).\n - drm: mali-dp: Enable Global SE interrupts mask for DP500 (bsc#1051510).\n - drm/modes: Introduce drm_mode_match() ().\n - drm/nouveau/drm/nouveau: Fix bogus drm_kms_helper_poll_enable()\n placement (bsc#1051510).\n - drm/panel: type promotion bug in s6e8aa0_read_mtp_id() (bsc#1051510).\n - drm/rockchip: lvds: add missing of_node_put (bsc#1051510).\n - drm/tegra: Check for malformed offsets and sizes in the 'submit' IOCTL\n (bsc#1106170).\n - drm/tegra: Fix comparison operator for buffer size (bsc#1100132).\n - drm/vc4: Fix the &quot;no scaling&quot; case on multi-planar YUV formats\n (bsc#1051510).\n - dwc2: gadget: Fix ISOC IN DDMA PID bitfield value calculation\n (bsc#1051510).\n - EDAC, altera: Fix ARM64 build warning (bsc#1051510).\n - EDAC: Fix memleak in module init error path (bsc#1051510).\n - EDAC, i7core: Fix memleaks and use-after-free on probe and remove\n (bsc#1051510).\n - EDAC, mv64x60: Fix an error handling path (bsc#1051510).\n - EDAC, octeon: Fix an uninitialized variable warning (bsc#1051510).\n - EDAC, sb_edac: Fix missing break in switch (bsc#1051510).\n - errseq: Add to documentation tree (bsc#1107008).\n - errseq: Always report a writeback error once (bsc#1107008).\n - ext2: auto disable dax instead of failing mount (bsc#1104888).\n - ext2, dax: introduce ext2_dax_aops (bsc#1104888).\n - ext4: auto disable dax instead of failing mount (bsc#1104888).\n - ext4, dax: add ext4_bmap to ext4_dax_aops (bsc#1104888).\n - ext4, dax: introduce ext4_dax_aops (bsc#1104888).\n - ext4, dax: set ext4_dax_aops for dax files (bsc#1104888).\n - ext4: sysfs: print ext4_super_block fields as little-endian\n (bsc#1106229).\n - extcon: Release locking when sending the notification of connector state\n (bsc#1051510).\n - f2fs: remove unneeded memory footprint accounting (bsc#1106233).\n - f2fs: remove unneeded memory footprint accounting (bsc#1106297).\n - f2fs: validate before set/clear free nat bitmap (bsc#1106231).\n - f2fs: validate before set/clear free nat bitmap (bsc#1106297).\n - fat: fix memory allocation failure handling of match_strdup()\n (bsc#1051510).\n - fbdev: Distinguish between interlaced and progressive modes\n (bsc#1051510).\n - fbdev: omapfb: off by one in omapfb_register_client() (bsc#1051510).\n - fbdev/via: fix defined but not used warning (bsc#1051510).\n - fb: fix lost console when the user unplugs a USB adapter (bsc#1051510).\n - filesystem-dax: Introduce dax_lock_mapping_entry() (bsc#1107783).\n - filesystem-dax: Set page-&gt;index (bsc#1107783).\n - fix a page leak in vhost_scsi_iov_to_sgl() error recovery (bsc#1051510).\n - Fix buggy backport in\n patches.fixes/dax-check-for-queue_flag_dax-in-bdev_dax_supported.patch\n (bsc#1109859)\n - Fix kABI breakage due to enum addition for ath10k (bsc#1051510).\n - Fix kABI breakage with libertas dev field addition (bsc#1051510).\n - Fix kABI breakage with removing field addition to power_supply\n (bsc#1051510).\n - Fix kexec forbidding kernels signed with keys in the secondary keyring\n to boot (bsc#1110006).\n - fix __legitimize_mnt()/mntput() race (bsc#1106297).\n - fix mntput/mntput race (bsc#1106297).\n - fs/9p/xattr.c: catch the error of p9_client_clunk when setting xattr\n failed (bsc#1051510).\n - fs, dax: prepare for dax-specific address_space_operations (bsc#1104888).\n - fs, dax: use page-&gt;mapping to warn if truncate collides with a busy page\n (bsc#1104888).\n - fs/proc/proc_sysctl.c: fix potential page fault while unregistering\n sysctl table (bsc#1106297).\n - fuse: Add missed unlock_page() to fuse_readpages_fill() (bsc#1106291).\n - fuse: fix double request_end() (bsc#1106291).\n - fuse: fix initial parallel dirops (bsc#1106291).\n - fuse: Fix oops at process_init_reply() (bsc#1106291).\n - fuse: fix unlocked access to processing queue (bsc#1106291).\n - fuse: umount should wait for all requests (bsc#1106291).\n - geneve: update skb dst pmtu on tx path (bsc#1051510).\n - genirq: Add handle_fasteoi_{level,edge}_irq flow handlers (bsc#1105378).\n - genirq: Export more irq_chip_*_parent() functions (bsc#1105378).\n - genirq: Fix editing error in a comment (bsc#1051510).\n - genirq: Make force irq threading setup more robust (bsc#1051510).\n - gen_stats: Fix netlink stats dumping in the presence of padding\n (netfilter-stable-18_07_23).\n - getxattr: use correct xattr length (bsc#1106235).\n - getxattr: use correct xattr length (bsc#1106297).\n - gpio: Add gpio driver support for ThunderX and OCTEON-TX (bsc#1105378).\n - gpio: Fix wrong rounding in gpio-menz127 (bsc#1051510).\n - gpiolib-acpi: make sure we trigger edge events at least once on boot\n (bsc#1051510).\n - gpiolib: acpi: Switch to cansleep version of GPIO library call\n (bsc#1051510).\n - gpiolib: Mark gpio_suffixes array with __maybe_unused (bsc#1051510).\n - gpio: ml-ioh: Fix buffer underwrite on probe error path (bsc#1051510).\n - gpio: pxa: Fix potential NULL dereference (bsc#1051510).\n - gpio: tegra: Move driver registration to subsys_init level (bsc#1051510).\n - gpio: thunderx: fix error return code in thunderx_gpio_probe()\n (bsc#1105378).\n - gpio: thunderx: remove unused .map() hook from irq_domain_ops\n (bsc#1105378).\n - gpu: host1x: Check whether size of unpin isn't 0 (bsc#1051510).\n - gpu: ipu-v3: csi: pass back mbus_code_to_bus_cfg error codes\n (bsc#1051510).\n - gpu: ipu-v3: default to id 0 on missing OF alias (bsc#1051510).\n - gtp: Initialize 64-bit per-cpu stats correctly (bsc#1051510).\n - HID: add quirk for another PIXART OEM mouse used by HP (bsc#1051510).\n - HID: hid-ntrig: add error handling for sysfs_create_group (bsc#1051510).\n - HID: i2c-hid: Add no-irq-after-reset quirk for 0911:5288 device ().\n - hotplug/cpu: Add operation queuing function ().\n - hotplug/cpu: Conditionally acquire/release DRC index ().\n - hotplug/cpu: Provide CPU readd operation ().\n - i2c: core: ACPI: Properly set status byte to 0 for multi-byte writes\n (bsc#1051510).\n - i2c: davinci: Avoid zero value of CLKH (bsc#1051510).\n - i2c: i801: Add missing documentation entries for Braswell and Kaby Lake\n (bsc#1051510).\n - i2c: i801: Add support for Intel Cedar Fork (bsc#1051510).\n - i2c: i801: Add support for Intel Ice Lake (bsc#1051510).\n - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus\n (bsc#1051510).\n - i2c: i801: Consolidate chipset names in documentation and Kconfig\n (bsc#1051510).\n - i2c: i801: fix DNV's SMBCTRL register offset (bsc#1051510).\n - i2c: imx: Fix race condition in dma read (bsc#1051510).\n - i2c: imx: Fix reinit_completion() use (bsc#1051510).\n - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP\n (bsc#1051510).\n - i2c: uniphier: issue STOP only for last message or I2C_M_STOP\n (bsc#1051510).\n - i2c: xiic: Make the start and the byte count write atomic (bsc#1051510).\n - i2c: xlp9xx: Fix case where SSIF read transaction completes early\n (bsc#1105907).\n - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1105907).\n - i2c: xlp9xx: Make sure the transfer size is not more than\n I2C_SMBUS_BLOCK_SIZE (bsc#1105907).\n - i40e: fix condition of WARN_ONCE for stat strings (bsc#1107522).\n - IB/core: type promotion bug in rdma_rw_init_one_mr() (bsc#1046306).\n - IB/hfi1: Invalid NUMA node information can cause a divide by zero\n (bsc#1060463).\n - IB/hfi1: Remove incorrect call to do_interrupt callback (bsc#1060463).\n - IB/hfi1: Set in_use_ctxts bits for user ctxts only (bsc#1060463 ).\n - IB/ipoib: Avoid a race condition between start_xmit and cm_rep_handler\n (bsc#1046307).\n - IB/ipoib: Fix error return code in ipoib_dev_init() (bsc#1046307 ).\n - IB/IPoIB: Set ah valid flag in multicast send flow (bsc#1046307 ).\n - IB/mlx4: Test port number before querying type (bsc#1046302 ).\n - IB/mlx4: Use 4K pages for kernel QP's WQE buffer (bsc#1046302 ).\n - IB/mlx5: fix uaccess beyond &quot;count&quot; in debugfs read/write handlers\n (bsc#1046305).\n - ibmvnic: Include missing return code checks in reset function\n (bnc#1107966).\n - ib_srpt: Fix a use-after-free in srpt_close_ch() (bsc#1046306 ).\n - ieee802154: ca8210: fix uninitialised data read (bsc#1051510).\n - ieee802154: fix gcc-4.9 warnings (bsc#1051510).\n - ieee802154: mrf24j40: fix incorrect mask in mrf24j40_stop (bsc#1051510).\n - iio: 104-quad-8: Fix off-by-one error in register selection\n (bsc#1051510).\n - iio: ad9523: Fix displayed phase (bsc#1051510).\n - iio: ad9523: Fix return value for ad952x_store() (bsc#1051510).\n - iio: adc: ina2xx: avoid kthread_stop() with stale task_struct\n (bsc#1051510).\n - iio: adc: sun4i-gpadc: select REGMAP_IRQ (bsc#1051510).\n - iio: sca3000: Fix an error handling path in 'sca3000_probe()'\n (bsc#1051510).\n - iio: sca3000: Fix missing return in switch (bsc#1051510).\n - ima: based on policy verify firmware signatures (pre-allocated buffer)\n (bsc#1051510).\n - include/rdma/opa_addr.h: Fix an endianness issue (bsc#1046306 ).\n - init: rename and re-order boot_cpu_state_init() (bsc#1104365).\n - Input: atmel_mxt_ts - only use first T9 instance (bsc#1051510).\n - Input: edt-ft5x06 - fix error handling for factory mode on non-M06\n (bsc#1051510).\n - Input: edt-ft5x06 - implement support for the EDT-M12 series\n (bsc#1051510).\n - Input: edt-ft5x06 - make distinction between m06/m09/generic more clear\n (bsc#1051510).\n - Input: elantech - enable middle button of touchpad on ThinkPad P72\n (bsc#1051510).\n - input: rohm_bu21023: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)\n (bsc#1051510).\n - Input: synaptics-rmi4 - fix axis-swap behavior (bsc#1051510).\n - intel_th: Fix device removal logic (bsc#1051510).\n - iommu/amd: Add support for higher 64-bit IOMMU Control Register ().\n - iommu/amd: Add support for IOMMU XT mode ().\n - iommu/amd: Finish TLB flush in amd_iommu_unmap() (bsc#1106105).\n - iommu/amd: make sure TLB to be flushed before IOVA freed (bsc#1106105).\n - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105).\n - iommu/arm-smmu-v3: Do not free page table ops twice (bsc#1106237).\n - iommu/vt-d: Fix a potential memory leak (bsc#1106105).\n - iommu/vt-d: Ratelimit each dmar fault printing (bsc#1106105).\n - ioremap: Update pgtable free interfaces with addr (bsc#1110006).\n - ipc/shm: fix shmat() nil address after round-down when remapping\n (bsc#1090078).\n - ip: hash fragments consistently (netfilter-stable-18_07_27).\n - ip: in cmsg IP(V6)_ORIGDSTADDR call pskb_may_pull\n (netfilter-stable-18_07_27).\n - ipmi:bt: Set the timeout before doing a capabilities check (bsc#1051510).\n - ipmi: Fix some counter issues (bsc#1105907).\n - ipmi: Move BT capabilities detection to the detect call (bsc#1106779).\n - ipmi/powernv: Fix error return code in ipmi_powernv_probe() (git-fixes).\n - ipmi: Remove ACPI SPMI probing from the SSIF (I2C) driver (bsc#1105907).\n - ipv4: remove BUG_ON() from fib_compute_spec_dst\n (netfilter-stable-18_08_01).\n - ipv4: Return EINVAL when ping_group_range sysctl does not map to user ns\n (netfilter-stable-18_07_23).\n - ipv6: fix useless rol32 call on hash (netfilter-stable-18_07_23).\n - ipv6: ila: select CONFIG_DST_CACHE (netfilter-stable-18_07_23).\n - ipv6: make DAD fail with enhanced DAD when nonce length differs\n (netfilter-stable-18_07_23).\n - ipv6: sr: fix passing wrong flags to crypto_alloc_shash()\n (networking-stable-18_07_19).\n - ipvlan: fix IFLA_MTU ignored on NEWLINK (networking-stable-18_07_19).\n - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP\n (bsc#1051510).\n - irqdomain: Add irq_domain_{push,pop}_irq() functions (bsc#1105378).\n - irqdomain: Check for NULL function pointer in\n irq_domain_free_irqs_hierarchy() (bsc#1105378).\n - irqdomain: Factor out code to add and remove items to and from the\n revmap (bsc#1105378).\n - irqdomain: Prevent potential NULL pointer dereference in\n irq_domain_push_irq() (bsc#1105378).\n - irqdomain: Update the comments of fwnode field of irq_domain structure\n (bsc#1051510).\n - isdn: Disable IIOCDBGVAR (bsc#1051510).\n - iw_cxgb4: remove duplicate memcpy() in c4iw_create_listen()\n (bsc#1046543).\n - iwlwifi: pcie: do not access periphery registers when not available\n (bsc#1051510).\n - ixgbe: Refactor queue disable logic to take completion time into account\n (bsc#1101557).\n - ixgbe: Reorder Tx/Rx shutdown to reduce time needed to stop device\n (bsc#1101557).\n - kabi fix for check_disk_size_change() (bsc#1098459).\n - kabi: move s390 mm_context_t lock to mm_struct and ignore the change\n (bsc#1103421).\n - kabi: move the new handler to end of machdep_calls and hide it from\n genksyms (bsc#1094244).\n - kabi protect hnae_ae_ops (bsc#1107924).\n - kabi protect struct kvm_sync_regs (bsc#1106948).\n - kabi/severities: Whitelist libceph, rbd, and ceph (bsc#1096748).\n - kabi: tpm: change relinquish_locality return value back to void\n (bsc#1082555).\n - kabi: tpm: do keep the cmd_ready and go_idle as pm ops (bsc#1082555).\n - kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+\n (bnc#1105536).\n - kprobes/x86: Release insn_slot in failure path (bsc#1110006).\n - kthread, tracing: Do not expose half-written comm when creating kthreads\n (bsc#1104897).\n - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to\n cmpxchg() (bsc#1108010).\n - kvm: Enforce error in ioctl for compat tasks when !KVM_COMPAT\n (bsc#1106240).\n - kvm: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240).\n - kvm: nVMX: Fix fault vector for VMX operation at CPL &gt; 0 (bsc#1106105).\n - kvm: nVMX: Fix injection to L2 when L1 do not intercept\n external-interrupts (bsc#1106240).\n - kvm: nVMX: Fix races when sending nested PI while dest enters/leaves L2\n (bsc#1106240).\n - kvm: nVMX: Re-evaluate L1 pending events when running L2 and L1 got\n posted-interrupt (bsc#1106240).\n - kvm: nVMX: Use nested_run_pending rather than from_vmentry (bsc#1106240).\n - kvm: PPC: Book3S: Fix guest DMA when guest partially backed by THP pages\n (bsc#1077761, git-fixes, bsc#1103948, bsc#1103949).\n - kvm: PPC: Book3S HV: Use correct pagesize in kvm_unmap_radix()\n (bsc#1061840, git-fixes).\n - kvm: s390: add etoken support for guests (bsc#1106948, LTC#171029).\n - kvm: s390: force bp isolation for VSIE (bsc#1103421).\n - kvm: s390: implement CPU model only facilities (bsc#1106948, LTC#171029).\n - kvm: VMX: Do not allow reexecute_instruction() when skipping MMIO instr\n (bsc#1106240).\n - kvm: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).\n - kvm: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state'\n (bsc#1106369).\n - kvm: x86: Change __kvm_apic_update_irr() to also return if max IRR\n updated (bsc#1106240).\n - kvm: x86: Default to not allowing emulation retry in kvm_mmu_page_fault\n (bsc#1106240).\n - kvm: x86: Do not re-{try,execute} after failed emulation in L2\n (bsc#1106240).\n - kvm: x86: fix APIC page invalidation (bsc#1106240).\n - kvm: x86: Invert emulation re-execute behavior to make it opt-in\n (bsc#1106240).\n - kvm: x86: Merge EMULTYPE_RETRY and EMULTYPE_ALLOW_REEXECUTE\n (bsc#1106240).\n - kvm/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240).\n - kvm: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts\n disabled (git-fixes 1f50ddb4f418).\n - kvm: x86: vmx: fix vpid leak (bsc#1106240).\n - l2tp: use sk_dst_check() to avoid race on sk-&gt;sk_dst_cache\n (netfilter-stable-18_08_17).\n - lan78xx: Check for supported Wake-on-LAN modes (bsc#1051510).\n - lan78xx: Lan7801 Support for Fixed PHY (bsc#1085262).\n - lan78xx: remove redundant initialization of pointer 'phydev'\n (bsc#1085262).\n - lan78xx: Set ASD in MAC_CR when EEE is enabled (bsc#1085262).\n - leds: max8997: use mode when calling max8997_led_set_mode (bsc#1051510).\n - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()\n (bsc#1051510).\n - libata: Fix command retry decision (bsc#1051510).\n - libata: Fix compile warning with ATA_DEBUG enabled (bsc#1051510).\n - libbpf: Makefile set specified permission mode (bsc#1083647).\n - libceph: check authorizer reply/challenge length before reading\n (bsc#1096748).\n - libceph: factor out __ceph_x_decrypt() (bsc#1096748).\n - libceph: factor out encrypt_authorizer() (bsc#1096748).\n - libceph: factor out __prepare_write_connect() (bsc#1096748).\n - libceph: store ceph_auth_handshake pointer in ceph_connection\n (bsc#1096748).\n - libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()\n (bsc#1096748).\n - libertas: fix suspend and resume for SDIO connected cards (bsc#1051510).\n - lib/iov_iter: Fix pipe handling in _copy_to_iter_mcsafe() (bsc#1098782).\n - libnvdimm, btt: fix uninitialized err_lock (bsc#1103961).\n - libnvdimm: fix ars_status output length calculation (bsc#1104890).\n - libnvdimm, nfit: enable support for volatile ranges (bsc#1103961).\n - libnvdimm, nfit: move the check on nd_reserved2 to the endpoint\n (bsc#1103961).\n - libnvdimm, pmem: Fix memcpy_mcsafe() return code handling in\n nsio_rw_bytes() (bsc#1098782).\n - libnvdimm, pmem: Restore page attributes when clearing errors\n (bsc#1107783).\n - libnvdimm: rename nd_sector_size_{show,store} to\n nd_size_select_{show,store} (bsc#1103961).\n - libnvdimm: Use max contiguous area for namespace size (git-fixes).\n - lib/rhashtable: consider param-&gt;min_size when setting initial table size\n (bsc#1051510).\n - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1051510).\n - lib/vsprintf: Remove atomic-unsafe support for %pCr (bsc#1051510).\n - Limit kernel-source build to architectures for which we build binaries\n (bsc#1108281).\n - livepatch: Remove reliable stacktrace check in klp_try_switch_task()\n (bsc#1071995).\n - livepatch: Validate module/old func name length (bsc#1071995).\n - llc: use refcount_inc_not_zero() for llc_sap_find()\n (netfilter-stable-18_08_17).\n - mac80211: add stations tied to AP_VLANs during hw reconfig (bsc#1051510).\n - mac80211: always account for A-MSDU header changes (bsc#1051510).\n - mac80211: avoid kernel panic when building AMSDU from non-linear SKB\n (bsc#1051510).\n - mac80211: fix an off-by-one issue in A-MSDU max_subframe computation\n (bsc#1051510).\n - mac80211: fix pending queue hang due to TX_DROP (bsc#1051510).\n - mac80211: restrict delayed tailroom needed decrement (bsc#1051510).\n - macros.kernel-source: pass -b properly in kernel module package\n (bsc#1107870).\n - mailbox: xgene-slimpro: Fix potential NULL pointer dereference\n (bsc#1051510).\n - MAINTAINERS: fix location of ina2xx.txt device tree file (bsc#1051510).\n - md-cluster: clear another node's suspend_area after the copy is finished\n (bsc#1106333).\n - md-cluster: do not send msg if array is closing (bsc#1106333).\n - md-cluster: release RESYNC lock after the last resync message\n (bsc#1106688).\n - md-cluster: show array's status more accurate (bsc#1106333).\n - media: exynos4-is: Prevent NULL pointer dereference in\n __isp_video_try_fmt() (bsc#1051510).\n - media: mem2mem: Remove excessive try_run call (bsc#1051510).\n - media: omap3isp: fix unbalanced dma_iommu_mapping (bsc#1051510).\n - media: omap3isp: zero-initialize the isp cam_xclk{a,b} initial data\n (bsc#1051510).\n - media: Revert &quot;[media] tvp5150: fix pad format frame height&quot;\n (bsc#1051510).\n - media: rtl28xxu: be sure that it won't go past the array size\n (bsc#1051510).\n - media: tw686x: Fix oops on buffer alloc failure (bsc#1051510).\n - media: v4l2-mem2mem: Fix missing v4l2_m2m_try_run call (bsc#1051510).\n - media: videobuf2-core: do not call memop 'finish' when queueing\n (bsc#1051510).\n - mei: bus: type promotion bug in mei_nfc_if_version() (bsc#1051510).\n - mei: do not update offset in write (bsc#1051510).\n - mei: ignore not found client in the enumeration (bsc#1051510).\n - mei: me: enable asynchronous probing ().\n - memcg, thp: do not invoke oom killer on thp charges (bnc#1089663).\n - memory: tegra: Apply interrupts mask per SoC (bsc#1051510).\n - memory: tegra: Do not handle spurious interrupts (bsc#1051510).\n - mfd: 88pm860x-i2c: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT)\n (bsc#1051510).\n - mfd: arizona: Do not use regmap_read_poll_timeout (bsc#1051510).\n - mfd: intel-lpss: Add Ice Lake PCI IDs (bsc#1051510).\n - mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Apollo Lake\n (bsc#1051510).\n - mfd: sm501: Set coherent_dma_mask when creating subdevices (bsc#1051510).\n - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bsc#1051510).\n - mlxsw: core_acl_flex_actions: Return error for conflicting actions\n (netfilter-stable-18_08_17).\n - mmc: omap_hsmmc: fix wakeirq handling on removal (bsc#1051510).\n - mmc: sdhci: do not try to use 3.3V signaling if not supported\n (bsc#1051510).\n - mmc: sdhci-of-esdhc: set proper dma mask for ls104x chips (bsc#1051510).\n - mmc: tegra: prevent HS200 on Tegra 3 (bsc#1051510).\n - mm, dax: introduce pfn_t_special() (bsc#1104888).\n - mm: fix devmem_is_allowed() for sub-page System RAM intersections\n (bsc#1106800).\n - mm/huge_memory.c: fix data loss when splitting a file pmd (bnc#1107074).\n - mm/hugetlb: filter out hugetlb pages if HUGEPAGE migration is not\n supported (bnc#1106697).\n - mm, madvise_inject_error: Disable MADV_SOFT_OFFLINE for ZONE_DEVICE\n pages (bsc#1107783).\n - mm, madvise_inject_error: Let memory_failure() optionally take a page\n reference (bsc#1107783).\n - mm: memcg: fix use after free in mem_cgroup_iter() (bnc#1107065).\n - mm, memory_failure: Collect mapping size in collect_procs()\n (bsc#1107783).\n - mm, memory_failure: Teach memory_failure() about dev_pagemap pages\n (bsc#1107783).\n - mm, numa: Migrate pages to local nodes quicker early in the lifetime of\n a task (bnc#1101669 optimise numa balancing for fast migrate).\n - mm, numa: Remove rate-limiting of automatic numa balancing migration\n (bnc#1101669 optimise numa balancing for fast migrate).\n - mm, numa: Remove rate-limiting of automatic numa balancing migration\n kabi (bnc#1101669 optimise numa balancing for fast migrate).\n - mm, page_alloc: double zone's batchsize (bnc#971975 VM performance --\n page allocator).\n - mm/vmalloc: add interfaces to free unmapped page table (bsc#1110006).\n - mm/vmscan: wake up flushers for legacy cgroups too (bnc#1107061).\n - module: exclude SHN_UNDEF symbols from kallsyms api (bsc#1071995).\n - Move the previous hv netvsc fix to the sorted section (bsc#1104708)\n - net/9p/client.c: version pointer uninitialized (bsc#1051510).\n - net/9p: fix error path of p9_virtio_probe (bsc#1051510).\n - net/9p: Switch to wait_event_killable() (bsc#1051510).\n - net/9p/trans_fd.c: fix race by holding the lock (bsc#1051510).\n - net/9p/trans_fd.c: fix race-condition by flushing workqueue before the\n kfree() (bsc#1051510).\n - net: bcmgenet: correct bad merge (bsc#1051510).\n - net: bcmgenet: enable loopback during UniMAC sw_reset (bsc#1051510).\n - net: bcmgenet: Fix sparse warnings in bcmgenet_put_tx_csum()\n (bsc#1051510).\n - net: bcmgenet: Fix unmapping of fragments in bcmgenet_xmit()\n (bsc#1051510).\n - net: bcmgenet: prevent duplicate calls of bcmgenet_dma_teardown\n (bsc#1051510).\n - net: dccp: avoid crash in ccid3_hc_rx_send_feedback()\n (networking-stable-18_07_19).\n - net: dccp: switch rx_tstamp_last_feedback to monotonic clock\n (networking-stable-18_07_19).\n - net: diag: Do not double-free TCP_NEW_SYN_RECV sockets in tcp_abort\n (netfilter-stable-18_07_23).\n - net: dsa: Do not suspend/resume closed slave_dev\n (netfilter-stable-18_08_04).\n - net: ena: Eliminate duplicate barriers on weakly-ordered archs\n (bsc#1108093).\n - net: ena: fix device destruction to gracefully free resources\n (bsc#1108093).\n - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108093).\n - net: ena: fix incorrect usage of memory barriers (bsc#1108093).\n - net: ena: fix missing calls to READ_ONCE (bsc#1108093).\n - net: ena: fix missing lock during device destruction (bsc#1108093).\n - net: ena: fix potential double ena_destroy_device() (bsc#1108093).\n - net: ena: fix surprise unplug NULL dereference kernel crash\n (bsc#1108093).\n - net: ena: Fix use of uninitialized DMA address bits field\n (netfilter-stable-18_08_01).\n - net: ethernet: mvneta: Fix napi structure mixup on armada 3700\n (networking-stable-18_08_21).\n - netfilter: do not set F_IFACE on ipv6 fib lookups\n (netfilter-stable-18_06_25).\n - netfilter: ip6t_rpfilter: provide input interface for route lookup\n (netfilter-stable-18_06_25).\n - netfilter: ip6t_rpfilter: set F_IFACE for linklocal addresses\n (git-fixes).\n - netfilter: nat: Revert &quot;netfilter: nat: convert nat bysrc hash to\n rhashtable&quot; (netfilter-stable-17_11_16).\n - netfilter: nf_tables: add missing netlink attrs to policies\n (netfilter-stable-18_06_27).\n - netfilter: nf_tables: do not assume chain stats are set when jumplabel\n is set (netfilter-stable-18_06_27).\n - netfilter: nf_tables: fix memory leak on error exit return\n (netfilter-stable-18_06_27).\n - netfilter: nf_tables: nft_compat: fix refcount leak on xt module\n (netfilter-stable-18_06_27).\n - netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in\n nft_do_chain() (netfilter-stable-18_06_25).\n - netfilter: nft_compat: fix handling of large matchinfo size\n (netfilter-stable-18_06_27).\n - netfilter: nft_compat: prepare for indirect info storage\n (netfilter-stable-18_06_27).\n - netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval\n (netfilter-stable-18_06_27).\n - net: fix amd-xgbe flow-control issue (netfilter-stable-18_08_01).\n - net: fix use-after-free in GRO with ESP (networking-stable-18_07_19).\n - net: hns3: add unlikely for error check (bsc#1104353 ).\n - net: hns3: Fix comments for hclge_get_ring_chain_from_mbx (bsc#1104353).\n - net: hns3: Fix desc num set to default when setting channel\n (bsc#1104353).\n - net: hns3: Fix for command format parsing error in\n hclge_is_all_function_id_zero (bsc#1104353).\n - net: hns3: Fix for information of phydev lost problem when down/up\n (bsc#1104353).\n - net: hns3: Fix for l4 checksum offload bug (bsc#1104353 ).\n - net: hns3: Fix for mac pause not disable in pfc mode (bsc#1104353).\n - net: hns3: Fix for mailbox message truncated problem (bsc#1104353).\n - net: hns3: Fix for phy link issue when using marvell phy driver\n (bsc#1104353).\n - net: hns3: Fix for reset_level default assignment probelm (bsc#1104353).\n - net: hns3: Fix for using wrong mask and shift in\n hclge_get_ring_chain_from_mbx (bsc#1104353).\n - net: hns3: Fix for waterline not setting correctly (bsc#1104353 ).\n - net: hns3: Fix get_vector ops in hclgevf_main module (bsc#1104353).\n - net: hns3: Fix MSIX allocation issue for VF (bsc#1104353 ).\n - net: hns3: fix page_offset overflow when CONFIG_ARM64_64K_PAGES\n (bsc#1104353).\n - net: hns3: Fix return value error in hns3_reset_notify_down_enet\n (bsc#1104353).\n - net: hns3: fix return value error while hclge_cmd_csq_clean failed\n (bsc#1104353).\n - net: hns3: Fix warning bug when doing lp selftest (bsc#1104353 ).\n - net: hns3: modify hnae_ to hnae3_ (bsc#1104353).\n - net: hns3: Prevent sending command during global or core reset\n (bsc#1104353).\n - net: hns3: remove some redundant assignments (bsc#1104353 ).\n - net: hns3: remove unnecessary ring configuration operation while\n resetting (bsc#1104353).\n - net: hns3: simplify hclge_cmd_csq_clean (bsc#1104353 ).\n - net: hns3: Standardize the handle of return value (bsc#1104353 ).\n - net: hns: add netif_carrier_off before change speed and duplex\n (bsc#1107924).\n - net: hns: add the code for cleaning pkt in chip (bsc#1107924).\n - net/ipv4: Set oif in fib_compute_spec_dst (netfilter-stable-18_07_23).\n - netlink: Do not shift on 64 for ngroups (git-fixes).\n - netlink: Do not shift with UB on nlk-&gt;ngroups\n (netfilter-stable-18_08_01).\n - netlink: Do not subscribe to non-existent groups\n (netfilter-stable-18_08_01).\n - netlink: Fix spectre v1 gadget in netlink_create()\n (netfilter-stable-18_08_04).\n - net: mdio-mux: bcm-iproc: fix wrong getter and setter pair\n (netfilter-stable-18_08_01).\n - net/mlx5e: Avoid dealing with vport representors if not being e-switch\n manager (networking-stable-18_07_19).\n - net/mlx5: E-Switch, Avoid setup attempt if not being e-switch manager\n (networking-stable-18_07_19).\n - net: mvneta: fix mvneta_config_rss on armada 3700\n (networking-stable-18_08_21).\n - net: mvneta: fix the Rx desc DMA address in the Rx path\n (networking-stable-18_07_19).\n - net/packet: fix use-after-free (networking-stable-18_07_19).\n - Netperf performance issue due to AppArmor net mediation (bsc#1108520)\n - net: phy: consider PHY_IGNORE_INTERRUPT in phy_start_aneg_priv\n (netfilter-stable-18_07_27).\n - net: phy: fix flag masking in __set_phy_supported\n (netfilter-stable-18_07_23).\n - net: rtnl_configure_link: fix dev flags changes arg to\n __dev_notify_flags (git-fixes).\n - net_sched: blackhole: tell upper qdisc about dropped packets\n (networking-stable-18_07_19).\n - net_sched: Fix missing res info when create new tc_index filter\n (netfilter-stable-18_08_17).\n - net: skb_segment() should not return NULL (netfilter-stable-18_07_27).\n - net: stmmac: align DMA stuff to largest cache line length\n (netfilter-stable-18_08_01).\n - net: stmmac: Fix WoL for PCI-based setups (netfilter-stable-18_08_04).\n - net: stmmac: mark PM functions as __maybe_unused (git-fixes).\n - net: sungem: fix rx checksum support (networking-stable-18_07_19).\n - net: systemport: Fix CRC forwarding check for SYSTEMPORT Lite\n (netfilter-stable-18_07_23).\n - nfc: Fix possible memory corruption when handling SHDLC I-Frame commands\n (bsc#1051510).\n - nfs41: do not return ENOMEM on LAYOUTUNAVAILABLE (git-fixes).\n - nfsd: remove blocked locks on client teardown (git-fixes).\n - nfs/filelayout: fix oops when freeing filelayout segment (bsc#1105190).\n - nfs/filelayout: Fix racy setting of fl-&gt;dsaddr in\n filelayout_check_deviceid() (bsc#1105190).\n - nfs/pnfs: fix nfs_direct_req ref leak when i/o falls back to the mds\n (git-fixes).\n - nfs: Use an appropriate work queue for direct-write completion\n (bsc#1082519).\n - nfsv4 client live hangs after live data migration recovery (git-fixes).\n - nfsv4: Fix a sleep in atomic context in nfs4_callback_sequence()\n (git-fixes).\n - nfsv4: Fix possible 1-byte stack overflow in\n nfs_idmap_read_and_verify_message (git-fixes).\n - nl80211: Add a missing break in parse_station_flags (bsc#1051510).\n - nl80211: check nla_parse_nested() return values (bsc#1051510).\n - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device\n (bsc#1044189).\n - nvme: register ns_id attributes as default sysfs groups (bsc#1105247).\n - parport: sunbpp: fix error return code (bsc#1051510).\n - partitions/aix: append null character to print data from disk\n (bsc#1051510).\n - partitions/aix: fix usage of uninitialized lv_info and lvname structures\n (bsc#1051510).\n - pci: aardvark: Fix I/O space page leak (git-fixes).\n - pci: aardvark: Size bridges before resources allocation (bsc#1109806).\n - pci: Add pci_resize_resource() for resizing BARs (bsc#1105355).\n - pci: Add PCI resource type mask #define (bsc#1105355).\n - pci: Add resizable BAR infrastructure (bsc#1105355).\n - pci: Allow release of resources that were never assigned (bsc#1105355).\n - pci: Cleanup PCI_REBAR_CTRL_BAR_SHIFT handling (bsc#1105355).\n - pci: designware: Fix I/O space page leak (bsc#1109806).\n - pci: faraday: Add missing of_node_put() (bsc#1109806).\n - pci: faraday: Fix I/O space page leak (bsc#1109806).\n - pci: hotplug: Do not leak pci_slot on registration failure (bsc#1051510).\n - pci: hv: Make sure the bus domain is really unique (git-fixes).\n - pci: Match Root Port's MPS to endpoint's MPSS as necessary (bsc#1109269).\n - pci: mvebu: Fix I/O space end address calculation (bsc#1051510).\n - pci: OF: Fix I/O space page leak (git-fixes).\n - pci: pciehp: Fix unprotected list iteration in IRQ handler (bsc#1051510).\n - pci: pciehp: Fix use-after-free on unplug (bsc#1051510).\n - PCI/portdrv: Compute MSI/MSI-X IRQ vectors after final allocation\n (bsc#1109806).\n - PCI/portdrv: Factor out Interrupt Message Number lookup (bsc#1109806).\n - pci: Restore resized BAR state on resume (bsc#1105355).\n - pci: Skip MPS logic for Virtual Functions (VFs) (bsc#1051510).\n - pci: versatile: Fix I/O space page leak (bsc#1109806).\n - pci: xgene: Fix I/O space page leak (bsc#1109806).\n - pci: xilinx: Add missing of_node_put() (bsc#1109806).\n - pci: xilinx-nwl: Add missing of_node_put() (bsc#1109806).\n - pinctrl/amd: only handle irq if it is pending and unmasked (bsc#1051510).\n - pinctrl: cannonlake: Fix community ordering for H variant (bsc#1051510).\n - pinctrl: cannonlake: Fix HOSTSW_OWN register offset of H variant\n (bsc#1051510).\n - pinctrl: core: Return selector to the pinctrl driver (bsc#1051510).\n - pinctrl: freescale: off by one in imx1_pinconf_group_dbg_show()\n (bsc#1051510).\n - pinctrl: imx: off by one in imx_pinconf_group_dbg_show() (bsc#1051510).\n - pinctrl: pinmux: Return selector to the pinctrl driver (bsc#1051510).\n - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant\n (bsc#1051510).\n - pinctrl: single: Fix group and function selector use (bsc#1051510).\n - pipe: actually allow root to exceed the pipe buffer limits (bsc#1106297).\n - platform/x86: alienware-wmi: Correct a memory leak (bsc#1051510).\n - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360\n (bsc#1051510).\n - platform/x86: thinkpad_acpi: Proper model/release matching (bsc#1051510).\n - platform/x86: toshiba_acpi: Fix defined but not used build warnings\n (bsc#1051510).\n - PM / clk: signedness bug in of_pm_clk_add_clks() (bsc#1051510).\n - PM / devfreq: rk3399_dmc: Fix duplicated opp table on reload\n (bsc#1051510).\n - PM / Domains: Fix error path during attach in genpd (bsc#1051510).\n - pmem: Switch to copy_to_iter_mcsafe() (bsc#1098782).\n - PM / runtime: Drop usage count for suppliers at device link removal\n (bsc#1100132).\n - PM / sleep: wakeup: Fix build error caused by missing SRCU support\n (bsc#1051510).\n - pnfs/blocklayout: off by one in bl_map_stripe() (git-fixes).\n - power: gemini-poweroff: Avoid more spurious poweroffs (bsc#1051510).\n - power: generic-adc-battery: check for duplicate properties copied from\n iio channels (bsc#1051510).\n - power: generic-adc-battery: fix out-of-bounds write when copying channel\n properties (bsc#1051510).\n - powernv/pseries: consolidate code for mce early handling (bsc#1094244).\n - powerpc/64s: Default l1d_size to 64K in RFI fallback flush (bsc#1068032,\n git-fixes).\n - powerpc/64s: Fix compiler store ordering to SLB shadow area\n (bsc#1094244).\n - powerpc/64s: Fix DT CPU features Power9 DD2.1 logic (bsc#1055117).\n - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244).\n - powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2\n (bsc#1068032, bsc#1080157, git-fixes).\n - powerpc: Avoid code patching freed init sections (bnc#1107735).\n - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269).\n - powerpc/fadump: re-register firmware-assisted dump if already registered\n (bsc#1108170, bsc#1108823).\n - powerpc: Fix size calculation using resource_size() (bnc#1012382).\n - powerpc: KABI add aux_ptr to hole in paca_struct to extend it with\n additional members (bsc#1094244).\n - powerpc: kabi: move mce_data_buf into paca_aux (bsc#1094244).\n - powerpc/kprobes: Fix call trace due to incorrect preempt count\n (bsc#1065729).\n - powerpc/lib: Fix the feature fixup tests to actually work (bsc#1065729).\n - powerpc: make feature-fixup tests fortify-safe (bsc#1065729).\n - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244).\n - powerpc/numa: Use associativity if VPHN hcall is successful\n (bsc#1110363).\n - powerpc/perf: Fix IMC allocation routine (bsc#1054914).\n - powerpc/perf: Fix memory allocation for core-imc based on\n num_possible_cpus() (bsc#1054914).\n - powerpc/perf: Remove sched_task function defined for thread-imc\n (bsc#1054914).\n - powerpc/pkeys: Fix reading of ibm, processor-storage-keys property\n (bsc#1109244).\n - powerpc/powernv/npu: Do a PID GPU TLB flush when invalidating a large\n address range (bsc#1055120).\n - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX\n (bsc#1094244).\n - powerpc/pseries: Defer the logging of rtas error to irq work queue\n (bsc#1094244).\n - powerpc/pseries: Define MCE error event section (bsc#1094244).\n - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1065729).\n - powerpc/pseries: Display machine check error details (bsc#1094244).\n - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244).\n - powerpc/pseries: fix EEH recovery of some IOV devices (bsc#1078720,\n git-fixes).\n - powerpc/pseries: Fix endianness while restoring of r3 in MCE handler\n (bsc#1094244).\n - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244).\n - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337).\n - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495,\n bsc#1109337).\n - powerpc/tm: Avoid possible userspace r1 corruption on reclaim\n (bsc#1109333).\n - powerpc/tm: Fix userspace r13 corruption (bsc#1109333).\n - powerpc/topology: Get topology for shared processors at boot\n (bsc#1104683).\n - powerpc/xive: Fix trying to &quot;push&quot; an already active pool VP\n (bsc#1085030, git-fixes).\n - power: remove possible deadlock when unregistering power_supply\n (bsc#1051510).\n - power: supply: axp288_charger: Fix initial constant_charge_current value\n (bsc#1051510).\n - power: supply: max77693_charger: fix unintentional fall-through\n (bsc#1051510).\n - power: vexpress: fix corruption in notifier registration (bsc#1051510).\n - ppp: Destroy the mutex when cleanup (bsc#1051510).\n - ppp: fix __percpu annotation (bsc#1051510).\n - pstore: Fix incorrect persistent ram buffer mapping (bsc#1051510).\n - ptp: fix missing break in switch (bsc#1105355).\n - ptr_ring: fail early if queue occupies more than KMALLOC_MAX_SIZE\n (bsc#1105355).\n - ptr_ring: fix up after recent ptr_ring changes (bsc#1105355).\n - ptr_ring: prevent integer overflow when calculating size (bsc#1105355).\n - pwm: tiehrpwm: Fix disabling of output of PWMs (bsc#1051510).\n - qlge: Fix netdev features configuration (bsc#1098822).\n - r8152: Check for supported Wake-on-LAN Modes (bsc#1051510).\n - r8169: add support for NCube 8168 network card (bsc#1051510).\n - random: add new ioctl RNDRESEEDCRNG (bsc#1051510).\n - random: fix possible sleeping allocation from irq context (bsc#1051510).\n - random: mix rdrand with entropy sent in from userspace (bsc#1051510).\n - random: set up the NUMA crng instances after the CRNG is fully\n initialized (bsc#1051510).\n - RDMA/bnxt_re: Fix a bunch of off by one bugs in qplib_fp.c (bsc#1050244).\n - RDMA/bnxt_re: Fix a couple off by one bugs (bsc#1050244 ).\n - RDMA/i40w: Hold read semaphore while looking after VMA (bsc#1058659).\n - RDMA/uverbs: Expand primary and alt AV port checks (bsc#1046306 ).\n - readahead: stricter check for bdi io_pages (VM Functionality, git fixes).\n - regulator: fix crash caused by null driver data (bsc#1051510).\n - reiserfs: fix broken xattr handling (heap corruption, bad retval)\n (bsc#1106236).\n - Replace magic for trusting the secondary keyring with #define\n (bsc#1051510).\n - Revert &quot;btrfs: qgroups: Retry after commit on getting EDQUOT&quot;\n (bsc#1031392).\n - Revert &quot;ipc/shm: Fix shmat mmap nil-page protection&quot; (bsc#1090078).\n - Revert &quot;mm: page_alloc: skip over regions of invalid pfns where\n possible&quot; (bnc#1107078).\n - Revert &quot;pci: Add ACS quirk for Intel 300 series&quot; (bsc#1051510).\n - Revert &quot;UBIFS: Fix potential integer overflow in allocation&quot;\n (bsc#1051510).\n - Revert &quot;vhost: cache used event for better performance&quot; (bsc#1090528).\n - Revert &quot;vmalloc: back off when the current task is killed&quot; (bnc#1107073).\n - rhashtable: add schedule points (bsc#1051510).\n - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication()\n (bsc#1051510).\n - root dentries need RCU-delayed freeing (bsc#1106297).\n - rsi: Fix 'invalid vdd' warning in mmc (bsc#1051510).\n - rtc: ensure rtc_set_alarm fails when alarms are not supported\n (bsc#1051510).\n - rtnetlink: add rtnl_link_state check in rtnl_configure_link\n (netfilter-stable-18_07_27).\n - rxrpc: Fix user call ID check in rxrpc_service_prealloc_one\n (netfilter-stable-18_08_04).\n - s390: always save and restore all registers on context switch\n (bsc#1103421).\n - s390/crypto: Fix return code checking in cbc_paes_crypt() (bnc#1108323,\n LTC#171709).\n - s390: detect etoken facility (bsc#1103421).\n - s390/entry.S: use assembler alternatives (bsc#1103421).\n - s390: fix br_r1_trampoline for machines without exrl (git-fixes,\n bsc#1103421).\n - s390: fix compat system call table (bsc#1103421).\n - s390: fix handling of -1 in set{,fs}id16 syscalls (bsc#1103421).\n - s390/lib: use expoline for all bcr instructions (git-fixes, bsc#1103421).\n - s390/mm: fix local TLB flushing vs. detach of an mm address space\n (bsc#1103421).\n - s390/mm: fix race on mm-&gt;context.flush_mm (bsc#1103421).\n - s390/pci: fix out of bounds access during irq setup (bnc#1108323,\n LTC#171068).\n - s390: Prevent hotplug rwsem recursion (bsc#1105731).\n - s390/qdio: reset old sbal_state flags (LTC#171525, bsc#1106948).\n - s390/qeth: consistently re-enable device features (bsc#1104482,\n LTC#170340).\n - s390/qeth: do not clobber buffer on async TX completion (bsc#1104482,\n LTC#170340).\n - s390/qeth: rely on kernel for feature recovery (bsc#1104482, LTC#170340).\n - s390/qeth: use vzalloc for QUERY OAT buffer (LTC#171527, bsc#1106948).\n - s390/runtime instrumentation: simplify task exit handling (bsc#1103421).\n - s390: use expoline thunks for all branches generated by the BPF JIT\n (bsc#1103421).\n - samples/bpf: adjust rlimit RLIMIT_MEMLOCK for xdp1 (bsc#1083647).\n - sched/debug: Reverse the order of printing faults (bnc#1101669 optimise\n numa balancing for fast migrate).\n - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes).\n - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup\n (git-fixes).\n - sched/numa: Avoid task migration for small NUMA improvement (bnc#1101669\n optimise numa balancing for fast migrate).\n - sched/numa: Do not move imbalanced load purely on the basis of an idle\n CPU (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa\n balancing for fast migrate).\n - sched/numa: Evaluate move once per node (bnc#1101669 optimise numa\n balancing for fast migrate).\n - sched/numa: Modify migrate_swap() to accept additional parameters\n (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Move task_numa_placement() closer to\n numa_migrate_preferred() (bnc#1101669 optimise numa balancing for fast\n migrate).\n - sched/numa: Pass destination CPU as a parameter to migrate_task_rq\n (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Pass destination CPU as a parameter to migrate_task_rq kabi\n (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Remove numa_has_capacity() (bnc#1101669 optimise numa\n balancing for fast migrate).\n - sched/numa: Remove redundant field (bnc#1101669 optimise numa balancing\n for fast migrate).\n - sched/numa: Remove redundant field -kabi (bnc#1101669 optimise numa\n balancing for fast migrate).\n - sched/numa: remove unused code from update_numa_stats() (bnc#1101669\n optimise numa balancing for fast migrate).\n - sched/numa: remove unused nr_running field (bnc#1101669 optimise numa\n balancing for fast migrate).\n - sched/numa: Remove unused task_capacity from 'struct numa_stats'\n (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Remove unused task_capacity from 'struct numa_stats'\n (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Reset scan rate whenever task moves across nodes\n (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Set preferred_node based on best_cpu (bnc#1101669 optimise\n numa balancing for fast migrate).\n - sched/numa: Simplify load_too_imbalanced() (bnc#1101669 optimise numa\n balancing for fast migrate).\n - sched/numa: Skip nodes that are at 'hoplimit' (bnc#1101669 optimise numa\n balancing for fast migrate).\n - sched/numa: Stop comparing tasks for NUMA placement after selecting an\n idle core (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Stop multiple tasks from moving to the CPU at the same time\n (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Stop multiple tasks from moving to the CPU at the same time\n kabi (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Update the scan period without holding the numa_group lock\n (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Use group_weights to identify if migration degrades locality\n (bnc#1101669 optimise numa balancing for fast migrate).\n - sched/numa: Use task faults only if numa_group is not yet set up\n (bnc#1101669 optimise numa balancing for fast migrate).\n - scripts/git_sort/git_sort.py: Add fixes branch from mkp/scsi.git.\n - scripts/git_sort/git_sort.py: add libnvdimm-for-next branch\n - scripts/git_sort/git_sort.py: add mkp 4.20/scsi-queue\n - scripts: modpost: check memory allocation results (bsc#1051510).\n - scsi: cxlflash: Abstract hardware dependent assignments ().\n - scsi: cxlflash: Acquire semaphore before invoking ioctl services ().\n - scsi: cxlflash: Adapter context init can return error ().\n - scsi: cxlflash: Adapter context support for OCXL ().\n - scsi: cxlflash: Add argument identifier names ().\n - scsi: cxlflash: Add include guards to backend.h ().\n - scsi: cxlflash: Avoid clobbering context control register value ().\n - scsi: cxlflash: Enable OCXL operations ().\n - scsi: cxlflash: Explicitly cache number of interrupts per context ().\n - scsi: cxlflash: Handle spurious interrupts ().\n - scsi: cxlflash: Hardware AFU for OCXL ().\n - scsi: cxlflash: Introduce object handle fop ().\n - scsi: cxlflash: Introduce OCXL backend ().\n - scsi: cxlflash: Introduce OCXL context state machine ().\n - scsi: cxlflash: Isolate external module dependencies ().\n - scsi: cxlflash: Limit the debug logs in the IO path ().\n - scsi: cxlflash: MMIO map the AFU ().\n - scsi: cxlflash: Preserve number of interrupts for master contexts ().\n - scsi: cxlflash: Read host AFU configuration ().\n - scsi: cxlflash: Read host function configuration ().\n - scsi: cxlflash: Register for translation errors ().\n - scsi: cxlflash: Remove commmands from pending list on timeout ().\n - scsi: cxlflash: Remove embedded CXL work structures ().\n - scsi: cxlflash: Setup AFU acTag range ().\n - scsi: cxlflash: Setup AFU PASID ().\n - scsi: cxlflash: Setup function acTag range ().\n - scsi: cxlflash: Setup function OCXL link ().\n - scsi: cxlflash: Setup LISNs for master contexts ().\n - scsi: cxlflash: Setup LISNs for user contexts ().\n - scsi: cxlflash: Setup OCXL transaction layer ().\n - scsi: cxlflash: Staging to support future accelerators ().\n - scsi: cxlflash: Support adapter context discovery ().\n - scsi: cxlflash: Support adapter context mmap and release ().\n - scsi: cxlflash: Support adapter context polling ().\n - scsi: cxlflash: Support adapter context reading ().\n - scsi: cxlflash: Support adapter file descriptors for OCXL ().\n - scsi: cxlflash: Support AFU interrupt management ().\n - scsi: cxlflash: Support AFU interrupt mapping and registration ().\n - scsi: cxlflash: Support AFU reset ().\n - scsi: cxlflash: Support AFU state toggling ().\n - scsi: cxlflash: Support file descriptor mapping ().\n - scsi: cxlflash: Support image reload policy modification ().\n - scsi: cxlflash: Support process element lifecycle ().\n - scsi: cxlflash: Support process specific mappings ().\n - scsi: cxlflash: Support reading adapter VPD data ().\n - scsi: cxlflash: Support starting an adapter context ().\n - scsi: cxlflash: Support starting user contexts ().\n - scsi: cxlflash: Synchronize reset and remove ops ().\n - scsi: cxlflash: Use IDR to manage adapter contexts ().\n - scsi: cxlflash: Use local mutex for AFU serialization ().\n - scsi: cxlflash: Yield to active send threads ().\n - scsi_debug: call resp_XXX function after setting host_scribble\n (bsc#1069138).\n - scsi_debug: reset injection flags for every_nth &gt; 0 (bsc#1069138).\n - scsi: fcoe: hold disc_mutex when traversing rport lists (bsc#1077989).\n - scsi: hisi_sas: Add a flag to filter PHY events during reset ().\n - scsi: hisi_sas: add memory barrier in task delivery function ().\n - scsi: hisi_sas: Add missing PHY spinlock init ().\n - scsi: hisi_sas: Add SATA FIS check for v3 hw ().\n - scsi: hisi_sas: Adjust task reject period during host reset ().\n - scsi: hisi_sas: Drop hisi_sas_slot_abort() ().\n - scsi: hisi_sas: Fix the conflict between dev gone and host reset ().\n - scsi: hisi_sas: Fix the failure of recovering PHY from STP link timeout\n ().\n - scsi: hisi_sas: Implement handlers of PCIe FLR for v3 hw ().\n - scsi: hisi_sas: Only process broadcast change in phy_bcast_v3_hw() ().\n - scsi: hisi_sas: Pre-allocate slot DMA buffers ().\n - scsi: hisi_sas: Release all remaining resources in clear nexus ha ().\n - scsi: hisi_sas: relocate some common code for v3 hw ().\n - scsi: hisi_sas: tidy channel interrupt handler for v3 hw ().\n - scsi: hisi_sas: Tidy hisi_sas_task_prep() ().\n - scsi: hisi_sas: tidy host controller reset function a bit ().\n - scsi: hisi_sas: Update a couple of register settings for v3 hw ().\n - scsi: hisi_sas: Use dmam_alloc_coherent() ().\n - scsi: hpsa: limit transfer length to 1MB, not 512kB (bsc#1102346).\n - scsi: ipr: System hung while dlpar adding primary ipr adapter back\n (bsc#1109336).\n - scsi: libfc: Add lockdep annotations (bsc#1077989).\n - scsi: libfc: fixup lockdep annotations (bsc#1077989).\n - scsi: libfc: fixup 'sleeping function called from invalid context'\n (bsc#1077989).\n - scsi: libfc: hold disc_mutex in fc_disc_stop_rports() (bsc#1077989).\n - scsi: lpfc: Correct MDS diag and nvmet configuration (bsc#1106636).\n - scsi: mpt3sas: Fix calltrace observed while running IO &amp; reset\n (bsc#1077989).\n - scsi: qla2xxx: Add appropriate debug info for invalid RX_ID\n (bsc#1108870).\n - scsi: qla2xxx: Add logic to detect ABTS hang and response completion\n (bsc#1108870).\n - scsi: qla2xxx: Add longer window for chip reset (bsc#1086327,).\n - scsi: qla2xxx: Add mode control for each physical port (bsc#1108870).\n - scsi: qla2xxx: Add support for ZIO6 interrupt threshold (bsc#1108870).\n - scsi: qla2xxx: Allow FC-NVMe underrun to be handled by transport\n (bsc#1108870).\n - scsi: qla2xxx: Check for Register disconnect (bsc#1108870).\n - scsi: qla2xxx: Cleanup for N2N code (bsc#1086327,).\n - scsi: qla2xxx: Decrement login retry count for only plogi (bsc#1108870).\n - scsi: qla2xxx: Defer chip reset until target mode is enabled\n (bsc#1108870).\n - scsi: qla2xxx: Fix deadlock between ATIO and HW lock (bsc#1108870).\n - scsi: qla2xxx: Fix double increment of switch scan retry count\n (bsc#1108870).\n - scsi: qla2xxx: Fix dropped srb resource (bsc#1108870).\n - scsi: qla2xxx: Fix duplicate switch's Nport ID entries (bsc#1108870).\n - scsi: qla2xxx: Fix early srb free on abort (bsc#1108870).\n - scsi: qla2xxx: Fix iIDMA error (bsc#1108870).\n - scsi: qla2xxx: Fix incorrect port speed being set for FC adapters\n (bsc#1108870).\n - scsi: qla2xxx: Fix ISP recovery on unload (bsc#1086327,).\n - scsi: qla2xxx: Fix issue reported by static checker for\n qla2x00_els_dcmd2_sp_done() (bsc#1086327,).\n - scsi: qla2xxx: Fix login retry count (bsc#1086327,).\n - scsi: qla2xxx: Fix Management Server NPort handle reservation logic\n (bsc#1086327,).\n - scsi: qla2xxx: Fix N2N link re-connect (bsc#1086327,).\n - scsi: qla2xxx: Fix out of order Termination and ABTS response\n (bsc#1108870).\n - scsi: qla2xxx: Fix port speed display on chip reset (bsc#1108870).\n - scsi: qla2xxx: Fix premature command free (bsc#1108870).\n - scsi: qla2xxx: Fix process response queue for ISP26XX and above\n (bsc#1108870).\n - scsi: qla2xxx: Fix race between switch cmd completion and timeout\n (bsc#1086327,).\n - scsi: qla2xxx: Fix race condition for resource cleanup (bsc#1108870).\n - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1086327,).\n - scsi: qla2xxx: Fix Remote port registration (bsc#1108870).\n - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1086327,).\n - scsi: qla2xxx: Fix stalled relogin (bsc#1086327,).\n - scsi: qla2xxx: Fix stuck session in PLOGI state (bsc#1108870).\n - scsi: qla2xxx: Fix unintended Logout (bsc#1086327,).\n - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1086327,).\n - scsi: qla2xxx: Force fw cleanup on ADISC error (bsc#1108870).\n - scsi: qla2xxx: Increase abort timeout value (bsc#1108870).\n - scsi: qla2xxx: Migrate NVME N2N handling into state machine\n (bsc#1086327,).\n - scsi: qla2xxx: Move ABTS code behind qpair (bsc#1108870).\n - scsi: qla2xxx: Move {get|rel}_sp to base_qpair struct (bsc#1108870).\n - scsi: qla2xxx: Move rport registration out of internal work_list\n (bsc#1108870).\n - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1086327,).\n - scsi: qla2xxx: Reduce holding sess_lock to prevent CPU lock-up\n (bsc#1108870).\n - scsi: qla2xxx: Reject bsg request if chip is down (bsc#1108870).\n - scsi: qla2xxx: Remove all rports if fabric scan retry fails\n (bsc#1108870).\n - scsi: qla2xxx: Remove ASYNC GIDPN switch command (bsc#1108870).\n - scsi: qla2xxx: Remove redundant check for fcport deletion (bsc#1108870).\n - scsi: qla2xxx: Remove stale ADISC_DONE event (bsc#1108870).\n - scsi: qla2xxx: Remove stale debug trace message from tcm_qla2xxx\n (bsc#1108870).\n - scsi: qla2xxx: Save frame payload size from ICB (bsc#1086327,).\n - scsi: qla2xxx: Serialize mailbox request (bsc#1108870).\n - scsi: qla2xxx: shutdown chip if reset fail (bsc#1108870).\n - scsi: qla2xxx: Silent erroneous message (bsc#1086327,).\n - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1086327,).\n - scsi: qla2xxx: Terminate Plogi/PRLI if WWN is 0 (bsc#1108870).\n - scsi: qla2xxx: Turn off IOCB timeout timer on IOCB completion\n (bsc#1108870).\n - scsi: qla2xxx: Update driver to version 10.00.00.09-k (bsc#1108870).\n - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1086327,).\n - scsi: qla2xxx: Update driver version to 10.00.00.10-k (bsc#1108870).\n - scsi: qla2xxx: Update driver version to 10.00.00.11-k (bsc#1108870).\n - scsi: qla2xxx: Update rscn_rcvd field to more meaningful scan_needed\n (bsc#1108870).\n - scsi: qla2xxx: Use correct qpair for ABTS/CMD (bsc#1108870).\n - security: check for kstrdup() failure in lsm_append() (bsc#1051510).\n - selftests/bpf: fix a typo in map in map test (bsc#1083647).\n - selftests/bpf/test_maps: exit child process without error in ENOMEM case\n (bsc#1083647).\n - serial: 8250: Do not service RX FIFO if interrupts are disabled\n (bsc#1051510).\n - serial: 8250_dw: Add ACPI support for uart on Broadcom SoC (bsc#1051510).\n - serial: 8250_dw: always set baud rate in dw8250_set_termios\n (bsc#1051510).\n - serial: core: mark port as initialized after successful IRQ change\n (bsc#1051510).\n - serial: enable spi in sc16is7xx driver References: bsc#1105672\n - serial: make sc16is7xx driver supported References: bsc#1105672\n - serial: pxa: Fix an error handling path in 'serial_pxa_probe()'\n (bsc#1051510).\n - serial: sh-sci: Stop RX FIFO timer during port shutdown (bsc#1051510).\n - serial: xuartps: fix typo in cdns_uart_startup (bsc#1051510).\n - series.conf: Sort automatic NUMA balancing related patch\n - slab: __GFP_ZERO is incompatible with a constructor (bnc#1107060).\n - smsc75xx: Check for Wake-on-LAN modes (bsc#1051510).\n - smsc95xx: Check for Wake-on-LAN modes (bsc#1051510).\n - spi: cadence: Change usleep_range() to udelay(), for atomic context\n (bsc#1051510).\n - spi: davinci: fix a NULL pointer dereference (bsc#1051510).\n - spi-nor: intel-spi: Fix number of protected range registers for BYT/LPT\n ().\n - spi: pxa2xx: Add support for Intel Ice Lake (bsc#1051510).\n - spi: spi-fsl-dspi: Fix imprecise abort on VF500 during probe\n (bsc#1051510).\n - sr9800: Check for supported Wake-on-LAN modes (bsc#1051510).\n - sr: get/drop reference to device in revalidate and check_events\n (bsc#1109979).\n - staging: bcm2835-audio: Check if workqueue allocation failed ().\n - staging: bcm2835-audio: constify snd_pcm_ops structures ().\n - staging: bcm2835-audio: Deliver indirect-PCM transfer error ().\n - staging: bcm2835-audio: Disconnect and free vchi_instance on\n module_exit() ().\n - staging: bcm2835-audio: Do not leak workqueue if open fails ().\n - staging: bcm2835-audio: make snd_pcm_hardware const ().\n - staging: bcm2835-camera: fix timeout handling in\n wait_for_completion_timeout (bsc#1051510).\n - staging: bcm2835-camera: handle wait_for_completion_timeout return\n properly (bsc#1051510).\n - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice\n (bsc#1051510).\n - staging: lustre: disable preempt while sampling processor id\n (bsc#1051510).\n - staging: lustre: fix bug in osc_enter_cache_try (bsc#1051510).\n - staging: lustre: ldlm: free resource when ldlm_lock_create() fails\n (bsc#1051510).\n - staging: lustre: libcfs: fix test for libcfs_ioctl_hdr minimum size\n (bsc#1051510).\n - staging: lustre: libcfs: Prevent harmless read underflow (bsc#1051510).\n - staging: lustre: llite: correct removexattr detection (bsc#1051510).\n - staging: lustre: llite: initialize xattr-&gt;xe_namelen (bsc#1051510).\n - staging: lustre: lmv: correctly iput lmo_root (bsc#1051510).\n - staging: lustre: lov: use correct env in lov_io_data_version_end()\n (bsc#1051510).\n - staging: lustre: o2iblnd: Fix crash in kiblnd_handle_early_rxs()\n (bsc#1051510).\n - staging: lustre: o2iblnd: Fix FastReg map/unmap for MLX5 (bsc#1051510).\n - staging: lustre: o2iblnd: fix race at kiblnd_connect_peer (bsc#1051510).\n - staging: lustre: obdclass: return -EFAULT if copy_from_user() fails\n (bsc#1051510).\n - staging: lustre: obd_mount: use correct niduuid suffix (bsc#1051510).\n - staging: lustre: ptlrpc: kfree used instead of kvfree (bsc#1051510).\n - staging: lustre: remove invariant in cl_io_read_ahead() (bsc#1051510).\n - staging: lustre: statahead: remove incorrect test on agl_list_empty()\n (bsc#1051510).\n - staging: lustre: Use 'kvfree()' for memory allocated by 'kvzalloc()'\n (bsc#1051510).\n - staging: rts5208: fix missing error check on call to rtsx_write_register\n (bsc#1051510).\n - staging: vc04_services: bcm2835-audio: Add blank line after declaration\n ().\n - staging: vc04_services: bcm2835-audio: add SPDX identifiers ().\n - staging: vc04_services: bcm2835-audio: Change to unsigned int * ().\n - staging: vc04_services: bcm2835-audio Format multiline comment ().\n - staging: vc04_services: bcm2835-audio: remove redundant license text ().\n - staging: vc04_services: Fix platform_no_drv_owner.cocci warnings ().\n - staging: vc04_services: please do not use multiple blank lines ().\n - stmmac: fix DMA channel hang in half-duplex mode\n (networking-stable-18_07_19).\n - string: drop __must_check from strscpy() and restore strscpy() usages in\n cgroup (bsc#1051510).\n - strparser: Remove early eaten to fix full tcp receive buffer stall\n (networking-stable-18_07_19).\n - sunxi-rsb: Include OF based modalias in device uevent (bsc#1051510).\n - sys: do not hold uts_sem while accessing userspace memory (bnc#1106995).\n - target_core_rbd: break up free_device callback (bsc#1105524).\n - target_core_rbd: use RCU in free_device (bsc#1105524).\n - tcp: add max_quickacks param to tcp_incr_quickack and\n tcp_enter_quickack_mode (netfilter-stable-18_08_01).\n - tcp: add one more quick ack after after ECN events\n (netfilter-stable-18_08_01).\n - tcp_bbr: fix bw probing to raise in-flight data for very small BDPs\n (netfilter-stable-18_08_01).\n - tcp: do not aggressively quick ack after ECN events\n (netfilter-stable-18_08_01).\n - tcp: do not cancel delay-AcK on DCTCP special ACK\n (netfilter-stable-18_07_27).\n - tcp: do not delay ACK in DCTCP upon CE status change\n (netfilter-stable-18_07_27).\n - tcp: do not force quickack when receiving out-of-order packets\n (netfilter-stable-18_08_01).\n - tcp: fix dctcp delayed ACK schedule (netfilter-stable-18_07_27).\n - tcp: fix Fast Open key endianness (networking-stable-18_07_19).\n - tcp: helpers to send special DCTCP ack (netfilter-stable-18_07_27).\n - tcp: prevent bogus FRTO undos with non-SACK flows\n (networking-stable-18_07_19).\n - tcp: refactor tcp_ecn_check_ce to remove sk type cast\n (netfilter-stable-18_08_01).\n - tg3: Add higher cpu clock for 5762 (netfilter-stable-18_07_23).\n - thermal_hwmon: Pass the originating device down to\n hwmon_device_register_with_info (bsc#1103363).\n - thermal_hwmon: Sanitize attribute name passed to hwmon (bsc#1103363).\n - thermal: thermal_hwmon: Convert to hwmon_device_register_with_info()\n (bsc#1103363).\n - ti: ethernet: cpdma: Use correct format for genpool_* (bsc#1051510).\n - tools/power turbostat: fix -S on UP systems (bsc#1051510).\n - tools/power turbostat: Read extended processor family from CPUID\n (bsc#1051510).\n - tools: usb: ffs-test: Fix build on big endian systems (bsc#1051510).\n - tpm: cmd_ready command can be issued only after granting locality\n (bsc#1082555).\n - tpm: fix race condition in tpm_common_write() (bsc#1082555).\n - tpm: fix use after free in tpm2_load_context() (bsc#1082555).\n - tpm: Introduce flag TPM_TRANSMIT_RAW (bsc#1082555).\n - tpm: separate cmd_ready/go_idle from runtime_pm (bsc#1082555).\n - tpm: tpm_crb: relinquish locality on error path (bsc#1082555).\n - tpm: vtpm_proxy: Implement request_locality function (bsc#1082555).\n - tracepoint: Do not warn on ENOMEM (bsc#1051510).\n - tty: fix termios input-speed encoding (bsc#1051510).\n - tty: fix termios input-speed encoding when using BOTHER (bsc#1051510).\n - tty: serial: 8250: Revert NXP SC16C2552 workaround (bsc#1051510).\n - uart: fix race between uart_put_char() and uart_shutdown() (bsc#1051510).\n - ubifs: Check data node size before truncate (bsc#1051510).\n - ubifs: Fix directory size calculation for symlinks (bsc#1106230).\n - ubifs: Fix memory leak in lprobs self-check (bsc#1051510).\n - ubifs: Fix synced_i_size calculation for xattr inodes (bsc#1051510).\n - ubifs: xattr: Do not operate on deleted inodes (bsc#1051510).\n - udlfb: set optimal write delay (bsc#1051510).\n - udl-kms: avoid division (bsc#1051510).\n - udl-kms: change down_interruptible to down (bsc#1051510).\n - udl-kms: fix crash due to uninitialized memory (bsc#1051510).\n - udl-kms: handle allocation failure (bsc#1051510).\n - uio, lib: Fix CONFIG_ARCH_HAS_UACCESS_MCSAFE compilation (bsc#1098782).\n - uio: potential double frees if __uio_register_device() fails\n (bsc#1051510).\n - Update config files, make CRYPTO_CRCT10DIF_PCLMUL built-in (bsc#1105603).\n - Update\n patches.drivers/0016-arm64-vgic-v2-Fix-proxying-of-cpuif-access.patch\n (bsc#1106901, bsc#1107265).\n - Update\n patches.fixes/4.4.139-043-powerpc-mm-hash-Add-missing-isync-prior-to-ke.pat\n ch (bnc#1012382, bsc#1094244).\n - Update patch tag of dmi fix (bsc#1105597) Also moved to the sorted\n section.\n - Update patch tags of recent security fixes (bsc#1106426)\n - uprobes: Use synchronize_rcu() not synchronize_sched() (bsc#1051510).\n - uprobes/x86: Remove incorrect WARN_ON() in uprobe_init_insn()\n (bsc#1051510).\n - usb: cdc-wdm: do not enable interrupts in USB-giveback (bsc#1051510).\n - usb: Do not die twice if PCI xhci host is not responding in resume\n (bsc#1051510).\n - usb: dwc2: fix isoc split in transfer with no data (bsc#1051510).\n - usb: dwc2: gadget: Fix issue in dwc2_gadget_start_isoc() (bsc#1051510).\n - usb: dwc3: change stream event enable bit back to 13 (bsc#1051510).\n - usb: dwc3: pci: add support for Intel IceLake (bsc#1051510).\n - usb: gadget: composite: fix delayed_status race condition when\n set_interface (bsc#1051510).\n - usb: gadget: dwc2: fix memory leak in gadget_init() (bsc#1051510).\n - usb: gadget: r8a66597: Fix a possible sleep-in-atomic-context bugs in\n r8a66597_queue() (bsc#1051510).\n - usb: gadget: r8a66597: Fix two possible sleep-in-atomic-context bugs in\n init_controller() (bsc#1051510).\n - usb: gadget: udc: renesas_usb3: fix maxpacket size of ep0 (bsc#1051510).\n - usb: net2280: Fix erroneous synchronization change (bsc#1051510).\n - usb: option: add support for DW5821e (bsc#1051510).\n - usb/phy: fix PPC64 build errors in phy-fsl-usb.c (bsc#1051510).\n - usb: serial: io_ti: fix array underflow in completion handler\n (bsc#1051510).\n - usb: serial: kobil_sct: fix modem-status error handling (bsc#1051510).\n - usb: serial: pl2303: add a new device id for ATEN (bsc#1051510).\n - usb: serial: sierra: fix potential deadlock at close (bsc#1051510).\n - usb: serial: ti_usb_3410_5052: fix array underflow in completion handler\n (bsc#1051510).\n - usb: xhci: increase CRS timeout value (bsc#1051510).\n - userns: move user access out of the mutex (bsc#1051510).\n - vfio/pci: Virtualize Maximum Payload Size (bsc#1051510).\n - vfio/pci: Virtualize Maximum Read Request Size (bsc#1051510).\n - vfio/type1: Fix task tracking for QEMU vCPU hotplug (bsc#1051510).\n - vfs: do not test owner for NFS in set_posix_acl() (bsc#1103405).\n - vhost: correctly check the iova range when waking virtqueue\n (bsc#1051510).\n - vhost: do not try to access device IOTLB when not initialized\n (bsc#1051510).\n - vhost_net: validate sock before trying to put its fd\n (networking-stable-18_07_19).\n - vhost: reset metadata cache when initializing new IOTLB\n (netfilter-stable-18_08_17).\n - vhost: use mutex_lock_nested() in vhost_dev_lock_vqs() (bsc#1051510).\n - video: fbdev: pxafb: clear allocated memory for video modes\n (bsc#1051510).\n - video: goldfishfb: fix memory leak on driver remove (bsc#1051510).\n - vmci: type promotion bug in qp_host_get_user_memory() (bsc#1105355).\n - vmw_balloon: do not use 2MB without batching (bsc#1051510).\n - vmw_balloon: fix inflation of 64-bit GFNs (bsc#1051510).\n - vmw_balloon: fix VMCI use when balloon built into kernel (bsc#1051510).\n - vmw_balloon: remove inflation rate limiting (bsc#1051510).\n - vmw_balloon: VMCI_DOORBELL_SET does not check status (bsc#1051510).\n - VSOCK: fix loopback on big-endian systems (networking-stable-18_07_19).\n - vsock: split dwork to avoid reinitializations\n (netfilter-stable-18_08_17).\n - vxlan: add new fdb alloc and create helpers (netfilter-stable-18_07_27).\n - vxlan: fix default fdb entry netlink notify ordering during netdev\n create (netfilter-stable-18_07_27).\n - vxlan: make netlink notify in vxlan_fdb_destroy optional\n (netfilter-stable-18_07_27).\n - wan/fsl_ucc_hdlc: use IS_ERR_VALUE() to check return value of\n qe_muram_alloc (bsc#1051510).\n - watchdog: Mark watchdog touch functions as notrace (git-fixes).\n - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout()\n (bsc#1051510).\n - wlcore: Set rx_status boottime_ns field on rx (bsc#1051510).\n - Workaround kABI breakage by __must_check drop of strscpy() (bsc#1051510).\n - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump\n (bsc#1110006).\n - x86/apic: Split disable_IO_APIC() into two functions to fix\n CONFIG_KEXEC_JUMP=y (bsc#1110006).\n - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC()\n (bsc#1110006).\n - x86/apic/vector: Fix off by one in error path (bsc#1110006).\n - x86/asm/memcpy_mcsafe: Add labels for __memcpy_mcsafe() write fault\n handling (bsc#1098782).\n - x86/asm/memcpy_mcsafe: Add write-protection-fault handling (bsc#1098782).\n - x86/asm/memcpy_mcsafe: Define copy_to_iter_mcsafe() (bsc#1098782).\n - x86/asm/memcpy_mcsafe: Fix copy_to_user_mcsafe() exception handling\n (bsc#1098782).\n - x86/asm/memcpy_mcsafe: Provide original memcpy_mcsafe_unrolled\n (bsc#1098782).\n - x86/asm/memcpy_mcsafe: Remove loop unrolling (bsc#1098782).\n - x86/asm/memcpy_mcsafe: Return bytes remaining (bsc#1098782).\n - x86/boot: Fix kexec booting failure in the SEV bit detection code\n (bsc#1110301).\n - x86/build/64: Force the linker to use 2MB page size (bsc#1109603).\n - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available\n ().\n - x86/CPU: Modify detect_extended_topology() to return result ().\n - x86/dumpstack: Save first regs set for the executive summary\n (bsc#1110006).\n - x86/dumpstack: Unify show_regs() (bsc#1110006).\n - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).\n - x86/entry/64: Wipe KASAN stack shadow before rewind_stack_do_exit()\n (bsc#1110006).\n - x86/espfix/64: Fix espfix double-fault handling on 5-level systems\n (bsc#1110006).\n - x86/events/intel/ds: Fix bts_interrupt_threshold alignment (git-fixes\n c1961a4631da).\n - x86/idt: Load idt early in start_secondary (bsc#1110006).\n - x86/init: fix build with CONFIG_SWAP=n (bnc#1106121).\n - x86: irq_remapping: Move irq remapping mode enum ().\n - x86/kasan/64: Teach KASAN about the cpu_entry_area (kasan).\n - x86/kexec: Avoid double free_page() upon do_kexec_load() failure\n (bsc#1110006).\n - x86/kvm: fix LAPIC timer drift when guest uses periodic mode\n (bsc#1106240).\n - x86/mce: Fix set_mce_nospec() to avoid #GP fault (bsc#1107783).\n - x86/mce: Improve error message when kernel cannot recover (bsc#1110006).\n - x86/mce: Improve error message when kernel cannot recover (bsc#1110301).\n - x86/mcelog: Get rid of RCU remnants (git-fixes 5de97c9f6d85).\n - x86/memory_failure: Introduce {set, clear}_mce_nospec() (bsc#1107783).\n - x86-memory_failure-Introduce-set-clear-_mce_nospec.patch: Fixup\n compilation breakage on s390 and arm due to missing clear_mce_nospec().\n - x86/mm: Add TLB purge to free pmd/pte page interfaces (bsc#1110006).\n - x86/mm: Disable ioremap free page handling on x86-PAE (bsc#1110006).\n - x86/mm: Drop TS_COMPAT on 64-bit exec() syscall (bsc#1110006).\n - x86/mm: Expand static page table for fixmap space (bsc#1110006).\n - x86/mm: Fix ELF_ET_DYN_BASE for 5-level paging (bsc#1110006).\n - x86/mm: implement free pmd/pte page interfaces (bsc#1110006).\n - x86/mm/kasan: Do not use vmemmap_populate() to initialize shadow (kasan).\n - x86/mm/memory_hotplug: determine block size based on the end of boot\n memory (bsc#1108243).\n - x86/mm/pat: Prepare {reserve, free}_memtype() for &quot;decoy&quot; addresses\n (bsc#1107783).\n - x86/mm/tlb: Always use lazy TLB mode (bnc#1105467 Reduce IPIs and atomic\n ops with improved lazy TLB).\n - x86/mm/tlb: Leave lazy TLB mode at page table free time (bnc#1105467\n Reduce IPIs and atomic ops with improved lazy TLB).\n - x86/mm/tlb: Make lazy TLB mode lazier (bnc#1105467 Reduce IPIs and\n atomic ops with improved lazy TLB).\n - x86/mm/tlb: Only send page table free TLB flush to lazy TLB CPUs\n (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB).\n - x86/mm/tlb: Restructure switch_mm_irqs_off() (bnc#1105467 Reduce IPIs\n and atomic ops with improved lazy TLB).\n - x86/mm/tlb: Skip atomic operations for 'init_mm' in switch_mm_irqs_off()\n (bnc#1105467 Reduce IPIs and atomic ops with improved lazy TLB).\n - x86/mpx: Do not allow MPX if we have mappings above 47-bit (bsc#1110006).\n - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006).\n - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110301).\n - x86/paravirt: Fix spectre-v2 mitigations for paravirt guests\n (bnc#1065600).\n - x86/pci: Make broadcom_postcore_init() check acpi_disabled (bsc#1110006).\n - x86/pkeys: Do not special case protection key 0 (bsc#1110006).\n - x86/pkeys: Override pkey when moving away from PROT_EXEC (bsc#1110006).\n - x86/platform/UV: Add adjustable set memory block size function\n (bsc#1108243).\n - x86/platform/UV: Add kernel parameter to set memory block size\n (bsc#1108243).\n - x86/platform/UV: Mark memblock related init code and data correctly\n (bsc#1108243).\n - x86/platform/UV: Use new set memory block size function (bsc#1108243).\n - x86/process: Do not mix user/kernel regs in 64bit __show_regs()\n (bsc#1110006).\n - x86/process: Re-export start_thread() (bsc#1110006).\n - x86/spectre: Add missing family 6 check to microcode check (git-fixes\n a5b296636453).\n - x86/speculation/l1tf: Fix off-by-one error when warning that system has\n too much RAM (bnc#1105536).\n - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+\n (bnc#1105536).\n - x86/speculation/l1tf: Suggest what to do on systems with too much RAM\n (bnc#1105536).\n - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry\n (bsc#1106369).\n - x86/vdso: Fix lsl operand order (bsc#1110006).\n - x86/vdso: Fix lsl operand order (bsc#1110301).\n - x86/vdso: Fix vDSO build if a retpoline is emitted (git-fixes\n 76b043848fd2).\n - x86/xen: Add call of speculative_store_bypass_ht_init() to PV paths\n (bnc#1065600).\n - x86/xen/efi: Initialize only the EFI struct members used by Xen\n (bnc#1107945).\n - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).\n - xen/blkback: do not keep persistent grants too long (bsc#1085042).\n - xen/blkback: move persistent grants flags to bool (bsc#1085042).\n - xen/blkback: remove unused pers_gnts_lock from struct (bsc#1085042).\n - xen/blkfront: cleanup stale persistent grants (bsc#1085042).\n - xen/blkfront: reorder tests in xlblk_init() (bsc#1085042).\n - xenbus: track caller request id (bnc#1065600).\n - xen: issue warning message when out of grant maptrack entries\n (bsc#1105795).\n - xen-netfront-dont-bug-in-case-of-too-many-frags.patch: (bnc#1104824).\n - xen-netfront: fix queue name setting (bnc#1065600).\n - xen-netfront: fix warn message as irq device name has '/' (bnc#1065600).\n - xen: xenbus_dev_frontend: Fix XS_TRANSACTION_END handling (bnc#1065600).\n - xen: xenbus_dev_frontend: Really return response string (bnc#1065600).\n - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344).\n - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space\n (bsc#1095344).\n - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).\n - xfs: add a xfs_iext_update_extent helper (bsc#1095344).\n - xfs: add comments documenting the rebalance algorithm (bsc#1095344).\n - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node\n (bsc#1095344).\n - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all\n (bsc#1095344).\n - xfs, dax: introduce xfs_dax_aops (bsc#1104888).\n - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: do not rely on extent indices in xfs_bmap_collapse_extents\n (bsc#1095344).\n - xfs: do not rely on extent indices in xfs_bmap_insert_extents\n (bsc#1095344).\n - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344).\n - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344).\n - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344).\n - xfs: Fix per-inode DAX flag inheritance (Git-fixes bsc#1109511).\n - xfs: fix type usage (bsc#1095344).\n - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344).\n - xfs: inline xfs_shift_file_space into callers (bsc#1095344).\n - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344).\n - xfs: iterate backwards in xfs_reflink_cancel_cow_blocks (bsc#1095344).\n - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344).\n - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344).\n - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real\n (bsc#1095344).\n - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344).\n - xfs: move pre/post-bmap tracing into xfs_iext_update_extent\n (bsc#1095344).\n - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344).\n - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344).\n - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344).\n - xfs: move xfs_iext_insert tracepoint to report useful information\n (bsc#1095344).\n - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344).\n - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344).\n - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344).\n - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344).\n - xfs: preserve i_rdev when recycling a reclaimable inode (bsc#1095344).\n - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344).\n - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344).\n - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344).\n - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344).\n - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344).\n - xfs: refactor xfs_del_extent_real (bsc#1095344).\n - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all\n (bsc#1095344).\n - xfs: remove a superflous assignment in xfs_iext_remove_node\n (bsc#1095344).\n - xfs: Remove dead code from inode recover function (bsc#1105396).\n - xfs: remove if_rdev (bsc#1095344).\n - xfs: remove post-bmap tracing in xfs_bmap_local_to_extents (bsc#1095344).\n - xfs: remove support for inlining data/extents into the inode fork\n (bsc#1095344).\n - xfs: remove the never fully implemented UUID fork format (bsc#1095344).\n - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344).\n - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344).\n - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).\n - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).\n - xfs: remove xfs_bmbt_get_state (bsc#1095344).\n - xfs: remove xfs_bmse_shift_one (bsc#1095344).\n - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).\n - xfs: repair malformed inode items during log recovery (bsc#1105396).\n - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344).\n - xfs: replace xfs_qm_get_rtblks with a direct call to\n xfs_bmap_count_leaves (bsc#1095344).\n - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344).\n - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent\n (bsc#1095344).\n - xfs: rewrite xfs_bmap_first_unused to make better use of\n xfs_iext_get_extent (bsc#1095344).\n - xfs: simplify the xfs_getbmap interface (bsc#1095344).\n - xfs: simplify xfs_reflink_convert_cow (bsc#1095344).\n - xfs: split xfs_bmap_shift_extents (bsc#1095344).\n - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344).\n - xfs: trivial indentation fixup for xfs_iext_remove_node (bsc#1095344).\n - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344).\n - xfs: use a b+tree for the in-core extent list (bsc#1095344).\n - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay}\n (bsc#1095344).\n - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344).\n - xfs: use xfs_bmap_del_extent_delay for the data fork as well\n (bsc#1095344).\n - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents\n (bsc#1095344).\n - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at\n (bsc#1095344).\n - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344).\n - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344).\n - xhci: Fix perceived dead host due to runtime suspend race with event\n handler (bsc#1051510).\n - xhci: Fix use after free for URB cancellation on a reallocated endpoint\n (bsc#1051510).\n - zram: fix null dereference of handle (bsc#1105355).\n\n", "edition": 1, "modified": "2018-10-08T15:09:43", "published": "2018-10-08T15:09:43", "id": "OPENSUSE-SU-2018:3071-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00020.html", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "debian": [{"lastseen": "2021-02-02T13:26:02", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14609", "CVE-2018-7755", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-13099", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-9363", "CVE-2018-16276", "CVE-2018-14617", "CVE-2018-16658", "CVE-2018-14678", "CVE-2018-14633", "CVE-2018-9516", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-15572", "CVE-2018-6554"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4308-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363\n CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099\n CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678\n CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276\n CVE-2018-16658 CVE-2018-17182\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\n\n A memory leak in the irda_bind function in the irda subsystem was\n discovered. A local user can take advantage of this flaw to cause a\n denial of service (memory consumption).\n\nCVE-2018-6555\n\n A flaw was discovered in the irda_setsockopt function in the irda\n subsystem, allowing a local user to cause a denial of service\n (use-after-free and system crash).\n\nCVE-2018-7755\n\n Brian Belleville discovered a flaw in the fd_locked_ioctl function\n in the floppy driver in the Linux kernel. The floppy driver copies a\n kernel pointer to user memory in response to the FDGETPRM ioctl. A\n local user with access to a floppy drive device can take advantage\n of this flaw to discover the location kernel code and data.\n\nCVE-2018-9363\n\n It was discovered that the Bluetooth HIDP implementation did not\n correctly check the length of received report messages. A paired\n HIDP device could use this to cause a buffer overflow, leading to\n denial of service (memory corruption or crash) or potentially\n remote code execution.\n\nCVE-2018-9516\n\n It was discovered that the HID events interface in debugfs did not\n correctly limit the length of copies to user buffers. A local\n user with access to these files could use this to cause a\n denial of service (memory corruption or crash) or possibly for\n privilege escalation. However, by default debugfs is only\n accessible by the root user.\n\nCVE-2018-10902\n\n It was discovered that the rawmidi kernel driver does not protect\n against concurrent access which leads to a double-realloc (double\n free) flaw. A local attacker can take advantage of this issue for\n privilege escalation.\n\nCVE-2018-10938\n\n Yves Younan from Cisco reported that the Cipso IPv4 module did not\n correctly check the length of IPv4 options. On custom kernels with\n CONFIG_NETLABEL enabled, a remote attacker could use this to cause\n a denial of service (hang).\n\nCVE-2018-13099\n\n Wen Xu from SSLab at Gatech reported a use-after-free bug in the\n F2FS implementation. An attacker able to mount a crafted F2FS\n volume could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2018-14609\n\n Wen Xu from SSLab at Gatech reported a potential null pointer\n dereference in the F2FS implementation. An attacker able to mount\n a crafted F2FS volume could use this to cause a denial of service\n (crash).\n\nCVE-2018-14617\n\n Wen Xu from SSLab at Gatech reported a potential null pointer\n dereference in the HFS+ implementation. An attacker able to mount\n a crafted HFS+ volume could use this to cause a denial of service\n (crash).\n\nCVE-2018-14633\n\n Vincent Pelletier discovered a stack-based buffer overflow flaw in\n the chap_server_compute_md5() function in the iSCSI target code. An\n unauthenticated remote attacker can take advantage of this flaw to\n cause a denial of service or possibly to get a non-authorized access\n to data exported by an iSCSI target.\n\nCVE-2018-14678\n\n M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the\n kernel exit code used on amd64 systems running as Xen PV guests.\n A local user could use this to cause a denial of service (crash).\n\nCVE-2018-14734\n\n A use-after-free bug was discovered in the InfiniBand\n communication manager. A local user could use this to cause a\n denial of service (crash or memory corruption) or possible for\n privilege escalation.\n\nCVE-2018-15572\n\n Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and\n Nael Abu-Ghazaleh, from University of California, Riverside,\n reported a variant of Spectre variant 2, dubbed SpectreRSB. A\n local user may be able to use this to read sensitive information\n from processes owned by other users.\n\nCVE-2018-15594\n\n Nadav Amit reported that some indirect function calls used in\n paravirtualised guests were vulnerable to Spectre variant 2. A\n local user may be able to use this to read sensitive information\n from the kernel.\n\nCVE-2018-16276\n\n Jann Horn discovered that the yurex driver did not correctly limit\n the length of copies to user buffers. A local user with access to\n a yurex device node could use this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2018-16658\n\n It was discovered that the cdrom driver does not correctly\n validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user\n with access to a cdrom device could use this to read sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\nCVE-2018-17182\n\n Jann Horn discovered that the vmacache_flush_all function mishandles\n sequence number overflows. A local user can take advantage of this\n flaw to trigger a use-after-free, causing a denial of service\n (crash or memory corruption) or privilege escalation.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.110-3+deb9u5.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 22, "modified": "2018-10-01T15:21:51", "published": "2018-10-01T15:21:51", "id": "DEBIAN:DSA-4308-1:D561A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00239.html", "title": "[SECURITY] [DSA 4308-1] linux security update", "type": "debian", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-08-12T00:56:50", "bulletinFamily": "unix", "cvelist": ["CVE-2018-14609", "CVE-2018-7755", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-13099", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-9363", "CVE-2018-16276", "CVE-2018-14617", "CVE-2018-16658", "CVE-2018-14678", "CVE-2018-14633", "CVE-2018-9516", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-15572", "CVE-2018-6554"], "description": "Package : linux-4.9\nVersion : 4.9.110-3+deb9u5~deb8u1\nCVE ID : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363 \n CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099 \n CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678 \n CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 \n CVE-2018-16658 CVE-2018-17182\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\n\n A memory leak in the irda_bind function in the irda subsystem was\n discovered. A local user can take advantage of this flaw to cause a\n denial of service (memory consumption).\n\nCVE-2018-6555\n\n A flaw was discovered in the irda_setsockopt function in the irda\n subsystem, allowing a local user to cause a denial of service\n (use-after-free and system crash).\n\nCVE-2018-7755\n\n Brian Belleville discovered a flaw in the fd_locked_ioctl function\n in the floppy driver in the Linux kernel. The floppy driver copies a\n kernel pointer to user memory in response to the FDGETPRM ioctl. A\n local user with access to a floppy drive device can take advantage\n of this flaw to discover the location kernel code and data.\n\nCVE-2018-9363\n\n It was discovered that the Bluetooth HIDP implementation did not\n correctly check the length of received report messages. A paired\n HIDP device could use this to cause a buffer overflow, leading to\n denial of service (memory corruption or crash) or potentially\n remote code execution.\n\nCVE-2018-9516\n\n It was discovered that the HID events interface in debugfs did not\n correctly limit the length of copies to user buffers. A local\n user with access to these files could use this to cause a\n denial of service (memory corruption or crash) or possibly for\n privilege escalation. However, by default debugfs is only\n accessible by the root user.\n\nCVE-2018-10902\n\n It was discovered that the rawmidi kernel driver does not protect\n against concurrent access which leads to a double-realloc (double\n free) flaw. A local attacker can take advantage of this issue for\n privilege escalation.\n\nCVE-2018-10938\n\n Yves Younan from Cisco reported that the Cipso IPv4 module did not\n correctly check the length of IPv4 options. On custom kernels with\n CONFIG_NETLABEL enabled, a remote attacker could use this to cause\n a denial of service (hang).\n\nCVE-2018-13099\n\n Wen Xu from SSLab at Gatech reported a use-after-free bug in the\n F2FS implementation. An attacker able to mount a crafted F2FS\n volume could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2018-14609\n\n Wen Xu from SSLab at Gatech reported a potential null pointer\n dereference in the F2FS implementation. An attacker able to mount\n arbitrary F2FS volumes could use this to cause a denial of service\n (crash).\n\nCVE-2018-14617\n\n Wen Xu from SSLab at Gatech reported a potential null pointer\n dereference in the HFS+ implementation. An attacker able to mount\n arbitrary HFS+ volumes could use this to cause a denial of service\n (crash).\n\nCVE-2018-14633\n\n Vincent Pelletier discovered a stack-based buffer overflow flaw in\n the chap_server_compute_md5() function in the iSCSI target code. An\n unauthenticated remote attacker can take advantage of this flaw to\n cause a denial of service or possibly to get a non-authorized access\n to data exported by an iSCSI target.\n\nCVE-2018-14678\n\n M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the\n kernel exit code used on amd64 systems running as Xen PV guests.\n A local user could use this to cause a denial of service (crash).\n\nCVE-2018-14734\n\n A use-after-free bug was discovered in the InfiniBand\n communication manager. A local user could use this to cause a\n denial of service (crash or memory corruption) or possible for\n privilege escalation.\n\nCVE-2018-15572\n\n Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and\n Nael Abu-Ghazaleh, from University of California, Riverside,\n reported a variant of Spectre variant 2, dubbed SpectreRSB. A\n local user may be able to use this to read sensitive information\n from processes owned by other users.\n\nCVE-2018-15594\n\n Nadav Amit reported that some indirect function calls used in\n paravirtualised guests were vulnerable to Spectre variant 2. A\n local user may be able to use this to read sensitive information\n from the kernel.\n\nCVE-2018-16276\n\n Jann Horn discovered that the yurex driver did not correctly limit\n the length of copies to user buffers. A local user with access to\n a yurex device node could use this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2018-16658\n\n It was discovered that the cdrom driver does not correctly\n validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user\n with access to a cdrom device could use this to read sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\nCVE-2018-17182\n\n Jann Horn discovered that the vmacache_flush_all function mishandles\n sequence number overflows. A local user can take advantage of this\n flaw to trigger a use-after-free, causing a denial of service\n (crash or memory corruption) or privilege escalation.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n4.9.110-3+deb9u5~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 13, "modified": "2018-10-03T23:59:50", "published": "2018-10-03T23:59:50", "id": "DEBIAN:DLA-1531-1:834CC", "href": "https://lists.debian.org/debian-lts-announce/2018/debian-lts-announce-201810/msg00003.html", "title": "[SECURITY] [DLA 1531-1] linux-4.9 security update", "type": "debian", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}]}