{"id": "THN:BA222372B6AB74B52D2725F520DA39EA", "type": "thn", "bulletinFamily": "info", "title": "New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems", "description": "[](<https://thehackernews.com/images/-ViNVf2CXqFI/YGG42r2XQyI/AAAAAAAACH4/gWteEPHL4nUVWz1uFB2bHxFExFYYDy-6gCLcBGAsYHQ/s0/spectre-linux-vulnerability.jpg>)\n\nCybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as [Spectre](<https://thehackernews.com/2018/01/meltdown-spectre-patches.html>) and obtain sensitive information from kernel memory.\n\nDiscovered by [Piotr Krysiuk](<https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/spectre-bypass-linux-vulnerabilities>) of Symantec's Threat Hunter team, the flaws \u2014 tracked as CVE-2020-27170 and CVE-2020-27171 (CVSS scores: 5.5) \u2014 impact all Linux kernels prior to 5.11.8. Patches for the security issues were released on March 20, with Ubuntu, Debian, and Red Hat deploying fixes for the vulnerabilities in their respective Linux distributions.\n\nWhile [CVE-2020-27170](<https://nvd.nist.gov/vuln/detail/CVE-2020-27170>) can be abused to reveal content from any location within the kernel memory, [CVE-2020-27171](<https://nvd.nist.gov/vuln/detail/CVE-2020-27171>) can be used to retrieve data from a 4GB range of kernel memory.\n\nFirst documented in January 2018, [Spectre and Meltdown](<https://thehackernews.com/2018/01/meltdown-spectre-vulnerability.html>) take advantage of flaws in modern processors to [leak data](<https://www.trendmicro.com/en_us/research/18/a/speculation-risky-understanding-meltdown-spectre.html>) that are currently processed on the computer, thereby allowing a bad actor to bypass boundaries enforced by the hardware between two programs to get hold of cryptographic keys.\n\nPut differently, the two side-channel attacks permit malicious code to read memory that they would typically not have permission to. Even worse, the attacks could also be [launched remotely](<https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html>) via rogue websites running malicious JavaScript code.\n\nAlthough isolation countermeasures have been devised and browser vendors have incorporated defenses to offer protection against timing attacks by reducing the precision of time-measuring functions, the mitigations have been at an operating system level rather than a solution for the underlying issue.\n\nThe new vulnerabilities uncovered by Symantec aim to get around these mitigations in Linux by taking advantage of the kernel's support for extended Berkeley Packet Filters ([eBPF](<https://prototype-kernel.readthedocs.io/en/latest/bpf/>)) to extract the contents of the kernel memory.\n\n\"Unprivileged BPF programs running on affected systems could bypass the Spectre mitigations and execute speculatively out-of-bounds loads with no restrictions,\" Symantec said. \"This could then be abused to reveal contents of the memory via side-channels.\"\n\nSpecifically, the kernel (\"kernel/bpf/verifier.c\") was found to perform undesirable out-of-bounds speculation on pointer arithmetic, thus defeating fixes for Spectre and opening the door for side-channel attacks.\n\nIn a real-world scenario, unprivileged users could leverage these weaknesses to gain access to secrets from other users sharing the same vulnerable machine.\n\n\"The bugs could also potentially be exploited if a malicious actor was able to gain access to an exploitable machine via a prior step \u2014 such as downloading malware onto the machine to achieve remote access \u2014 this could then allow them to exploit these vulnerabilities to gain access to all user profiles on the machine,\" the researchers said.\n\nNews of the two flaws come weeks after Google published a [proof-of-concept](<https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html>) (PoC) code written in JavaScript to demonstrate Spectre in a web browser and leak data at a speed of 1 kilobyte per second (kB/s) when running on Chrome 88 on an Intel Skylake CPU.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "published": "2021-03-29T11:27:00", "modified": "2021-03-29T11:49:07", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://thehackernews.com/2021/03/new-bugs-could-let-hackers-bypass.html", "reporter": "The Hacker News", "references": [], "cvelist": ["CVE-2020-27170", "CVE-2020-27171"], "lastseen": "2021-03-29T12:32:51", "viewCount": 44, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-27171", "CVE-2020-27170"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:8E671DB66CC777A32FC96E6B964ACEAC"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2021-9140.NASL", "OPENSUSE-2021-532.NASL", "DEBIAN_DLA-2610.NASL", "PHOTONOS_PHSA-2021-4_0-0007_LINUX.NASL", "ORACLELINUX_ELSA-2021-9141.NASL", "FEDORA_2021-E49DA8A226.NASL", "SUSE_SU-2021-1175-1.NASL", "UBUNTU_USN-4887-1.NASL", "FEDORA_2021-9503FFFAD9.NASL", "UBUNTU_USN-4890-1.NASL"]}, {"type": "ubuntu", "idList": ["USN-4890-1", "USN-4887-1"]}, {"type": "fedora", "idList": ["FEDORA:73E1630A20AB", "FEDORA:8FD383176A9C", "FEDORA:C1626307261A"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9140", "ELSA-2021-9141"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2610-1:A54F6"]}], "modified": "2021-03-29T12:32:51", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-03-29T12:32:51", "rev": 2}, "vulnersScore": 4.7}, "immutableFields": []}

{"cve": [{"lastseen": "2021-04-08T13:32:16", "description": "An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.", "edition": 9, "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.0, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-03-20T22:15:00", "title": "CVE-2020-27171", "type": "cve", "cwe": ["CWE-193"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27171"], "modified": "2021-04-08T00:15:00", "cpe": ["cpe:/o:fedoraproject:fedora:34", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2020-27171", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27171", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-08T13:32:16", "description": "An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.", "edition": 8, "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.7, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-03-20T22:15:00", "title": "CVE-2020-27170", "type": "cve", "cwe": ["CWE-203"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27170"], "modified": "2021-04-08T00:15:00", "cpe": ["cpe:/o:fedoraproject:fedora:34", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33"], "id": "CVE-2020-27170", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27170", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"]}], "cloudfoundry": [{"lastseen": "2021-04-14T22:30:09", "bulletinFamily": "software", "cvelist": ["CVE-2020-27170", "CVE-2020-27171"], "description": "## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nPiotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27171)\n\nPiotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2020-27170)\n\nCVEs contained in this USN include: CVE-2020-27170, CVE-2020-27171.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Xenial Stemcells \n * 456.x versions prior to 456.154\n * 621.x versions prior to 621.117\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 456.x versions to 456.154 or greater\n * Upgrade 621.x versions to 621.117 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4890-1/>)\n * [CVE-2020-27170](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27170>)\n * [CVE-2020-27171](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-27171>)\n\n## History\n\n2021-04-14: Initial vulnerability report published.\n", "edition": 1, "modified": "2021-04-14T00:00:00", "published": "2021-04-14T00:00:00", "id": "CFOUNDRY:8E671DB66CC777A32FC96E6B964ACEAC", "href": "https://www.cloudfoundry.org/blog/usn-4890-1/", "title": "USN-4890-1: Linux kernel vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}], "ubuntu": [{"lastseen": "2021-04-07T12:56:21", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27170", "CVE-2020-27171"], "description": "Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not \nproperly compute a speculative execution limit on pointer arithmetic in \nsome situations. A local attacker could use this to expose sensitive \ninformation (kernel memory). (CVE-2020-27171)\n\nPiotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not \nproperly apply speculative execution limits on some pointer types. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-27170)", "edition": 5, "modified": "2021-03-29T00:00:00", "published": "2021-03-29T00:00:00", "id": "USN-4890-1", "href": "https://ubuntu.com/security/notices/USN-4890-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-03-24T01:39:40", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363", "CVE-2021-3444", "CVE-2020-27170", "CVE-2020-27171"], "description": "De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux \nkernel did not properly handle mod32 destination register truncation when \nthe source register was known to be 0. A local attacker could use this to \nexpose sensitive information (kernel memory) or possibly execute arbitrary \ncode. (CVE-2021-3444)\n\nAdam Nichols discovered that heap overflows existed in the iSCSI subsystem \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2021-27365)\n\nPiotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not \nproperly compute a speculative execution limit on pointer arithmetic in \nsome situations. A local attacker could use this to expose sensitive \ninformation (kernel memory). (CVE-2020-27171)\n\nPiotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not \nproperly apply speculative execution limits on some pointer types. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-27170)\n\nAdam Nichols discovered that the iSCSI subsystem in the Linux kernel did \nnot properly restrict access to iSCSI transport handles. A local attacker \ncould use this to cause a denial of service or expose sensitive information \n(kernel pointer addresses). (CVE-2021-27363)\n\nAdam Nichols discovered that an out-of-bounds read existed in the iSCSI \nsubsystem in the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash) or expose sensitive information (kernel \nmemory). (CVE-2021-27364)", "edition": 1, "modified": "2021-03-23T00:00:00", "published": "2021-03-23T00:00:00", "id": "USN-4887-1", "href": "https://ubuntu.com/security/notices/USN-4887-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-04-08T21:19:06", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4890-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 4, "cvss3": {"score": 6.0, "vector": "AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H"}, "published": "2021-03-25T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4890-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27170", "CVE-2020-27171"], "modified": "2021-03-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1088-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1068-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1111-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-dell300x", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1015-dell300x", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-140-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1099-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-140-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1096-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-140-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-4890-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148108", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4890-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148108);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/07\");\n\n script_cve_id(\"CVE-2020-27170\", \"CVE-2020-27171\");\n script_xref(name:\"USN\", value:\"4890-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4890-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4890-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4890-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27171\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1015-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1068-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1088-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1096-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1097-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1099-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1111-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-140-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-140-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-140-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-dell300x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-27170', 'CVE-2020-27171');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4890-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1068-oracle', 'pkgver': '4.15.0-1068.76~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1096-gcp', 'pkgver': '4.15.0-1096.109~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1097-aws', 'pkgver': '4.15.0-1097.104~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1111-azure', 'pkgver': '4.15.0-1111.123~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-140-generic', 'pkgver': '4.15.0-140.144~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-140-generic-lpae', 'pkgver': '4.15.0-140.144~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-140-lowlatency', 'pkgver': '4.15.0-140.144~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-aws-hwe', 'pkgver': '4.15.0.1097.90'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure', 'pkgver': '4.15.0.1111.102'},\n {'osver': '16.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '4.15.0.1111.102'},\n {'osver': '16.04', 'pkgname': 'linux-image-gcp', 'pkgver': '4.15.0.1096.97'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.140.135'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.140.135'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.140.135'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.140.135'},\n {'osver': '16.04', 'pkgname': 'linux-image-gke', 'pkgver': '4.15.0.1096.97'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.140.135'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.140.135'},\n {'osver': '16.04', 'pkgname': 'linux-image-oem', 'pkgver': '4.15.0.140.135'},\n {'osver': '16.04', 'pkgname': 'linux-image-oracle', 'pkgver': '4.15.0.1068.56'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.140.135'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.140.135'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1015-dell300x', 'pkgver': '4.15.0-1015.19'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1068-oracle', 'pkgver': '4.15.0-1068.76'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1088-kvm', 'pkgver': '4.15.0-1088.90'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1096-gcp', 'pkgver': '4.15.0-1096.109'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1097-aws', 'pkgver': '4.15.0-1097.104'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1099-snapdragon', 'pkgver': '4.15.0-1099.108'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1111-azure', 'pkgver': '4.15.0-1111.123'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-140-generic', 'pkgver': '4.15.0-140.144'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-140-generic-lpae', 'pkgver': '4.15.0-140.144'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-140-lowlatency', 'pkgver': '4.15.0-140.144'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-lts-18.04', 'pkgver': '4.15.0.1097.100'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-lts-18.04', 'pkgver': '4.15.0.1111.84'},\n {'osver': '18.04', 'pkgname': 'linux-image-dell300x', 'pkgver': '4.15.0.1015.17'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-lts-18.04', 'pkgver': '4.15.0.1096.114'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-kvm', 'pkgver': '4.15.0.1088.84'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-lts-18.04', 'pkgver': '4.15.0.1068.78'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon', 'pkgver': '4.15.0.1099.102'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.140.127'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.140.127'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-4.15.0-1015-dell300x / linux-image-4.15.0-1068-oracle / etc');\n}", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-04-13T07:58:09", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-e49da8a226 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 5, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2021-03-24T00:00:00", "title": "Fedora 33 : kernel (2021-e49da8a226)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27170", "CVE-2021-28950", "CVE-2020-27171"], "modified": "2021-03-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2021-E49DA8A226.NASL", "href": "https://www.tenable.com/plugins/nessus/148051", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-e49da8a226\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148051);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2021-28950\");\n script_xref(name:\"FEDORA\", value:\"2021-e49da8a226\");\n\n script_name(english:\"Fedora 33 : kernel (2021-e49da8a226)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-e49da8a226 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-e49da8a226\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27171\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-27170', 'CVE-2020-27171', 'CVE-2021-28950');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-e49da8a226');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-5.11.8-200.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-25T15:23:53", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4887-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when\n the source register was known to be 0. A local attacker with the ability to load bpf programs could use\n this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and\n possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in\n the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and\n in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. (CVE-2021-3444)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-24T00:00:00", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4887-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363", "CVE-2021-3444", "CVE-2020-27170", "CVE-2020-27171"], "modified": "2021-03-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1019-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1026-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1024-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1022-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1027-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1032-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-70-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1038-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.10.0-1019-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1026-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1052-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-72-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-72-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-48-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-70-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-70-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.3", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1012-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1043-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1040-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1019-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1041-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1041-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-48-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-48-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-48-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1041-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-4887-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148034", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4887-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148034);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2021-3444\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n script_xref(name:\"USN\", value:\"4887-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : Linux kernel vulnerabilities (USN-4887-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-4887-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when\n the source register was known to be 0. A local attacker with the ability to load bpf programs could use\n this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and\n possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in\n the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and\n in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. (CVE-2021-3444)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4887-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.10.0-1019-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1038-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1041-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-72-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-72-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1012-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1032-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1039-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1040-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1041-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1041-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1043-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-70-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-70-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-70-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.6.0-1052-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1019-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1019-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1022-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1024-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1026-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1026-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1027-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-48-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-48-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-48-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-48-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04|20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-27170', 'CVE-2020-27171', 'CVE-2021-3444', 'CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4887-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '18.04', 'pkgname': 'linux-image-5.3.0-1038-raspi2', 'pkgver': '5.3.0-1038.40'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.3.0-1041-gke', 'pkgver': '5.3.0-1041.44'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.3.0-72-generic', 'pkgver': '5.3.0-72.68'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.3.0-72-lowlatency', 'pkgver': '5.3.0-72.68'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1012-gkeop', 'pkgver': '5.4.0-1012.13~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1032-raspi', 'pkgver': '5.4.0-1032.35~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1039-gke', 'pkgver': '5.4.0-1039.41~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1040-gcp', 'pkgver': '5.4.0-1040.43~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1041-aws', 'pkgver': '5.4.0-1041.43~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1041-oracle', 'pkgver': '5.4.0-1041.44~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1043-azure', 'pkgver': '5.4.0-1043.45~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-70-generic', 'pkgver': '5.4.0-70.78~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-70-generic-lpae', 'pkgver': '5.4.0-70.78~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-70-lowlatency', 'pkgver': '5.4.0-70.78~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1041.24'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.4.0.1041.24'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1043.23'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.4.0.1043.23'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1040.27'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1040.27'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.3', 'pkgver': '5.3.0.1041.24'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1039.41~18.04.6'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.3', 'pkgver': '5.3.0.72.129'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1012.13~18.04.13'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1041.44~18.04.23'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1041.44~18.04.23'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1032.34'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1032.34'},\n {'osver': '18.04', 'pkgname': 'linux-image-raspi2-hwe-18.04', 'pkgver': '5.3.0.1038.27'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.70.78~18.04.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.10.0-1019-oem', 'pkgver': '5.10.0-1019.20'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1012-gkeop', 'pkgver': '5.4.0-1012.13'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1032-raspi', 'pkgver': '5.4.0-1032.35'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1036-kvm', 'pkgver': '5.4.0-1036.37'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1040-gcp', 'pkgver': '5.4.0-1040.43'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1041-aws', 'pkgver': '5.4.0-1041.43'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1041-oracle', 'pkgver': '5.4.0-1041.44'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1043-azure', 'pkgver': '5.4.0-1043.45'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-70-generic', 'pkgver': '5.4.0-70.78'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-70-generic-lpae', 'pkgver': '5.4.0-70.78'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-70-lowlatency', 'pkgver': '5.4.0-70.78'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.6.0-1052-oem', 'pkgver': '5.6.0-1052.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-48-generic', 'pkgver': '5.8.0-48.54~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-48-generic-64k', 'pkgver': '5.8.0-48.54~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-48-generic-lpae', 'pkgver': '5.8.0-48.54~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.8.0-48-lowlatency', 'pkgver': '5.8.0-48.54~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1041.42'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1043.41'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1040.49'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.8.0.48.54~20.04.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.8.0.48.54~20.04.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.8.0.48.54~20.04.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.8.0.48.54~20.04.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.8.0.48.54~20.04.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.8.0.48.54~20.04.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop', 'pkgver': '5.4.0.1012.15'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1012.15'},\n {'osver': '20.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.4.0.1036.34'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.8.0.48.54~20.04.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.8.0.48.54~20.04.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.6.0.1052.48'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04-edge', 'pkgver': '5.10.0.1019.20'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04b', 'pkgver': '5.10.0.1019.20'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1041.38'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi', 'pkgver': '5.4.0.1032.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1032.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1032.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '5.4.0.1032.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04', 'pkgver': '5.4.0.1032.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1032.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.70.73'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.8.0.48.54~20.04.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.8.0.48.54~20.04.32'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1019-raspi', 'pkgver': '5.8.0-1019.22'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1019-raspi-nolpae', 'pkgver': '5.8.0-1019.22'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1022-kvm', 'pkgver': '5.8.0-1022.24'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1024-oracle', 'pkgver': '5.8.0-1024.25'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1026-azure', 'pkgver': '5.8.0-1026.28'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1026-gcp', 'pkgver': '5.8.0-1026.27'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1027-aws', 'pkgver': '5.8.0-1027.29'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-48-generic', 'pkgver': '5.8.0-48.54'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-48-generic-64k', 'pkgver': '5.8.0-48.54'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-48-generic-lpae', 'pkgver': '5.8.0-48.54'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-48-lowlatency', 'pkgver': '5.8.0-48.54'},\n {'osver': '20.10', 'pkgname': 'linux-image-aws', 'pkgver': '5.8.0.1027.29'},\n {'osver': '20.10', 'pkgname': 'linux-image-azure', 'pkgver': '5.8.0.1026.26'},\n {'osver': '20.10', 'pkgname': 'linux-image-gcp', 'pkgver': '5.8.0.1026.26'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-gke', 'pkgver': '5.8.0.1026.26'},\n {'osver': '20.10', 'pkgname': 'linux-image-kvm', 'pkgver': '5.8.0.1022.24'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-oracle', 'pkgver': '5.8.0.1024.23'},\n {'osver': '20.10', 'pkgname': 'linux-image-raspi', 'pkgver': '5.8.0.1019.22'},\n {'osver': '20.10', 'pkgname': 'linux-image-raspi-nolpae', 'pkgver': '5.8.0.1019.22'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.8.0.48.53'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.8.0.48.53'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.10.0-1019-oem / linux-image-5.3.0-1038-raspi2 / etc');\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-13T07:57:58", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-9503fffad9 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause\n a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that\n SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-29T00:00:00", "title": "Fedora 32 : kernel (2021-9503fffad9)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-28951", "CVE-2021-28964", "CVE-2020-27170", "CVE-2021-28971", "CVE-2021-28952", "CVE-2021-28972", "CVE-2020-27171"], "modified": "2021-03-29T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:32"], "id": "FEDORA_2021-9503FFFAD9.NASL", "href": "https://www.tenable.com/plugins/nessus/148205", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-9503fffad9\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148205);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2021-28951\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-9503fffad9\");\n\n script_name(english:\"Fedora 32 : kernel (2021-9503fffad9)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-9503fffad9 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause\n a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that\n SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-9503fffad9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-27170', 'CVE-2020-27171', 'CVE-2021-28951', 'CVE-2021-28952', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-9503fffad9');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-5.11.10-100.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-14T18:42:36", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9141 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in\n versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw\n allows a local user to crash the system. (CVE-2020-25639)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when\n the source register was known to be 0. A local attacker with the ability to load bpf programs could use\n this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and\n possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in\n the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and\n in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. (CVE-2021-3444)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-13T00:00:00", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9141)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-28588", "CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363", "CVE-2021-3444", "CVE-2020-25639", "CVE-2020-27170", "CVE-2020-27171"], "modified": "2021-04-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-container", "cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2021-9141.NASL", "href": "https://www.tenable.com/plugins/nessus/148458", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9141.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148458);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/13\");\n\n script_cve_id(\n \"CVE-2020-25639\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-28588\",\n \"CVE-2021-3444\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9141)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9141 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in\n versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw\n allows a local user to crash the system. (CVE-2020-25639)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when\n the source register was known to be 0. A local attacker with the ability to load bpf programs could use\n this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and\n possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in\n the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and\n in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. (CVE-2021-3444)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9141.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3444\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-25639', 'CVE-2020-27170', 'CVE-2020-27171', 'CVE-2020-28588', 'CVE-2021-3444', 'CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9141');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-container-5.4.17-2102.200.13.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2102.200.13.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2102.200.13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2102.200.13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-container-debug-5.4.17'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-14T18:42:36", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9140 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in\n versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw\n allows a local user to crash the system. (CVE-2020-25639)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when\n the source register was known to be 0. A local attacker with the ability to load bpf programs could use\n this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and\n possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in\n the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and\n in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. (CVE-2021-3444)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-13T00:00:00", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9140)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-28588", "CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363", "CVE-2021-3444", "CVE-2020-25639", "CVE-2020-27170", "CVE-2020-27171"], "modified": "2021-04-13T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-tools", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9140.NASL", "href": "https://www.tenable.com/plugins/nessus/148459", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9140.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148459);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/13\");\n\n script_cve_id(\n \"CVE-2020-25639\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-28588\",\n \"CVE-2021-3444\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9140)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9140 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in\n versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw\n allows a local user to crash the system. (CVE-2020-25639)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The bpf verifier in the Linux kernel did not properly handle mod32 destination register truncation when\n the source register was known to be 0. A local attacker with the ability to load bpf programs could use\n this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and\n possibly out-of-bounds writes that could potentially lead to code execution. This issue was addressed in\n the upstream kernel in commit 9b00f1b78809 (bpf: Fix truncation handling for mod32 dst reg wrt zero) and\n in Linux stable kernels 5.11.2, 5.10.19, and 5.4.101. (CVE-2021-3444)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9140.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3444\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-25639', 'CVE-2020-27170', 'CVE-2020-27171', 'CVE-2020-28588', 'CVE-2021-3444', 'CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9140');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-5.4.17-2102.200.13.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2102.200.13.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.200.13.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.200.13.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.200.13.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.200.13.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.200.13.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.200.13.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2102.200.13.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2102.200.13.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2102.200.13.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2102.200.13.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2102.200.13.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2102.200.13.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2102.200.13.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2102.200.13.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.200.13.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.200.13.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.200.13.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.200.13.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.200.13.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.200.13.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2102.200.13.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-doc-5.4.17'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-03T01:52:19", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-27170, CVE-2020-27171\n\nPiotr Krysiuk discovered flaws in the BPF subsystem's checks for\ninformation leaks through speculative execution. A local user could\nuse these to obtain sensitive information from kernel memory.\n\nCVE-2021-3348\n\nADlab of venustech discovered a race condition in the nbd block driver\nthat can lead to a use-after-free. A local user with access to an nbd\nblock device could use this to cause a denial of service (crash or\nmemory corruption) or possibly for privilege escalation.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-26930 (XSA-365)\n\nOlivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H.\nSch&ouml;nherr discovered that the Xen block backend driver\n(xen-blkback) did not handle grant mapping errors correctly. A\nmalicious guest could exploit this bug to cause a denial of service\n(crash), or possibly an information leak or privilege escalation,\nwithin the domain running the backend, which is typically dom0.\n\nCVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038\n(XSA-367)\n\nJan Beulich discovered that the Xen support code and various Xen\nbackend drivers did not handle grant mapping errors correctly. A\nmalicious guest could exploit these bugs to cause a denial of service\n(crash) within the domain running the backend, which is typically\ndom0.\n\nCVE-2021-27363\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\nproperly restrict access to transport handle attributes in sysfs. On a\nsystem acting as an iSCSI initiator, this is an information leak to\nlocal users and makes it easier to exploit CVE-2021-27364.\n\nCVE-2021-27364\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\nproperly restrict access to its netlink management interface. On a\nsystem acting as an iSCSI initiator, a local user could use these to\ncause a denial of service (disconnection of storage) or possibly for\nprivilege escalation.\n\nCVE-2021-27365\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\ncorrectly limit the lengths of parameters or 'passthrough PDUs' sent\nthrough its netlink management interface. On a system acting as an\niSCSI initiator, a local user could use these to leak the contents of\nkernel memory, to cause a denial of service (kernel memory corruption\nor crash), and probably for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.181-1~deb9u1. This update additionally fixes Debian bug #983595,\nand includes many more bug fixes from stable updates 4.19.172-4.19.181\ninclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-31T00:00:00", "title": "Debian DLA-2610-1 : linux-4.19 security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-28660", "CVE-2020-27170", "CVE-2021-28038", "CVE-2021-3348", "CVE-2020-27171", "CVE-2021-3428"], "modified": "2021-03-31T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2610.NASL", "href": "https://www.tenable.com/plugins/nessus/148254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2610-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148254);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/02\");\n\n script_cve_id(\"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28660\", \"CVE-2021-3348\", \"CVE-2021-3428\");\n\n script_name(english:\"Debian DLA-2610-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-27170, CVE-2020-27171\n\nPiotr Krysiuk discovered flaws in the BPF subsystem's checks for\ninformation leaks through speculative execution. A local user could\nuse these to obtain sensitive information from kernel memory.\n\nCVE-2021-3348\n\nADlab of venustech discovered a race condition in the nbd block driver\nthat can lead to a use-after-free. A local user with access to an nbd\nblock device could use this to cause a denial of service (crash or\nmemory corruption) or possibly for privilege escalation.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-26930 (XSA-365)\n\nOlivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H.\nSch&ouml;nherr discovered that the Xen block backend driver\n(xen-blkback) did not handle grant mapping errors correctly. A\nmalicious guest could exploit this bug to cause a denial of service\n(crash), or possibly an information leak or privilege escalation,\nwithin the domain running the backend, which is typically dom0.\n\nCVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038\n(XSA-367)\n\nJan Beulich discovered that the Xen support code and various Xen\nbackend drivers did not handle grant mapping errors correctly. A\nmalicious guest could exploit these bugs to cause a denial of service\n(crash) within the domain running the backend, which is typically\ndom0.\n\nCVE-2021-27363\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\nproperly restrict access to transport handle attributes in sysfs. On a\nsystem acting as an iSCSI initiator, this is an information leak to\nlocal users and makes it easier to exploit CVE-2021-27364.\n\nCVE-2021-27364\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\nproperly restrict access to its netlink management interface. On a\nsystem acting as an iSCSI initiator, a local user could use these to\ncause a denial of service (disconnection of storage) or possibly for\nprivilege escalation.\n\nCVE-2021-27365\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\ncorrectly limit the lengths of parameters or 'passthrough PDUs' sent\nthrough its netlink management interface. On a system acting as an\niSCSI initiator, a local user could use these to leak the contents of\nkernel memory, to cause a denial of service (kernel memory corruption\nor crash), and probably for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.181-1~deb9u1. This update additionally fixes Debian bug #983595,\nand includes many more bug fixes from stable updates 4.19.172-4.19.181\ninclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.181-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-07T14:18:46", "description": "An update of the linux package has been released.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-07T00:00:00", "title": "Photon OS 4.0: Linux PHSA-2021-4.0-0007", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-28375", "CVE-2021-27365", "CVE-2021-3347", "CVE-2021-27364", "CVE-2021-26708", "CVE-2021-27363", "CVE-2021-26930", "CVE-2021-3444", "CVE-2020-27170", "CVE-2021-3348", "CVE-2020-27171", "CVE-2020-28374"], "modified": "2021-04-07T00:00:00", "cpe": ["cpe:/o:vmware:photonos:4.0", "p-cpe:/a:vmware:photonos:linux"], "id": "PHOTONOS_PHSA-2021-4_0-0007_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/148350", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0007. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148350);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/07\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-28374\",\n \"CVE-2021-26708\",\n \"CVE-2021-26930\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28375\",\n \"CVE-2021-3347\",\n \"CVE-2021-3348\",\n \"CVE-2021-3444\"\n );\n\n script_name(english:\"Photon OS 4.0: Linux PHSA-2021-4.0-0007\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-7.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', reference:'linux-api-headers-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-aws-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-aws-devel-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-aws-docs-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-aws-drivers-gpu-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-aws-oprofile-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-aws-sound-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-devel-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-docs-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-drivers-gpu-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-drivers-intel-sgx-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-drivers-sound-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-esx-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-esx-devel-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-esx-docs-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-oprofile-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-python3-perf-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-rt-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-rt-devel-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-rt-docs-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-secure-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-secure-devel-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-secure-docs-5.10.25-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'linux-tools-5.10.25-1.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-15T09:58:26", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier\n which did not properly handle mod32 destination register\n truncation when the source register was known to be 0\n leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in\n ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which\n could have allowed attackers to obtain sensitive\n information from kernel memory because of a partially\n uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store\n which could have allowed attackers to cause a denial of\n service due to race conditions during an update of the\n local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar\n Ethernet driver which could have allowed attackers to\n cause a system crash due to a calculation of negative\n fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow\n when writing a new device name to the driver from\n userspace, allowing userspace to write data to the\n kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in\n intel_pmu_drain_pebs_nhm which could have caused a\n system crash because the PEBS status in a PEBS record\n was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root\n which could have allowed attackers to cause a denial of\n service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365\n (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in\n rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in\n fastrpc_internal_invoke which did not prevent user\n applications from sending kernel RPC messages\n (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver\n which was lacking necessary treatment of errors such as\n failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged\n user can send a Netlink message that is associated with\n iSCSI, and has a length up to the maximum length of a\n Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could\n craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could\n have been used to determine the address of the\n iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was\n found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where\n could have allowed an attacker to execute code\n (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting\n out-of-bounds speculation on pointer arithmetic, leading\n to side-channel attacks that defeat Spectre mitigations\n and obtain sensitive information from kernel memory\n (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks\n that defeat Spectre mitigations and obtain sensitive\n information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the\n perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when\n aa_label_parse() fails in aa_audit_rule_init()\n (bsc#1156256).\n\nThe following non-security bugs were fixed :\n\n -\n 0007-block-add-docs-for-gendisk-request_queue-refcount-h\n e.patch: (bsc#1171295, git fixes (block drivers)).\n\n -\n 0008-block-revert-back-to-synchronous-request_queue-remo\n v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2)\n (git-fixes).\n\n - ACPICA: Always create namespace nodes using\n acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake\n (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO\n op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in\n acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807\n (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony\n VPCEH3U1E (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits\n (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during\n S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers\n (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state\n (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10\n (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI\n Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi\n Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook\n Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with\n ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue\n for a Dell AIO (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay\n quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with\n succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech\n Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics\n headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in\n setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate\n differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level\n (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell\n AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in\n usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported'\n errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in\n usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for\n single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it\n (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso\n (git-fixes).\n\n - apparmor: check/put label on\n apparmor_sk_clone_security() (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable\n (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset\n (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias\n Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion\n (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table\n (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to\n soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium\n 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One\n S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar\n Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad\n A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX\n OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper\n EZpad 7 tablet (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch'\n control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from\n Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control\n (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control\n (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct\n default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock\n (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition\n (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n -\n blktrace-annotate-required-lock-on-do_blk_trace_setu.pat\n ch: (bsc#1171295).\n\n -\n blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat\n ch: (bsc#1171295).\n\n -\n blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat\n ch: (bsc#1171295).\n\n -\n block-clarify-context-for-refcount-increment-helpers.pat\n ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe()\n (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in\n amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY\n for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid\n crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686\n bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally\n (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp\n programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod\n (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without\n lock (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic\n (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily\n (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic\n tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad\n A15 tablet (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in\n btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active\n tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to\n concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root\n (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind\n of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with\n NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on\n mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD\n (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to\n c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free\n (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze()\n (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid\n (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for\n missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter\n freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss\n warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices\n (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten\n supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if\n socket was closed before setting skb ownership\n (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls\n (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file\n (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in\n References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack\n (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases\n (git-fixes).\n\n - crypto: bcm - Rename struct device_private to\n bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires\n the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count\n (git-fixes).\n\n - Delete\n patches.suse/sched-Reenable-interrupts-in-do_sched_yield\n .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in\n qp_host_alloc_queue (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when\n get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow\n (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in\n amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489)\n Backporting notes: * context changes\n\n - drm/amd/powerplay: fix spelling mistake\n 'smu_state_memroy_block' -> (bsc#1152489) Backporting\n notes: * rename amd/pm to amd/powerplay * context\n changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK\n (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489)\n Backporting notes: * replaced mtk_ddp_write() with\n writel()\n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL\n register (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)\n (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp\n vs (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: fix shutdown hook in case GPU components failed\n to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: Fix WARN_ON() splat in _free_object()\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489)\n Backporting notes: * taken for 9b73bde39cf2 ('drm/msm:\n Fix use-after-free in msm_gem with carveout') * context\n changes\n\n - drm/nouveau: bail out of nouveau_channel_new if channel\n init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on\n open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472)\n Backporting notes :\n\n - drm/panfrost: Remove unused variables in\n panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/sched: Cancel and flush all outstanding jobs before\n finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/tegra: sor: Grab runtime PM reference across reset\n (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect\n (bsc#1152472) Backporting notes: * context changes *\n change vc4_hdmi to vc4->hdmi * removed references to\n encoder->hdmi_monitor\n\n - efi: use 32-bit alignment for efi_guid_t literals\n (git-fixes).\n\n - epoll: check for events when removing a timed out thread\n from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward\n compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all()\n functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register\n (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in\n efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID\n (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable\n CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test\n (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb\n headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver\n (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head\n for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo\n Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions\n (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for\n ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise\n USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init\n (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in\n ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition\n (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race\n condition (git-fixes).\n\n - iavf: Fix incorrect adapter get in iavf_resume\n (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011\n ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871\n ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871\n ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues\n variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871\n ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int'\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485\n ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly\n ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function\n (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq*\n functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails\n (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues\n (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect\n bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to\n LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in\n adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in\n mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of\n timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue\n (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp\n channel (git-fixes).\n\n - Input: applespi - do not wait for responses to commands\n indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some\n trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list\n (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length\n (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired\n Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in\n increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc\n (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in\n qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot\n system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in\n qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is\n on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in\n aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for\n subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for\n intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm\n to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags\n (bsc#1167773).\n\n - kbuild: add dummy toolchains to enable all cc-option\n etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path\n relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc\n (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for\n ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary\n files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant\n CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in\n dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from\n cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test\n in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window\n request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest\n vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter,\n tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events',\n bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if\n tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or\n RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon\n virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR\n (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID\n hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask'\n at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each\n bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct\n (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket\n (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit\n platforms (git-fixes).\n\n -\n loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat\n ch: (bsc#1171295).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error\n (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup\n failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some\n AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift\n (git-fixes).\n\n - media: mceusb: sanity check for prescaler value\n (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads\n (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in\n std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access\n (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access\n (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put()\n (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip\n 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel\n RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table\n (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no\n card is present (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC\n (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card\n (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling\n path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove\n module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set\n SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB\n page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for\n pmd_trans_huge when marking page tables prot_numa\n (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that\n reside on shared mounts (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init()\n (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe\n failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871\n ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware\n (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck\n (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value\n (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and\n phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc\n misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries\n for host port (git-fixes).\n\n - net: fec: Fix phy_device lookup for\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops\n (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare()\n in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of\n gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement\n (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an\n HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag\n after calling ether_setup (git-fixes).\n\n - net: korina: cast KSEG0 address to pointer in kfree\n (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array\n (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices\n (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave\n device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow\n (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in\n error path of emac_clks_phase1_init (git-fixes).\n\n - netsec: restore phy power state after controller reset\n (bsc#1183757).\n\n - net: spider_net: Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set\n real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback\n (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues()\n function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on\n netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in\n driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up\n (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation\n (bsc#1154353).\n\n - nvme: allocate the keep alive request using\n BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create\n association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails\n (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work\n (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails\n (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue\n establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer\n versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings\n (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code\n (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code\n (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs\n (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags()\n (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case\n (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file\n handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT\n Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215\n SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors\n (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be\n preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak\n (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix\n reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064\n (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq\n handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume\n (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for\n the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE\n capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module\n parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE\n on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device\n handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines\n (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events\n (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till\n fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with\n usage counter (bsc#1183366).\n\n - PM: runtime: Fix race getting/putting suppliers at probe\n (git-fixes).\n\n - powerpc/book3s64/radix: Remove WARN_ON in\n destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pseries/mobility: handle premature return from\n H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state\n (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after\n setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous\n clk_unprepare() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id\n (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced\n NUMA nodes (bsc#1169709)\n\n - Revert 'net: bonding: fix error return code of\n bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store\n functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore\n Added by 3b15cdc15956 (tracing: move function tracer\n options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: comment on the list To\n explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an\n array So that we can reuse it in both seds. This also\n introduces IGNORED_CONFIGS_RE array which can be easily\n extended.\n\n - rpm/check-for-config-changes: define ignores more\n strictly * search for whole words, so make wildcards\n explicit * use ' for quoting * prepend CONFIG_\n dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: ignore more configs\n Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_*\n * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER *\n CONFIG_TOOLS_SUPPORT_* are compiler specific too. This\n will allow us to use super configs using kernel's\n dummy-tools.\n\n - rpm/check-for-config-changes: sort the ignores They are\n growing so to make them searchable by humans.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP\n (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread\n (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver\n unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer\n allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during\n teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers\n (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion\n (git-fixes).\n\n - s390/vtime: fix increased steal time accounting\n (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock\n (bsc#1155518).\n\n - scsi: lpfc: Change wording of invalid pci reset log\n message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to\n ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes\n (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot\n (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery\n recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed\n node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building\n target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer\n dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in\n lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN\n (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after\n LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod\n hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors\n (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request\n (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry()\n error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in\n lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb\n (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in\n lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports\n (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8\n changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8\n (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg()\n (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in\n pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16\n bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is\n no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt\n failed (bsc#1155518).\n\n - selinux: fix error initialization in\n inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow()\n (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID\n error handling (git-fixes).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate()\n (bsc#1183540).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible\n (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks\n (bsc#1183750).\n\n - staging: bcm2835-audio: Replace unsafe strcpy() with\n strscpy() (git-fixes).\n\n - staging: comedi: addi_apci_1032: Fix endian problem for\n COS sample (git-fixes).\n\n - staging: comedi: addi_apci_1500: Fix endian problem for\n command sample (git-fixes).\n\n - staging: comedi: adv_pci1710: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: das6402: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: das800: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: dmm32at: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: me4000: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: pcl711: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: pcl818: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: fwserial: Fix error handling in fwserial_create\n (git-fixes).\n\n - staging: gdm724x: Fix DMA from stack (git-fixes).\n\n - staging: ks7010: prevent buffer overflow in\n ks_wlan_set_scan() (git-fixes).\n\n - staging: most: sound: add sanity check for function\n argument (git-fixes).\n\n - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device\n table (git-fixes).\n\n - staging: rtl8188eu: fix potential memory corruption in\n rtw_check_beacon_data() (git-fixes).\n\n - staging: rtl8188eu: prevent ->ssid overflow in\n rtw_wx_set_scan() (git-fixes).\n\n - staging: rtl8192e: Change state information from u16 to\n u8 (git-fixes).\n\n - staging: rtl8192e: Fix incorrect source in memcpy()\n (git-fixes).\n\n - staging: rtl8192e: Fix possible buffer overflow in\n _rtl92e_wx_set_scan (git-fixes).\n\n - staging: rtl8192u: fix ->ssid overflow in\n r8192_wx_set_scan() (git-fixes).\n\n - staging: rtl8712: Fix possible buffer overflow in\n r8712_sitesurvey_cmd (git-fixes).\n\n - staging: rtl8712: unterminated string leads to read\n overflow (git-fixes).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552\n bsc#1183598)\n\n - USB: cdc-acm: fix double free on probe failure\n (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure\n (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960\n board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection\n flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed\n interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1\n (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount\n decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state\n (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free\n (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable\n (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint\n max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix\n null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code\n (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx\n (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket\n (git-fixes).\n\n - USBip: fix stub_dev USBip_sockfd_store() races leading\n to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf\n (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket\n (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf\n (git-fixes).\n\n - USBip: tools: fix build error for multiple definition\n (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64\n (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe\n with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by\n definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air\n Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs\n (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler\n (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in\n edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic\n unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for\n tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected\n (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts\n (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA\n addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI\n (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871\n ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages()\n (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe\n (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest\n memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister\n (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP\n packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon\n (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams\n (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx\n (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task\n (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at\n the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi\n is pending (git-fixes).\n\n - xen/events: reset affinity of 2-level event when tearing\n it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis\n (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value\n (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota\n enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to\n uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal\n (git-fixes).", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-12T00:00:00", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2019-18814", "CVE-2021-28375", "CVE-2021-29265", "CVE-2021-27365", "CVE-2021-27364", "CVE-2021-29264", "CVE-2021-28688", "CVE-2020-27815", "CVE-2021-28964", "CVE-2019-19769", "CVE-2021-27363", "CVE-2021-28660", "CVE-2021-3444", "CVE-2020-27170", "CVE-2021-28038", "CVE-2021-28971", "CVE-2021-28972", "CVE-2020-35519", "CVE-2020-27171", "CVE-2021-29647", "CVE-2021-3428"], "modified": "2021-04-12T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "cpe:/o:novell:opensuse:15.2", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo"], "id": "OPENSUSE-2021-532.NASL", "href": "https://www.tenable.com/plugins/nessus/148438", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-532.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148438);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/14\");\n\n script_cve_id(\"CVE-2019-18814\", \"CVE-2019-19769\", \"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2020-27815\", \"CVE-2020-35519\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28375\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-28972\", \"CVE-2021-29264\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-3428\", \"CVE-2021-3444\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)\");\n script_summary(english:\"Check for the openSUSE-2021-532 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier\n which did not properly handle mod32 destination register\n truncation when the source register was known to be 0\n leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in\n ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which\n could have allowed attackers to obtain sensitive\n information from kernel memory because of a partially\n uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store\n which could have allowed attackers to cause a denial of\n service due to race conditions during an update of the\n local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar\n Ethernet driver which could have allowed attackers to\n cause a system crash due to a calculation of negative\n fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow\n when writing a new device name to the driver from\n userspace, allowing userspace to write data to the\n kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in\n intel_pmu_drain_pebs_nhm which could have caused a\n system crash because the PEBS status in a PEBS record\n was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root\n which could have allowed attackers to cause a denial of\n service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365\n (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in\n rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in\n fastrpc_internal_invoke which did not prevent user\n applications from sending kernel RPC messages\n (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver\n which was lacking necessary treatment of errors such as\n failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged\n user can send a Netlink message that is associated with\n iSCSI, and has a length up to the maximum length of a\n Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could\n craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could\n have been used to determine the address of the\n iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was\n found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where\n could have allowed an attacker to execute code\n (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting\n out-of-bounds speculation on pointer arithmetic, leading\n to side-channel attacks that defeat Spectre mitigations\n and obtain sensitive information from kernel memory\n (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks\n that defeat Spectre mitigations and obtain sensitive\n information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the\n perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when\n aa_label_parse() fails in aa_audit_rule_init()\n (bsc#1156256).\n\nThe following non-security bugs were fixed :\n\n -\n 0007-block-add-docs-for-gendisk-request_queue-refcount-h\n e.patch: (bsc#1171295, git fixes (block drivers)).\n\n -\n 0008-block-revert-back-to-synchronous-request_queue-remo\n v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2)\n (git-fixes).\n\n - ACPICA: Always create namespace nodes using\n acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake\n (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO\n op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in\n acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807\n (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony\n VPCEH3U1E (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits\n (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during\n S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers\n (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state\n (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10\n (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI\n Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi\n Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook\n Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with\n ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue\n for a Dell AIO (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay\n quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with\n succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech\n Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics\n headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in\n setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate\n differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level\n (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell\n AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in\n usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported'\n errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in\n usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for\n single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it\n (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso\n (git-fixes).\n\n - apparmor: check/put label on\n apparmor_sk_clone_security() (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable\n (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset\n (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias\n Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion\n (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table\n (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to\n soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium\n 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One\n S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar\n Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad\n A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX\n OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper\n EZpad 7 tablet (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch'\n control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from\n Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control\n (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control\n (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct\n default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock\n (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition\n (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n -\n blktrace-annotate-required-lock-on-do_blk_trace_setu.pat\n ch: (bsc#1171295).\n\n -\n blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat\n ch: (bsc#1171295).\n\n -\n blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat\n ch: (bsc#1171295).\n\n -\n block-clarify-context-for-refcount-increment-helpers.pat\n ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe()\n (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in\n amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY\n for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid\n crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686\n bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally\n (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp\n programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod\n (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without\n lock (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic\n (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily\n (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic\n tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad\n A15 tablet (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in\n btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active\n tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to\n concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root\n (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind\n of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with\n NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on\n mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD\n (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to\n c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free\n (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze()\n (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid\n (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for\n missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter\n freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss\n warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices\n (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten\n supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if\n socket was closed before setting skb ownership\n (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls\n (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file\n (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in\n References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack\n (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases\n (git-fixes).\n\n - crypto: bcm - Rename struct device_private to\n bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires\n the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count\n (git-fixes).\n\n - Delete\n patches.suse/sched-Reenable-interrupts-in-do_sched_yield\n .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in\n qp_host_alloc_queue (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when\n get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow\n (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in\n amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489)\n Backporting notes: * context changes\n\n - drm/amd/powerplay: fix spelling mistake\n 'smu_state_memroy_block' -> (bsc#1152489) Backporting\n notes: * rename amd/pm to amd/powerplay * context\n changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK\n (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489)\n Backporting notes: * replaced mtk_ddp_write() with\n writel()\n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL\n register (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)\n (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp\n vs (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: fix shutdown hook in case GPU components failed\n to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: Fix WARN_ON() splat in _free_object()\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489)\n Backporting notes: * taken for 9b73bde39cf2 ('drm/msm:\n Fix use-after-free in msm_gem with carveout') * context\n changes\n\n - drm/nouveau: bail out of nouveau_channel_new if channel\n init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on\n open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472)\n Backporting notes :\n\n - drm/panfrost: Remove unused variables in\n panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/sched: Cancel and flush all outstanding jobs before\n finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/tegra: sor: Grab runtime PM reference across reset\n (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect\n (bsc#1152472) Backporting notes: * context changes *\n change vc4_hdmi to vc4->hdmi * removed references to\n encoder->hdmi_monitor\n\n - efi: use 32-bit alignment for efi_guid_t literals\n (git-fixes).\n\n - epoll: check for events when removing a timed out thread\n from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward\n compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all()\n functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register\n (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in\n efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID\n (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable\n CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test\n (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb\n headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver\n (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head\n for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo\n Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions\n (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for\n ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise\n USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init\n (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in\n ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition\n (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race\n condition (git-fixes).\n\n - iavf: Fix incorrect adapter get in iavf_resume\n (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011\n ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871\n ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871\n ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues\n variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871\n ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int'\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485\n ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly\n ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function\n (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq*\n functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails\n (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues\n (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect\n bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to\n LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in\n adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in\n mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of\n timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue\n (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp\n channel (git-fixes).\n\n - Input: applespi - do not wait for responses to commands\n indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some\n trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list\n (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length\n (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired\n Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in\n increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc\n (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in\n qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot\n system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in\n qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is\n on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in\n aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for\n subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for\n intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm\n to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags\n (bsc#1167773).\n\n - kbuild: add dummy toolchains to enable all cc-option\n etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path\n relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc\n (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for\n ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary\n files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant\n CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in\n dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from\n cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test\n in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window\n request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest\n vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter,\n tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events',\n bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if\n tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or\n RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon\n virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR\n (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID\n hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask'\n at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each\n bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct\n (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket\n (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit\n platforms (git-fixes).\n\n -\n loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat\n ch: (bsc#1171295).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error\n (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup\n failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some\n AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift\n (git-fixes).\n\n - media: mceusb: sanity check for prescaler value\n (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads\n (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in\n std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access\n (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access\n (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put()\n (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip\n 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel\n RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table\n (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no\n card is present (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC\n (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card\n (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling\n path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove\n module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set\n SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB\n page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for\n pmd_trans_huge when marking page tables prot_numa\n (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that\n reside on shared mounts (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init()\n (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe\n failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871\n ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware\n (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck\n (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value\n (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and\n phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc\n misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries\n for host port (git-fixes).\n\n - net: fec: Fix phy_device lookup for\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops\n (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare()\n in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of\n gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement\n (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an\n HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag\n after calling ether_setup (git-fixes).\n\n - net: korina: cast KSEG0 address to pointer in kfree\n (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array\n (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices\n (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave\n device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow\n (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in\n error path of emac_clks_phase1_init (git-fixes).\n\n - netsec: restore phy power state after controller reset\n (bsc#1183757).\n\n - net: spider_net: Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set\n real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback\n (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues()\n function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on\n netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in\n driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up\n (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation\n (bsc#1154353).\n\n - nvme: allocate the keep alive request using\n BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create\n association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails\n (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work\n (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails\n (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue\n establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer\n versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings\n (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code\n (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code\n (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs\n (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags()\n (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case\n (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file\n handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT\n Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215\n SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors\n (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be\n preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak\n (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix\n reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064\n (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq\n handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume\n (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for\n the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE\n capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module\n parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE\n on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device\n handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines\n (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events\n (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till\n fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with\n usage counter (bsc#1183366).\n\n - PM: runtime: Fix race getting/putting suppliers at probe\n (git-fixes).\n\n - powerpc/book3s64/radix: Remove WARN_ON in\n destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pseries/mobility: handle premature return from\n H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state\n (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after\n setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous\n clk_unprepare() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id\n (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced\n NUMA nodes (bsc#1169709)\n\n - Revert 'net: bonding: fix error return code of\n bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store\n functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore\n Added by 3b15cdc15956 (tracing: move function tracer\n options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: comment on the list To\n explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an\n array So that we can reuse it in both seds. This also\n introduces IGNORED_CONFIGS_RE array which can be easily\n extended.\n\n - rpm/check-for-config-changes: define ignores more\n strictly * search for whole words, so make wildcards\n explicit * use ' for quoting * prepend CONFIG_\n dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: ignore more configs\n Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_*\n * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER *\n CONFIG_TOOLS_SUPPORT_* are compiler specific too. This\n will allow us to use super configs using kernel's\n dummy-tools.\n\n - rpm/check-for-config-changes: sort the ignores They are\n growing so to make them searchable by humans.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP\n (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread\n (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver\n unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer\n allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during\n teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers\n (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion\n (git-fixes).\n\n - s390/vtime: fix increased steal time accounting\n (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock\n (bsc#1155518).\n\n - scsi: lpfc: Change wording of invalid pci reset log\n message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to\n ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes\n (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot\n (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery\n recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed\n node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building\n target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer\n dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in\n lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN\n (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after\n LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod\n hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors\n (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request\n (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry()\n error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in\n lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb\n (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in\n lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports\n (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8\n changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8\n (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg()\n (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in\n pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16\n bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is\n no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt\n failed (bsc#1155518).\n\n - selinux: fix error initialization in\n inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow()\n (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID\n error handling (git-fixes).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate()\n (bsc#1183540).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible\n (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks\n (bsc#1183750).\n\n - staging: bcm2835-audio: Replace unsafe strcpy() with\n strscpy() (git-fixes).\n\n - staging: comedi: addi_apci_1032: Fix endian problem for\n COS sample (git-fixes).\n\n - staging: comedi: addi_apci_1500: Fix endian problem for\n command sample (git-fixes).\n\n - staging: comedi: adv_pci1710: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: das6402: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: das800: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: dmm32at: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: me4000: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: pcl711: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: pcl818: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: fwserial: Fix error handling in fwserial_create\n (git-fixes).\n\n - staging: gdm724x: Fix DMA from stack (git-fixes).\n\n - staging: ks7010: prevent buffer overflow in\n ks_wlan_set_scan() (git-fixes).\n\n - staging: most: sound: add sanity check for function\n argument (git-fixes).\n\n - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device\n table (git-fixes).\n\n - staging: rtl8188eu: fix potential memory corruption in\n rtw_check_beacon_data() (git-fixes).\n\n - staging: rtl8188eu: prevent ->ssid overflow in\n rtw_wx_set_scan() (git-fixes).\n\n - staging: rtl8192e: Change state information from u16 to\n u8 (git-fixes).\n\n - staging: rtl8192e: Fix incorrect source in memcpy()\n (git-fixes).\n\n - staging: rtl8192e: Fix possible buffer overflow in\n _rtl92e_wx_set_scan (git-fixes).\n\n - staging: rtl8192u: fix ->ssid overflow in\n r8192_wx_set_scan() (git-fixes).\n\n - staging: rtl8712: Fix possible buffer overflow in\n r8712_sitesurvey_cmd (git-fixes).\n\n - staging: rtl8712: unterminated string leads to read\n overflow (git-fixes).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552\n bsc#1183598)\n\n - USB: cdc-acm: fix double free on probe failure\n (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure\n (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960\n board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection\n flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed\n interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1\n (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount\n decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state\n (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free\n (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable\n (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint\n max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix\n null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code\n (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx\n (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket\n (git-fixes).\n\n - USBip: fix stub_dev USBip_sockfd_store() races leading\n to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf\n (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket\n (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf\n (git-fixes).\n\n - USBip: tools: fix build error for multiple definition\n (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64\n (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe\n with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by\n definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air\n Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs\n (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler\n (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in\n edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic\n unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for\n tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected\n (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts\n (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA\n addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI\n (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871\n ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages()\n (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe\n (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest\n memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister\n (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP\n packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon\n (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams\n (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx\n (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task\n (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at\n the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi\n is pending (git-fixes).\n\n - xen/events: reset affinity of 2-level event when tearing\n it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis\n (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value\n (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota\n enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to\n uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal\n (git-fixes).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180197\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181383\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181862\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183277\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183280\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183283\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183287\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183386\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183447\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183598\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183637\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183859\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184218\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184219\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184224\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.69.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-17T04:23:34", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\nbecause of a race condition in a THP mapcount check (bsc#1179660,\nbsc#1179428).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which\ncould have led to local escalation of privilege (bsc#1176720).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-14T00:00:00", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-29265", "CVE-2021-27365", "CVE-2021-27364", "CVE-2021-29264", "CVE-2021-28688", "CVE-2021-26932", "CVE-2020-27815", "CVE-2021-28964", "CVE-2021-27363", "CVE-2021-26930", "CVE-2020-0433", "CVE-2020-29368", "CVE-2021-26931", "CVE-2021-28660", "CVE-2020-29374", "CVE-2021-3444", "CVE-2020-27170", "CVE-2021-28038", "CVE-2021-28971", "CVE-2021-28972", "CVE-2020-35519", "CVE-2020-27171", "CVE-2021-29647", "CVE-2021-3428"], "modified": "2021-04-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure-devel", "cpe:/o:novell:suse_linux:12", "p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-base"], "id": "SUSE_SU-2021-1175-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1175-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148509);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/16\");\n\n script_cve_id(\"CVE-2020-0433\", \"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2020-27815\", \"CVE-2020-29368\", \"CVE-2020-29374\", \"CVE-2020-35519\", \"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-28972\", \"CVE-2021-29264\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-3428\", \"CVE-2021-3444\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\nbecause of a race condition in a THP mapcount check (bsc#1179660,\nbsc#1179428).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which\ncould have led to local escalation of privilege (bsc#1176720).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27170/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27171/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29368/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35519/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26931/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26932/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28971/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28972/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3444/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211175-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f99314b7\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1175=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.50.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2021-04-07T10:50:13", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-28950"], "description": "The kernel meta package ", "modified": "2021-03-24T01:48:59", "published": "2021-03-24T01:48:59", "id": "FEDORA:8FD383176A9C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: kernel-5.11.8-300.fc34", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-04-07T10:50:13", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-28950"], "description": "The kernel meta package ", "modified": "2021-03-24T02:41:30", "published": "2021-03-24T02:41:30", "id": "FEDORA:73E1630A20AB", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-5.11.8-200.fc33", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-03-29T22:50:38", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-28951", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972"], "description": "The kernel meta package ", "modified": "2021-03-29T01:12:40", "published": "2021-03-29T01:12:40", "id": "FEDORA:C1626307261A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: kernel-5.11.10-100.fc32", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-03-31T22:48:06", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28588", "CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363", "CVE-2021-3444", "CVE-2020-25639", "CVE-2020-27170", "CVE-2020-27171"], "description": "[5.4.17-2102.200.13.el7]\n- bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Add sanity check for upper ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Simplify alu_limit masking for pointer arithmetic (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Fix off-by-one for area size in creating mask to left (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Prohibit alu ops for pointer types not defining ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- selftests/bpf: Test access to bpf map pointer (Andrey Ignatov) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Fix truncation handling for mod32 dst reg wrt zero (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}\n- bpf: Fix 32 bit src register truncation on div/mod (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}\n[5.4.17-2102.200.12.el7]\n- Revert 'x86/platform/uv: Update UV MMRs for UV5' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Add UV5 direct references' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Add and decode Arch Type in UVsystab' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Update MMIOH references based on new UV5 MMRs' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Adjust GAM MMR references affected by UV5 updates' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Update UV5 MMR references in UV GRU' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Update node present counting' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Update UV5 TSC checking' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Update for UV5 NMI MMR changes' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Update Copyrights to conform to HPE standards' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Fix missing OEM_TABLE_ID' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Remove spaces from OEM IDs' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Recognize UV5 hubless system identifier' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/tlb/uv: Add a forward declaration for struct flush_tlb_info' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Drop last traces of uv_flush_tlb_others' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Fix copied UV5 output archtype' (Jack Vogel) [Orabug: 32651197]\n- Revert 'x86/platform/uv: Fix UV4 hub revision adjustment' (Jack Vogel) [Orabug: 32651197]\n[5.4.17-2102.200.11.el7]\n- mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang) [Orabug: 32620155]\n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- drm/nouveau: bail out of nouveau_channel_new if channel init fails (Frantisek Hrbata) [Orabug: 32591559] {CVE-2020-25639}\n- mm: support memblock alloc on the exact node for sparse_buffer_init() (Yunfeng Ye) [Orabug: 32613823]\n- mm/sparse.c: do not waste pre allocated memmap space (Michal Hocko) [Orabug: 32613823]\n- mm/sparse: consistently do not zero memmap (Vincent Whitchurch) [Orabug: 32613823]\n[5.4.17-2102.200.10.el7]\n- scsi: target: core: Make completion affinity configurable\n[4.14.14-2.el7]\n- BUILDINFO: commit=6bb6e206facd0c0277275ac8b9e82737380c9040\n- Bump release to 4.14.14-2.", "edition": 2, "modified": "2021-03-31T00:00:00", "published": "2021-03-31T00:00:00", "id": "ELSA-2021-9141", "href": "http://linux.oracle.com/errata/ELSA-2021-9141.html", "title": "Unbreakable Enterprise kernel-container security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-31T22:42:45", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28588", "CVE-2021-27365", "CVE-2021-3347", "CVE-2021-27364", "CVE-2021-26932", "CVE-2020-14381", "CVE-2021-27363", "CVE-2020-29569", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-3444", "CVE-2020-25639", "CVE-2020-27170", "CVE-2020-36158", "CVE-2021-3348", "CVE-2020-29568", "CVE-2021-20177", "CVE-2020-27171", "CVE-2020-28374"], "description": "[5.4.17-2102.200.13]\n- bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Add sanity check for upper ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Simplify alu_limit masking for pointer arithmetic (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Fix off-by-one for area size in creating mask to left (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Prohibit alu ops for pointer types not defining ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- selftests/bpf: Test access to bpf map pointer (Andrey Ignatov) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Fix truncation handling for mod32 dst reg wrt zero (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}\n- bpf: Fix 32 bit src register truncation on div/mod (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}\n[5.4.17-2102.200.12]\n- Revert x86/platform/uv: Update UV MMRs for UV5 (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Add UV5 direct references (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Add and decode Arch Type in UVsystab (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update MMIOH references based on new UV5 MMRs (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Adjust GAM MMR references affected by UV5 updates (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update UV5 MMR references in UV GRU (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update node present counting (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update UV5 TSC checking (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update for UV5 NMI MMR changes (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update Copyrights to conform to HPE standards (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix missing OEM_TABLE_ID (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Remove spaces from OEM IDs (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Recognize UV5 hubless system identifier (Jack Vogel) [Orabug: 32651197] \n- Revert x86/tlb/uv: Add a forward declaration for struct flush_tlb_info (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Drop last traces of uv_flush_tlb_others (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix copied UV5 output archtype (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix UV4 hub revision adjustment (Jack Vogel) [Orabug: 32651197]\n[5.4.17-2102.200.11]\n- mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang) [Orabug: 32620155] \n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- drm/nouveau: bail out of nouveau_channel_new if channel init fails (Frantisek Hrbata) [Orabug: 32591559] {CVE-2020-25639}\n- mm: support memblock alloc on the exact node for sparse_buffer_init() (Yunfeng Ye) [Orabug: 32613823] \n- mm/sparse.c: do not waste pre allocated memmap space (Michal Hocko) [Orabug: 32613823] \n- mm/sparse: consistently do not zero memmap (Vincent Whitchurch) [Orabug: 32613823]\n[5.4.17-2102.200.10]\n- scsi: target: core: Make completion affinity configurable (Mike Christie) [Orabug: 32403502] \n- target: flush submission work during TMR processing (Mike Christie) [Orabug: 32403502] \n- target iblock: add backend plug/unplug callouts (Mike Christie) [Orabug: 32403502] \n- target: fix backend plugging (Mike Christie) [Orabug: 32403502] \n- target: cleanup cmd flag bits (Mike Christie) [Orabug: 32403502] \n- tcm loop: use lio wq cmd submission helper (Mike Christie) [Orabug: 32403502] \n- tcm loop: use blk cmd allocator for se_cmds (Mike Christie) [Orabug: 32403502] \n- vhost scsi: use lio wq cmd submission helper (Mike Christie) [Orabug: 32403502] \n- target: add workqueue based cmd submission (Mike Christie) [Orabug: 32403502] \n- target: add gfp_t arg to target_cmd_init_cdb (Mike Christie) [Orabug: 32403502] \n- target: remove target_submit_cmd_map_sgls (Mike Christie) [Orabug: 32403502] \n- tcm_fc: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- xen-scsiback: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- vhost-scsi: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- usb gadget: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- sbp_target: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- tcm_loop: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- qla2xxx: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- ibmvscsi_tgt: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- srpt: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- target: break up target_submit_cmd_map_sgls (Mike Christie) [Orabug: 32403502] \n- target: rename transport_init_se_cmd (Mike Christie) [Orabug: 32403502] \n- target: drop kref_get_unless_zero in target_get_sess_cmd (Mike Christie) [Orabug: 32403502] \n- target: move t_task_cdb initialization (Mike Christie) [Orabug: 32403502] \n- scsi: tcm_loop: Allow queues, can_queue and cmd_per_lun to be settable (Mike Christie) [Orabug: 32403502] \n- scsi: target: Make state_list per CPU (Mike Christie) [Orabug: 32403502] \n- scsi: target: Drop sess_cmd_lock from I/O path (Mike Christie) [Orabug: 32403502] \n- scsi: qla2xxx: Move sess cmd list/lock to driver (Mike Christie) [Orabug: 32403502] \n- scsi: target: Remove TARGET_SCF_LOOKUP_LUN_FROM_TAG (Mike Christie) [Orabug: 32403502] \n- scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix cmd_count ref leak (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix LUN ref count handling (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix lun lookup for TARGET_SCF_LOOKUP_LUN_FROM_TAG case (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Rename target_setup_cmd_from_cdb() to target_cmd_parse_cdb() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Fix NULL pointer dereference (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Initialize LUN in transport_init_se_cmd() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Factor out a new helper, target_cmd_init_cdb() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- mm: memcontrol: decouple reference counting from page accounting (Johannes Weiner) \n- uek-rpm: add opbmc to nano-kernel (Eric Snowberg) [Orabug: 32555675] \n- rds: rds_drop_egress events should be enabled as part of RDS_RTD_SND (Alan Maguire) [Orabug: 32587016] \n- rds: use dedicated rds_send_lock_contention tracepoint instead of drop (Alan Maguire) [Orabug: 32587016] \n- rds: ensure saddr/daddr for tracepoints is not NULL (Alan Maguire) [Orabug: 32580940] \n- hsr: use netdev_err() instead of WARN_ONCE() (Taehee Yoo) [Orabug: 32576070] \n- PCI: hotplug: Add module parameter to allow user control of LEDs (Thomas Tai) [Orabug: 32556980] \n- net/rds: increase 1MB MR pool size for RDS (Manjunath Patil) \n- block/diskstats: accumulate all per-cpu counters in one pass (Konstantin Khlebnikov) [Orabug: 32531556] \n- arm64/crash_core: fix TCR_EL1.T1SZ in vmcoreinfo (John Donnelly) [Orabug: 32559514] \n- x86/platform/uv: Fix UV4 hub revision adjustment (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Fix copied UV5 output archtype (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Drop last traces of uv_flush_tlb_others (Jiri Slaby) [Orabug: 32527680] \n- x86/tlb/uv: Add a forward declaration for struct flush_tlb_info (Borislav Petkov) [Orabug: 32527680] \n- x86/platform/uv: Recognize UV5 hubless system identifier (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove spaces from OEM IDs (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Fix missing OEM_TABLE_ID (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update Copyrights to conform to HPE standards (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update for UV5 NMI MMR changes (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV5 TSC checking (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update node present counting (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV5 MMR references in UV GRU (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Adjust GAM MMR references affected by UV5 updates (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update MMIOH references based on new UV5 MMRs (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Add and decode Arch Type in UVsystab (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Add UV5 direct references (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV MMRs for UV5 (Mike Travis) [Orabug: 32527680] \n- drivers/misc/sgi-xp: Adjust references in UV kernel modules (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove SCIR MMR references for UV systems (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove UV BAU TLB Shootdown Handler (Mike Travis) [Orabug: 32527680] \n- x86/apic/uv: Avoid unused variable warning (Arnd Bergmann) [Orabug: 32527680] \n- x86/platform/uv: Remove vestigial mention of UV1 platform from bios header (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for uv1 platform from uv_hub (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_bau (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_mmrs (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from x2apic_uv_x (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_tlb (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_time (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove the unused _uv_cpu_blade_processor_id() macro (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Unexport uv_apicid_hibits (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove _uv_hub_info_check() (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Simplify uv_send_IPI_one() (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove the UV*_HUB_IS_SUPPORTED macros (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove the uv_partition_coherence_id() macro (Christoph Hellwig) [Orabug: 32527680] \n- x86/apic/uv: Remove code for unused distributed GRU mode (Steve Wahl) [Orabug: 32527680] \n- cper,edac,efi: Memory Error Record: bank group/address and chip id (Alex Kluver) [Orabug: 32526741] \n- edac,ghes,cper: Add Row Extension to Memory Error Record (Alex Kluver) [Orabug: 32526741] \n- perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (Steve Wahl) [Orabug: 32526200] \n- perf/x86/intel/uncore: Store the logical die id instead of the physical die id. (Steve Wahl) [Orabug: 32526200] \n- perf/x86/intel/uncore: Generic support for the PCI sub driver (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (Kan Liang) [Orabug: 32526200]\n[5.4.17-2102.200.9]\n- KVM: arm64: guest context in x18 instead of x29 (Mihai Carabas) [Orabug: 32563746]\n[5.4.17-2102.200.8]\n- config: enable CONFIG_MLX5_MPFS (Brian Maly) [Orabug: 32522477] \n- random: wire /dev/random with a DRBG instance (Saeed Mirzamohammadi) [Orabug: 32522086] \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) [Orabug: 32522086] \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) [Orabug: 32522086] \n- crypto: jitter - SP800-90B compliance (Stephan Muller) [Orabug: 32522086] \n- crypto: jitter - add header to fix buildwarnings (Ben Dooks) [Orabug: 32522086] \n- crypto: jitter - fix comments (Alexander E. Patrakov) [Orabug: 32522086] \n- Revert RDMA/umem: Move to allocate SG table from pages (John Donnelly) [Orabug: 32481224] \n- Revert lib/scatterlist: Add support in dynamic allocation of SG table from pages (John Donnelly) [Orabug: 32481224] \n- Revert Maintainer: Fix build warning introduced in commit 99b99d76e6732 (John Donnelly) [Orabug: 32481224]\n[5.4.17-2102.200.7]\n- KVM: arm64: pmu: Dont mark a counter as chained if the odd one is disabled (Eric Auger) [Orabug: 32504832] \n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492108] {CVE-2021-26930}\n- xen-scsiback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- xen-netback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- xen-blkback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n[5.4.17-2102.200.6]\n- selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492276] \n- rds: tracepoints incorrectly reporting valid rds ping as drop (Alan Maguire) [Orabug: 32490004] \n- KVM: arm64: Save/restore sp_el0 as part of __guest_enter (Marc Zyngier) [Orabug: 32488537] \n- uek-rpm: config-aarch64: enable MEMORY HOTREMOVE (Mihai Carabas) [Orabug: 32353873] \n- arm64/mm/hotplug: Ensure early memory sections are all online (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm/hotplug: Enable MEM_OFFLINE event handling (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm/hotplug: Register boot memory hot remove notifier earlier (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm: Enable memory hot remove (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm: Hold memory hotplug lock while walking for kernel page table dump (Anshuman Khandual) [Orabug: 32353873] \n- rds: tracepoint-related KASAN: use-after-free Read in rds_send_xmit (Alan Maguire) [Orabug: 32490030] \n- inet: do not call sublist_rcv on empty list (Florian Westphal) [Orabug: 32422895] \n- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32485133] \n- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32485133] \n- vdpa/mlx5: allow Jumbo MTU config other than standard sized MTU (Si-Wei Liu) [Orabug: 32480078] \n- vdpa/mlx5: should exclude header length and fcs from mtu (Si-Wei Liu) [Orabug: 32480078] \n- vdpa/mlx5: Fix memory key MTT population (Eli Cohen) [Orabug: 32480078] \n- vdpa: Use simpler version of ida allocation (Parav Pandit) [Orabug: 32480078] \n- vdpa: Add missing comment for virtqueue count (Parav Pandit) [Orabug: 32480078] \n- vdpa/mlx5: Use write memory barrier after updating CQ index (Eli Cohen) [Orabug: 32480078] \n- vdpa: remove unnecessary default n in Kconfig entries (Stefano Garzarella) [Orabug: 32480078] \n- vhost_vdpa: switch to vmemdup_user() (Tian Tao) [Orabug: 32480078] \n- vhost_vdpa: return -EFAULT if copy_to_user() fails (Dan Carpenter) [Orabug: 32480078] \n- vdpa: mlx5: fix vdpa/vhost dependencies (Randy Dunlap) [Orabug: 32480078] \n- vdpa/mlx5: Setup driver only if VIRTIO_CONFIG_S_DRIVER_OK (Eli Cohen) [Orabug: 32480078] \n- vdpa/mlx5: Fix failure to bring link up (Eli Cohen) [Orabug: 32480078] \n- vdpa/mlx5: Make use of a specific 16 bit endianness API (Eli Cohen) [Orabug: 32480078] \n- vdpasim: fix mac_pton undefined error (Laurent Vivier) [Orabug: 32480078] \n- vdpasim: allow to assign a MAC address (Laurent Vivier) [Orabug: 32480078] \n- vdpasim: fix MAC address configuration (Laurent Vivier) [Orabug: 32480078] \n- vdpa: handle irq bypass register failure case (Zhu Lingshan) [Orabug: 32480078] \n- vdpa_sim: Fix DMA mask (Laurent Vivier) [Orabug: 32480078] \n- vdpa/mlx5: Fix error return in map_direct_mr() (Jing Xiangfeng) [Orabug: 32480078] \n- vhost_vdpa: Return -EFAULT if copy_from_user() fails (Dan Carpenter) [Orabug: 32480078] \n- vdpa_sim: implement get_iova_range() (Jason Wang) [Orabug: 32480078] \n- vhost: vdpa: report iova range (Jason Wang) [Orabug: 32480078] \n- vdpa: introduce config op to get valid iova range (Jason Wang) [Orabug: 32480078] \n- vhost_vdpa: remove unnecessary spin_lock in vhost_vring_call (Zhu Lingshan) [Orabug: 32480078] \n- vhost_vdpa: Fix duplicate included kernel.h (Tian Tao) [Orabug: 32480078] \n- rds: CONFIG_RDS_DEBUG + tracepoints breaks rds build (Alan Maguire) [Orabug: 32442487] \n- tools/power turbostat: Support additional CPU model numbers (Len Brown) [Orabug: 32422450] \n- tools/power turbostat: Support Tiger Lake (Chen Yu) [Orabug: 32422450]\n[5.4.17-2102.200.5]\n- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471659] \n- arm64: Reserve only 256M on RPi for crashkernel=auto (Vijay Kumar) [Orabug: 32454711] \n- nbd: freeze the queue while were adding connections (Josef Bacik) [Orabug: 32447284] {CVE-2021-3348}\n- futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422661] \n- hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422661] \n- rds: avoid crash on IB conn path shutdown prepare (Alan Maguire) [Orabug: 32466763] \n- mm/memcontrol: Increase threshold for draining per-cpu stocked bytes (Imran Khan) [Orabug: 32314559]\n[5.4.17-2102.200.4]\n- Revert rds: Deregister all FRWR mr with free_mr (aru kolappan) [Orabug: 32426609] \n- thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. (Andres Freund) [Orabug: 32424704] \n- thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support (Sumeet Pawnikar) [Orabug: 32424704] \n- thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (Gayatri Kammela) [Orabug: 32424704] \n- KVM: x86: Expose AVX512_FP16 for supported CPUID (Cathy Zhang) [Orabug: 32424461] \n- x86/kvm: Expose TSX Suspend Load Tracking feature (Cathy Zhang) [Orabug: 32424461] \n- x86: Expose SERIALIZE for supported cpuid (Paolo Bonzini) [Orabug: 32424461] \n- KVM: x86: Expose fast short REP MOV for supported cpuid (Zhenyu Wang) [Orabug: 32424461] \n- KVM: x86: Expose AVX512 VP2INTERSECT in cpuid for TGL (Zhenyu Wang) [Orabug: 32424461] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32424461] \n- x86: Enumerate AVX512 FP16 CPUID feature flag (Kyung Min Park) [Orabug: 32424461] \n- EDAC/i10nm: Add Intel Sapphire Rapids server support (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC/i10nm: Use readl() to access MMIO registers (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC: Add DDR5 new memory type (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC: Add three new memory types (Qiuxu Zhuo) [Orabug: 32424461] \n- x86/cpufeatures: Enumerate ENQCMD and ENQCMDS instructions (Fenghua Yu) [Orabug: 32424461] \n- x86/cpufeatures: Enumerate TSX suspend load address tracking instructions (Kyung Min Park) [Orabug: 32424461] \n- x86/cpufeatures: Add enumeration for SERIALIZE instruction (Ricardo Neri) [Orabug: 32424461] \n- x86/split_lock: Enable the split lock feature on Sapphire Rapids and Alder Lake CPUs (Fenghua Yu) [Orabug: 32424461] \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) [Orabug: 32424461] \n- x86/cpufeatures: Add Architectural LBRs feature bit (Kan Liang) [Orabug: 32424461] \n- powercap: intel_rapl: add support for Sapphire Rapids (Zhang Rui) [Orabug: 32424461] \n- x86/cpu: Add Sapphire Rapids CPU model number (Tony Luck) [Orabug: 32424461] \n- EDAC, {skx,i10nm}: Use CPU stepping macro to pass configurations (Qiuxu Zhuo) [Orabug: 32424461] \n- x86/cpu: Add a X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS() macro (Borislav Petkov) [Orabug: 32424461] \n- powercap/intel_rapl: Convert to new X86 CPU match macros (Thomas Gleixner) [Orabug: 32424461] \n- powercap/intel_rapl: add support for TigerLake Mobile (Zhang Rui) [Orabug: 32424461] \n- powercap/intel_rapl: add support for JasperLake (Zhang Rui) [Orabug: 32424461] \n- x86/cpufeatures: Add support for fast short REP; MOVSB (Tony Luck) [Orabug: 32424461] \n- powercap/intel_rapl: add support for Cometlake desktop (Zhang Rui) [Orabug: 32424461] \n- powercap/intel_rapl: add support for CometLake Mobile (Zhang Rui) [Orabug: 32424461] \n- crypto: lib/chacha20poly1305 - define empty module exit function (Jason A. Donenfeld) [Orabug: 32417868] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381881]\n[5.4.17-2102.200.3]\n- x86/msr: Add a pointer to an URL which contains further details (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Downgrade unrecognized MSR message (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Do not allow writes to MSR_IA32_ENERGY_PERF_BIAS (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Filter MSR writes (Borislav Petkov) [Orabug: 32402424] \n- tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- tools/power/turbostat: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- tools/power/cpupower: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- scsi: qla2xxx: Fix return of uninitialized value in rval (Colin Ian King) [Orabug: 32401797]\n[5.4.17-2102.200.2]\n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380823] \n- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380065] \n- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372529] {CVE-2021-20177}\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372157] \n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32341061] \n- scsi: qla2xxx: Do not consume srb greedily (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Use constant when it is known (Pavel Machek (CIP)) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Update version to 10.02.00.103-k (Nilesh Javali) [Orabug: 32346794] \n- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix reset of MPI firmware (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix MPI reset needed message (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix buffer-buffer credit extraction error (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Correct the check for sscanf() return value (Saurav Kashyap) [Orabug: 32346794] \n- scsi: qla2xxx: Update version to 10.02.00.102-k (Nilesh Javali) [Orabug: 32346794] \n- scsi: qla2xxx: Add SLER and PI control support (Saurav Kashyap) [Orabug: 32346794] \n- scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Add rport fields in debugfs (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Make tgt_port_database available in initiator mode (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix I/O errors during LIP reset tests (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Performance tweak (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Fix memory size truncation (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Reduce duplicate code in reporting speed (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Setup debugfs entries for remote ports (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Remove unneeded variable rval (Jason Yan) [Orabug: 32346794] \n- scsi: qla2xxx: Handle incorrect entry_type entries (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Fix the return value (Xianting Tian) [Orabug: 32346794] \n- scsi: qla2xxx: Fix the size used in a dma_free_coherent() call (Christophe JAILLET) [Orabug: 32346794] \n- scsi: qla2xxx: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32346794] \n- scsi: qla2xxx: Remove superfluous memset() (Li Heng) [Orabug: 32346794] \n- scsi: qla2xxx: Fix regression on sparc64 (Rene Rebe) [Orabug: 32346794] \n- scsi: qla2xxx: Address a set of sparse warnings (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: SAN congestion management implementation (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: Introduce a function for computing the debug message prefix (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Remove a superfluous cast (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Initialize n before using it (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (Bart Van Assche) [Orabug: 32346794] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32374281] {CVE-2020-28374}\n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350973] \n- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32351789]\n[5.4.17-2102.200.1]\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32361529] \n- selftests/net: remove rds.h from rds_echo.c (John Donnelly) [Orabug: 32351408] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349202] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355205]\n[5.4.17-2102.200.0]\n- lockd: dont use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337714] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32316504] \n- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32316504] \n- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32316504] \n- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32316504] \n- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32316504] \n- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32316504] \n- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32316504] \n- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32316504] \n- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32316504] \n- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32316504] \n- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32316504] \n- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32316504] \n- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32316504] \n- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32316504] \n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302135] \n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260251] {CVE-2020-29569}\n- Revert cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 32295228] \n- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295228] \n- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290042] \n- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290042] \n- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290042] \n- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290042] \n- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290042] \n- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290042] \n- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290042] \n- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290042] \n- iommu/arm-smmu-v3: Dont reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290042] \n- Revert BACKPORT: perf: Add Arm CMN-600 DT binding (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: WIP: perf/arm-cmn: Add ACPI support (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: Add ARM DMC-620 PMU driver. (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors (Dave Kleikamp) [Orabug: 32290042] \n- Revert Perf: arm-cmn: Allow irq to be shared. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_cmn: improve and make it work on 2P. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dsu: Allow IRQ to be shared among devices. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dsu: Support ACPI mode. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dmc620: Update ACPI ID. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: avoid breaking KABI by reusing enum (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf/smmuv3: Allow sharing MMIO registers with the SMMU driver (Dave Kleikamp) [Orabug: 32290042] \n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Add will_handle callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n[5.4.17-2051]\n- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233513] {CVE-2020-14381}\n- uek-rpm: Add nvme-tcp and nvme-rdma to ol7 and ol8 nano kernels (Alan Adamson) [Orabug: 32230382] \n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218857] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210420] \n- uek-rpm: enable VDPA subsystem and drivers (Si-Wei Liu) [Orabug: 32121107] \n- vdpa/mlx5: Fix dependency on MLX5_CORE (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: should keep avail_index despite device status (Si-Wei Liu) [Orabug: 32121107] \n- vdpa/mlx5: Avoid warnings about shifts on 32-bit platforms (Nathan Chancellor) [Orabug: 32121107] \n- vdpa/mlx5: fix up endian-ness for mtu (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa/mlx5: Fix pointer math in mlx5_vdpa_get_config() (Dan Carpenter) [Orabug: 32121107] \n- vdpa/mlx5: fix memory allocation failure checks (Colin Ian King) [Orabug: 32121107] \n- vdpa/mlx5: Fix uninitialised variable in core/mr.c (Alex Dewar) [Orabug: 32121107] \n- vdpa/mlx5: Add VDPA driver for supported mlx5 devices (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add shared memory registration code (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add support library for mlx5 VDPA implementation (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add hardware descriptive header file (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Add interface changes required for VDPA (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Expose vDPA emulation device capabilities (Yishai Hadas) [Orabug: 32121107] \n- net/mlx5: Add Virtio Emulation related device capabilities (Yishai Hadas) [Orabug: 32121107] \n- net/mlx5: Add VDPA interface type to supported enumerations (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Support setting access rights of dma addresses (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Provide simplified command interfaces (Leon Romanovsky) [Orabug: 32121107] \n- vhost-vdpa: fix page pinning leakage in error path (rework) (Si-Wei Liu) [Orabug: 32121107] \n- vhost-vdpa: fix vhost_vdpa_map() on error condition (Si-Wei Liu) [Orabug: 32121107] \n- vhost: Dont call log_access_ok() when using IOTLB (Greg Kurz) [Orabug: 32121107] \n- vhost vdpa: fix vhost_vdpa_open error handling (Mike Christie) [Orabug: 32121107] \n- vhost-vdpa: fix backend feature ioctls (Jason Wang) [Orabug: 32121107] \n- vhost: Fix documentation (Eli Cohen) [Orabug: 32121107] \n- vhost-iotlb: fix vhost_iotlb_itree_next() documentation (Stefano Garzarella) [Orabug: 32121107] \n- vdpa: Fix pointer math bug in vdpasim_get_config() (Dan Carpenter) [Orabug: 32121107] \n- vdpa_sim: init iommu lock (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: Modify get_vq_state() to return error code (Eli Cohen) [Orabug: 32121107] \n- net/vdpa: Use struct for set/get vq state (Eli Cohen) [Orabug: 32121107] \n- vdpa: remove hard coded virtq num (Max Gurtovoy) [Orabug: 32121107] \n- vdpasim: support batch updating (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: support IOTLB batching hints (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: support get/set backend features (Jason Wang) [Orabug: 32121107] \n- vhost: generialize backend features setting/getting (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: refine ioctl pre-processing (Jason Wang) [Orabug: 32121107] \n- vDPA: dont change vq irq after DRIVER_OK (Zhu Lingshan) [Orabug: 32121107] \n- irqbypass: do not start cons/prod when failed connect (Zhu Lingshan) [Orabug: 32121107] \n- vhost_vdpa: implement IRQ offloading in vhost_vdpa (Zhu Lingshan) [Orabug: 32121107] \n- vDPA: add get_vq_irq() in vdpa_config_ops (Zhu Lingshan) [Orabug: 32121107] \n- kvm: detect assigned device via irqbypass manager (Zhu Lingshan) [Orabug: 32121107] \n- vhost: introduce vhost_vring_call (Zhu Lingshan) [Orabug: 32121107] \n- vdpasim: protect concurrent access to iommu iotlb (Max Gurtovoy) [Orabug: 32121107] \n- vhost: vdpa: remove per device feature whitelist (Jason Wang) [Orabug: 32121107] \n- virtio_net: use LE accessors for speed/duplex (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio-iommu: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- drm/virtio: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_pmem: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_crypto: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_fs: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_input: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_balloon: use LE config space accesses (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: rewrite LE accessors without _Generic (Si-Wei Liu) [Orabug: 32121107] \n- virtio_config: fix up warnings on parisc (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: add virtio_cread_le_feature (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_caif: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: LE config space accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: cread/write cleanup (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa_sim: fix endian-ness of config space (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_vdpa: legacy features handling (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost/vdpa: switch to new helpers (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: make sure set_features is invoked for legacy (Michael S. Tsirkin) [Orabug: 32121107] \n- mlxbf-tmfifo: sparse tags for config access (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_scsi: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_pmem: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_net: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_input: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_gpu: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_fs: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_crypto: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_console: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_blk: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_balloon: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_9p: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio: allow __virtioXX, __leXX in config space (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_ring: sparse warning fixup (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio: VIRTIO_F_IOMMU_PLATFORM -> VIRTIO_F_ACCESS_PLATFORM (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost_vdpa: Fix potential underflow in vhost_vdpa_mmap() (Dan Carpenter) [Orabug: 32121107] \n- vdpa: fix typos in the comments for __vdpa_alloc_device() (Jason Wang) [Orabug: 32121107] \n- vhost_vdpa: Support config interrupt in vdpa (Zhu Lingshan) [Orabug: 32121107] \n- vdpasim: Fix some coccinelle warnings (Samuel Zou) [Orabug: 32121107] \n- vhost_vdpa: disable doorbell mapping for !MMU (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost_vdpa: support doorbell mapping via mmap (Jason Wang) [Orabug: 32121107] \n- vdpa: introduce get_vq_notification method (Jason Wang) [Orabug: 32121107] \n- vdpasim: remove unused variable ret (YueHaibing) [Orabug: 32121107] \n- vdpa: fix comment of vdpa_register_device() (Jason Wang) [Orabug: 32121107] \n- vdpa: make vhost, virtio depend on menu (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: allow a 32 bit vq alignment (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpasim: Return status in vdpasim_get_status (YueHaibing) [Orabug: 32121107] \n- vhost: remove set but not used variable status (Jason Yan) [Orabug: 32121107] \n- vhost: vdpa: remove unnecessary null check (Gustavo A. R. Silva) [Orabug: 32121107] \n- vdpa-sim: depend on HAS_DMA (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: move to drivers/vdpa (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpasim: vDPA device simulator (Jason Wang) [Orabug: 32121107] \n- vhost: introduce vDPA-based backend (Tiwei Bie) [Orabug: 32121107] \n- virtio: introduce a vDPA based transport (Jason Wang) [Orabug: 32121107] \n- vDPA: introduce vDPA bus (Jason Wang) [Orabug: 32121107] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Get sas_device objects using devices rphy (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Update hba_ports sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242278] \n- kabi: fix issues with slab memory allocator. (Libo Chen) [Orabug: 32119767] \n- mm: memcg/slab: uncharge during kmem_cache_free_bulk() (Bharata B Rao) [Orabug: 32119767] \n- mm: memcg/slab: fix racy access to page->mem_cgroup in mem_cgroup_from_obj() (Roman Gushchin) [Orabug: 32119767] \n- mm: slab: fix potential double free in ___cache_free (Shakeel Butt) [Orabug: 32119767] \n- mm: memcontrol: restore proper dirty throttling when memory.high changes (Johannes Weiner) [Orabug: 32119767] \n- mm: memcontrol: avoid workload stalls when lowering memory.high (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: switch to static_branch_likely() in memcg_kmem_enabled() (Roman Gushchin) [Orabug: 32119767] \n- mm: slab: rename (un)charge_slab_page() to (un)account_slab_page() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove unused argument by charge_slab_page() (Roman Gushchin) [Orabug: 32119767] \n- tools/cgroup: add memcg_slabinfo.py tool (Roman Gushchin) [Orabug: 32119767] \n- kselftests: cgroup: add kernel memory accounting tests (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use a single set of kmem_caches for all allocations (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove redundant check in memcg_accumulate_slabinfo() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: deprecate slab_root_caches (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove memcg_kmem_get_cache() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: simplify memcg cache creation (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use a single set of kmem_caches for all accounted allocations (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: move memcg_kmem_bypass() to memcontrol.h (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: deprecate memory.kmem.slabinfo (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: charge individual slab objects instead of pages (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: save obj_cgroup for non-root slab objects (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: allocate obj_cgroups for non-root slab pages (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: obj_cgroup API (Roman Gushchin) [Orabug: 32119767] \n- mm: slub: implement SLUB version of obj_to_index() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: convert vmstat slab counters to bytes (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: prepare for byte-sized vmstat items (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: factor out memcg- and lruvec-level changes out of __mod_lruvec_state() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: make memcg_kmem_enabled() irreversible (Roman Gushchin) [Orabug: 32119767] \n- mm, slab/slub: improve error reporting and overhead of cache_from_obj() (Vlastimil Babka) [Orabug: 32119767] \n- mm, slub: introduce kmem_cache_debug_flags() (Vlastimil Babka) [Orabug: 32119767] \n- mm, slab: fix sign conversion problem in memcg_uncharge_slab() (Waiman Long) [Orabug: 32119767] \n- memcg: fix memcg_kmem_bypass() for remote memcg charging (Zefan Li) [Orabug: 32119767] \n- slub: Remove userspace notifier for cache add/remove (Christoph Lameter) [Orabug: 32119767] \n- mm: kmem: rename (__)memcg_kmem_(un)charge_memcg() to __memcg_kmem_(un)charge() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: cache page number in memcg_(un)charge_slab() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: switch to nr_pages in (__)memcg_kmem_charge_memcg() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: rename memcg_kmem_(un)charge() into memcg_kmem_(un)charge_page() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: cleanup memcg_kmem_uncharge_memcg() arguments (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: cleanup (__)memcg_kmem_charge_memcg() arguments (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use mem_cgroup_from_obj() (Roman Gushchin) [Orabug: 32119767] \n- mm/slub.c: avoid slub allocation while holding list_lock (Yu Zhao) [Orabug: 32119767] \n- mm: clean up and clarify lruvec lookup procedure (Johannes Weiner) [Orabug: 32119767] \n- mm: memcontrol: try harder to set a new memory.high (Johannes Weiner) [Orabug: 32119767] \n- mm/slub.c: clean up validate_slab() (Yu Zhao) [Orabug: 32119767] \n- Linux 5.4.83 (Greg Kroah-Hartman) \n- Revert geneve: pull IP header before ECN decapsulation (Jakub Kicinski) \n- x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (Masami Hiramatsu) \n- netfilter: nftables_offload: set address type in control dissector (Pablo Neira Ayuso) \n- netfilter: nf_tables: avoid false-postive lockdep splat (Florian Westphal) \n- Input: i8042 - fix error return code in i8042_setup_aux() (Luo Meng) \n- dm writecache: remove BUG() and fail gracefully instead (Mike Snitzer) \n- i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (Zhihao Cheng) \n- rtw88: debug: Fix uninitialized memory in debugfs code (Dan Carpenter) \n- ASoC: wm_adsp: fix error return code in wm_adsp_load() (Luo Meng) \n- tipc: fix a deadlock when flushing scheduled work (Hoang Huu Le) \n- netfilter: ipset: prevent uninit-value in hash_ip6_add (Eric Dumazet) \n- gfs2: check for empty rgrp tree in gfs2_ri_update (Bob Peterson) \n- can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check (Oliver Hartkopp) \n- lib/syscall: fix syscall registers retrieval on 32-bit platforms (Willy Tarreau) {CVE-2020-28588}\n- tracing: Fix userstacktrace option for instances (Steven Rostedt (VMware)) \n- iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (Suravee Suthikulpanit) \n- spi: bcm2835: Release the DMA channel if probe fails after dma_init (Peter Ujfalusi) \n- i2c: imx: Check for I2SR_IAL after every byte (Christian Eggers) \n- i2c: imx: Fix reset of I2SR_IAL flag (Christian Eggers) \n- speakup: Reject setting the speakup line discipline outside of speakup (Samuel Thibault) \n- mm/swapfile: do not sleep with a spin lock held (Qian Cai) \n- mm: list_lru: set shrinker map bit when child nr_items is not zero (Yang Shi) \n- coredump: fix core_pattern parse error (Menglong Dong) \n- x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (Masami Hiramatsu) \n- dm: remove invalid sparse __acquires and __releases annotations (Mike Snitzer) \n- dm: fix bug with RCU locking in dm_blk_report_zones (Sergei Shtepa) \n- powerpc/pseries: Pass MSI affinity to irq_create_mapping() (Laurent Vivier) \n- genirq/irqdomain: Add an irq_create_mapping_affinity() function (Laurent Vivier) \n- powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (Nicholas Piggin) \n- dm writecache: fix the maximum number of arguments (Mikulas Patocka) \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) \n- drm/i915/gt: Program mocs:63 for cache eviction on gen9 (Chris Wilson) \n- thunderbolt: Fix use-after-free in remove_unplugged_switch() (Mika Westerberg) \n- i2c: imx: Dont generate STOP condition if arbitration has been lost (Christian Eggers) \n- cifs: fix potential use-after-free in cifs_echo_request() (Paulo Alcantara) \n- cifs: allow syscalls to be restarted in __smb_send_rqst() (Paulo Alcantara) \n- ftrace: Fix updating FTRACE_FL_TRAMP (Naveen N. Rao) \n- ALSA: hda/generic: Add option to enforce preferred_dacs pairs (Takashi Iwai) \n- ALSA: hda/realtek - Add new codec supported for ALC897 (Kailang Yang) \n- ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (Jian-Hong Pan) \n- ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (Takashi Iwai) \n- ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (Takashi Iwai) \n- tty: Fix ->session locking (Jann Horn) \n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) \n- USB: serial: option: fix Quectel BG96 matching (Bjorn Mork) \n- USB: serial: option: add support for Thales Cinterion EXS82 (Giacinto Cifelli) \n- USB: serial: option: add Fibocom NL668 variants (Vincent Palatin) \n- USB: serial: ch341: sort device-id entries (Johan Hovold) \n- USB: serial: ch341: add new Product ID for CH341A (Jan-Niklas Burfeind) \n- USB: serial: kl5kusb105: fix memleak on open (Johan Hovold) \n- usb: gadget: f_fs: Use local copy of descriptors for userspace copy (Vamsi Krishna Samavedam) \n- Partially revert bpf: Zero-fill re-used per-cpu map element (Sasha Levin) \n- pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) (Hans de Goede) \n- pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output (Hans de Goede) \n- Linux 5.4.82 (Greg Kroah-Hartman) \n- RDMA/i40iw: Address an mmap handler exploit in i40iw (Shiraz Saleem) \n- tracing: Remove WARN_ON in start_thread() (Vasily Averin) \n- Input: i8042 - add ByteSpeed touchpad to noloop table (Po-Hsu Lin) \n- Input: xpad - support Ardwiino Controllers (Sanjay Govind) \n- ALSA: usb-audio: US16x08: fix value count for level meters (Hector Martin) \n- net/mlx5: Fix wrong address reclaim when command interface is down (Eran Ben Elisha) \n- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (Yevgeny Kliteynik) \n- net/sched: act_mpls: ensure LSE is pullable before reading it (Davide Caratti) \n- net: openvswitch: ensure LSE is pullable before reading it (Davide Caratti) \n- net: skbuff: ensure LSE is pullable before decrementing the MPLS ttl (Davide Caratti) \n- net: mvpp2: Fix error return code in mvpp2_open() (Wang Hai) \n- chelsio/chtls: fix a double free in chtls_setkey() (Dan Carpenter) \n- vxlan: fix error return code in __vxlan_dev_create() (Zhang Changzhong) \n- net: pasemi: fix error return code in pasemi_mac_open() (Zhang Changzhong) \n- cxgb3: fix error return code in t3_sge_alloc_qset() (Zhang Changzhong) \n- net/x25: prevent a couple of overflows (Dan Carpenter) \n- net: ip6_gre: set dev->hard_header_len when using header_ops (Antoine Tenart) \n- geneve: pull IP header before ECN decapsulation (Eric Dumazet) \n- inet_ecn: Fix endianness of checksum update when setting ECT(1) (Toke Hoiland-Jorgensen) \n- ibmvnic: Fix TX completion error handling (Thomas Falcon) \n- ibmvnic: Ensure that SCRQ entry reads are correctly ordered (Thomas Falcon) \n- chelsio/chtls: fix panic during unload reload chtls (Vinay Kumar Yadav) \n- dt-bindings: net: correct interrupt flags in examples (Krzysztof Kozlowski) \n- ipv4: Fix tos mask in inet_rtm_getroute() (Guillaume Nault) \n- netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal (Antoine Tenart) \n- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (Vincent Guittot) \n- ima: extend boot_aggregate with kernel measurements (Maurizio Drocco) \n- staging/octeon: fix up merge error (Randy Dunlap) \n- bonding: wait for sysfs kobject destruction before freeing struct slave (Jamie Iles) \n- usbnet: ipheth: fix connectivity with iOS 14 (Yves-Alexis Perez) \n- tun: honor IOCB_NOWAIT flag (Jens Axboe) \n- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (Alexander Duyck) \n- sock: set sk_err to ee_errno on dequeue from errq (Willem de Bruijn) \n- rose: Fix Null pointer dereference in rose_send_frame() (Anmol Karn) \n- net/tls: Protect from calling tls_dev_del for TLS RX twice (Maxim Mikityanskiy) \n- net/tls: missing received data after fast remote close (Vadim Fedorenko) \n- net/af_iucv: set correct sk_protocol for child sockets (Julian Wiedmann) \n- ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init (Wang Hai) \n- devlink: Hold rtnl lock while reading netdev attributes (Parav Pandit)", "edition": 2, "modified": "2021-03-31T00:00:00", "published": "2021-03-31T00:00:00", "id": "ELSA-2021-9140", "href": "http://linux.oracle.com/errata/ELSA-2021-9140.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-03-31T13:21:55", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-28660", "CVE-2020-27170", "CVE-2021-28038", "CVE-2021-3348", "CVE-2020-27171", "CVE-2021-3428"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2610-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nMarch 30, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux-4.19\nVersion : 4.19.181-1~deb9u1\nCVE ID : CVE-2020-27170 CVE-2020-27171 CVE-2021-3348 CVE-2021-3428 \n CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 \n CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660\nDebian Bug : 983595\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-27170, CVE-2020-27171\n\n Piotr Krysiuk discovered flaws in the BPF subsystem&#x27;s checks for\n information leaks through speculative execution. A local user\n could use these to obtain sensitive information from kernel\n memory.\n\nCVE-2021-3348\n\n ADlab of venustech discovered a race condition in the nbd block\n driver that can lead to a use-after-free. A local user with\n access to an nbd block device could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n\nCVE-2021-3428\n\n Wolfgang Frisch reported a potential integer overflow in the\n ext4 filesystem driver. A user permitted to mount arbitrary\n filesystem images could use this to cause a denial of service\n (crash).\n\nCVE-2021-26930 (XSA-365)\n\n Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan\n H. Sch\u00f6nherr discovered that the Xen block backend driver\n (xen-blkback) did not handle grant mapping errors correctly. A\n malicious guest could exploit this bug to cause a denial of\n service (crash), or possibly an information leak or privilege\n escalation, within the domain running the backend, which is\n typically dom0.\n\nCVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367)\n\n Jan Beulich discovered that the Xen support code and various Xen\n backend drivers did not handle grant mapping errors correctly. A\n malicious guest could exploit these bugs to cause a denial of\n service (crash) within the domain running the backend, which is\n typically dom0.\n\nCVE-2021-27363\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n properly restrict access to transport handle attributes in sysfs.\n On a system acting as an iSCSI initiator, this is an information\n leak to local users and makes it easier to exploit CVE-2021-27364.\n\nCVE-2021-27364\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n properly restrict access to its netlink management interface. On\n a system acting as an iSCSI initiator, a local user could use\n these to cause a denial of service (disconnection of storage) or\n possibly for privilege escalation.\n\nCVE-2021-27365\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n correctly limit the lengths of parameters or &quot;passthrough PDUs&quot;\n sent through its netlink management interface. On a system acting\n as an iSCSI initiator, a local user could use these to leak the\n contents of kernel memory, to cause a denial of service (kernel\n memory corruption or crash), and probably for privilege\n escalation.\n\nCVE-2021-28660\n\n It was discovered that the rtl8188eu WiFi driver did not correctly\n limit the length of SSIDs copied into scan results. An attacker\n within WiFi range could use this to cause a denial of service\n (crash or memory corruption) or possibly to execute code on a\n vulnerable system.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.181-1~deb9u1. This update additionally fixes Debian bug\n#983595, and includes many more bug fixes from stable updates\n4.19.172-4.19.181 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings\n[W]e found...that it wasn&#x27;t as easy to get programs right as we had\nthought. I realized that a large part of my life from then on was going\nto be spent in finding mistakes in my own programs.\n - Maurice Wilkes, 1949\n", "edition": 2, "modified": "2021-03-30T21:45:50", "published": "2021-03-30T21:45:50", "id": "DEBIAN:DLA-2610-1:A54F6", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202103/msg00035.html", "title": "[SECURITY] [DLA 2610-1] linux-4.19 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}