DATABASE RESOURCES PRICING ABOUT US

{"id": "USN-3361-1", "vendorId": null, "type": "ubuntu", "bulletinFamily": "unix", "title": "Linux kernel (HWE) vulnerabilities", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n\nUSN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. \nThis update provides the corresponding updates for the Linux Hardware \nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please \nnote that this update changes the Linux HWE kernel to the 4.10 based \nkernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from \nUbuntu 16.10.\n\nBen Harris discovered that the Linux kernel would strip extended privilege \nattributes of files when performing a failed unprivileged system call. A \nlocal attacker could use this to cause a denial of service. (CVE-2015-1350)\n\nRalf Spenneberg discovered that the ext4 implementation in the Linux kernel \ndid not properly validate meta block groups. An attacker with physical \naccess could use this to specially craft an ext4 image that causes a denial \nof service (system crash). (CVE-2016-10208)\n\nPeter Pi discovered that the colormap handling for frame buffer devices in \nthe Linux kernel contained an integer overflow. A local attacker could use \nthis to disclose sensitive information (kernel memory). (CVE-2016-8405)\n\nIt was discovered that an integer overflow existed in the InfiniBand RDMA \nover ethernet (RXE) transport implementation in the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-8636)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO \nPCI driver for the Linux kernel. A local attacker with access to a vfio PCI \ndevice file could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did \nnot properly perform reference counting in some situations. An unprivileged \nattacker could use this to cause a denial of service (system hang). \n(CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in \nsome situations did not prevent special internal keyrings from being joined \nby userspace keyrings. A privileged local attacker could use this to bypass \nmodule verification. (CVE-2016-9604)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet \ndiscovered that the netfiler subsystem in the Linux kernel mishandled IPv6 \npacket reassembly. A local user could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2016-9755)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in \nthe Linux kernel did not properly emulate instructions on the SS segment \nregister. A local attacker in a guest virtual machine could use this to \ncause a denial of service (guest OS crash) or possibly gain administrative \nprivileges in the guest OS. (CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \nimproperly emulated certain instructions. A local attacker could use this \nto obtain sensitive information (kernel memory). (CVE-2017-2584)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel \nimproperly emulated the VMXON instruction. A local attacker in a guest OS \ncould use this to cause a denial of service (memory consumption) in the \nhost OS. (CVE-2017-2596)\n\nIt was discovered that SELinux in the Linux kernel did not properly handle \nempty writes to /proc/pid/attr. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2017-2618)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping \nsocket implementation in the Linux kernel. A local privileged attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-2671)\n\nIt was discovered that the freelist-randomization in the SLAB memory \nallocator allowed duplicate freelist entries. A local attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-5546)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in \nthe Linux kernel did not properly initialize memory related to logging. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-5549)\n\nIt was discovered that a fencepost error existed in the pipe_advance() \nfunction in the Linux kernel. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2017-5550)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during \na setxattr call on a tmpfs filesystem. A local attacker could use this to \ngain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the \nVideoCore DRM driver of the Linux kernel. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-5576)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic \nRouting Encapsulation (GRE) tunneling implementation in the Linux kernel. \nAn attacker could use this to possibly expose sensitive information. \n(CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux \nkernel did not properly handle invalid IP options in some situations. An \nattacker could use this to cause a denial of service or possibly execute \narbitrary code. (CVE-2017-5970)\n\nDi Shen discovered that a race condition existed in the perf subsystem of \nthe Linux kernel. A local attacker could use this to cause a denial of \nservice or possibly gain administrative privileges. (CVE-2017-6001)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP \npackets with the URG flag. A remote attacker could use this to cause a \ndenial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did \nnot properly set up a destructor in certain situations. A local attacker \ncould use this to cause a denial of service (system crash). (CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling \ncode in the Linux kernel. A local attacker could use this to cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made \nimproper assumptions about internal data layout when performing checksums. \nA local attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (deadlock). (CVE-2017-6348)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux \nkernel contained a stack-based buffer overflow. A local attacker with \naccess to an sg device could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct \nRendering Manager (DRM) driver for VMWare devices in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2017-7261)\n\nIt was discovered that the USB Cypress HID drivers for the Linux kernel did \nnot properly validate reported information from the device. An attacker \nwith physical access could use this to expose sensitive information (kernel \nmemory). (CVE-2017-7273)\n\nEric Biggers discovered a memory leak in the keyring implementation in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(memory consumption). (CVE-2017-7472)\n\nIt was discovered that an information leak existed in the set_mempolicy and \nmbind compat syscalls in the Linux kernel. A local attacker could use this \nto expose sensitive information (kernel memory). (CVE-2017-7616)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) \nimplementation in the Linux kernel did not properly handle a full request \nqueue. A local attacker could use this to cause a denial of service \n(infinite recursion). (CVE-2017-7618)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly handle certain long \nRPC replies. A remote attacker could use this to cause a denial of service \n(system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport USB \nSerial Converter device driver of the Linux kernel. An attacker with \nphysical access could use this to expose sensitive information (kernel \nmemory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux \nkernel did not properly perform reference counting. A local attacker could \nuse this to cause a denial of service (tty exhaustion). (CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output \nof the print_bpf_insn function. A local attacker could use this to obtain \nsensitive address information. (CVE-2017-9150)\n", "published": "2017-07-21T00:00:00", "modified": "2017-07-21T00:00:00", "epss": [{"cve": "CVE-2017-5970", "epss": 0.00683, "percentile": 0.77706, "modified": "2023-12-06"}, {"cve": "CVE-2017-2584", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-9150", "epss": 0.00053, "percentile": 0.18704, "modified": "2023-12-06"}, {"cve": "CVE-2017-7616", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-6348", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-5897", "epss": 0.01336, "percentile": 0.84504, "modified": "2023-12-06"}, {"cve": "CVE-2017-8925", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-6345", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-7618", "epss": 0.00244, "percentile": 0.62117, "modified": "2023-12-06"}, {"cve": "CVE-2017-8924", "epss": 0.0006, "percentile": 0.23657, "modified": "2023-12-06"}, {"cve": "CVE-2017-7273", "epss": 0.00062, "percentile": 0.24893, "modified": "2023-12-06"}, {"cve": "CVE-2017-5576", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-6346", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2016-9084", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2016-8405", "epss": 0.00079, "percentile": 0.3296, "modified": "2023-12-06"}, {"cve": "CVE-2016-9191", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-7645", "epss": 0.16889, "percentile": 0.95523, "modified": "2023-12-06"}, {"cve": "CVE-2017-2596", "epss": 0.00062, "percentile": 0.24893, "modified": "2023-12-06"}, {"cve": "CVE-2016-9755", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-7895", "epss": 0.90467, "percentile": 0.98526, "modified": "2023-12-06"}, {"cve": "CVE-2017-5669", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2016-9083", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-7889", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2016-8636", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-2583", "epss": 0.00181, "percentile": 0.55124, "modified": "2023-12-06"}, {"cve": "CVE-2017-2618", "epss": 0.00062, "percentile": 0.24893, "modified": "2023-12-06"}, {"cve": "CVE-2017-7187", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2015-1350", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-2671", "epss": 0.00045, "percentile": 0.12615, "modified": "2023-12-06"}, {"cve": "CVE-2017-6001", "epss": 0.00107, "percentile": 0.43029, "modified": "2023-12-06"}, {"cve": "CVE-2016-10208", "epss": 0.00062, "percentile": 0.24893, "modified": "2023-12-06"}, {"cve": "CVE-2017-5551", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-5549", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2016-9604", "epss": 0.00062, "percentile": 0.2451, "modified": "2023-12-06"}, {"cve": "CVE-2017-6347", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-6214", "epss": 0.02496, "percentile": 0.88919, "modified": "2023-12-06"}, {"cve": "CVE-2017-7472", "epss": 0.00042, "percentile": 0.00446, "modified": "2023-12-06"}, {"cve": "CVE-2017-5546", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-7261", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}, {"cve": "CVE-2017-5550", "epss": 0.00042, "percentile": 0.05786, "modified": "2023-12-06"}], "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": true, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://ubuntu.com/security/notices/USN-3361-1", "reporter": "Ubuntu", "references": ["/security/CVE-2017-5549", "/security/CVE-2017-7618", "/security/CVE-2017-8924", "/security/CVE-2017-6346", "/security/CVE-2017-7273", "/security/CVE-2016-10208", "/security/CVE-2017-5576", "/security/CVE-2017-6001", "/security/CVE-2016-8405", "/security/CVE-2017-7616", "/security/CVE-2017-6345", "/security/CVE-2017-6348", "/security/CVE-2017-5551", "/security/CVE-2017-7472", "/security/CVE-2017-5550", "/security/CVE-2016-9604", "/security/CVE-2016-9191", "/security/CVE-2016-9755", "/security/CVE-2017-5546", "/security/CVE-2017-6347", "/security/CVE-2017-2618", "/security/CVE-2017-5970", "/security/CVE-2016-9084", "/security/CVE-2017-5669", "/security/CVE-2016-8636", "/security/CVE-2017-7261", "/security/CVE-2017-7895", "/security/CVE-2017-5897", "/security/CVE-2017-7187", "/security/CVE-2017-8925", "/security/CVE-2016-9083", "/security/CVE-2017-9150", "/security/CVE-2017-2671", "/security/CVE-2017-7645", "/security/CVE-2017-2584", "/security/CVE-2017-2583", "/security/CVE-2017-6214", "/security/CVE-2015-1350", "/security/CVE-2017-7889", "/security/CVE-2017-2596"], "cvelist": ["CVE-2015-1350", "CVE-2016-10208", "CVE-2016-8405", "CVE-2016-8636", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9191", "CVE-2016-9604", "CVE-2016-9755", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2618", "CVE-2017-2671", "CVE-2017-5546", "CVE-2017-5549", "CVE-2017-5550", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7472", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150"], "immutableFields": [], "lastseen": "2023-12-08T18:08:12", "viewCount": 41, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2016-772", "ALAS-2017-805", "ALAS-2017-811", "ALAS-2017-814", "ALAS-2017-828"]}, {"type": "androidsecurity", "idList": ["ANDROID:2016-12-01", "ANDROID:2017-07-01", "ANDROID:2017-09-01", "ANDROID:2017-10-01", "ANDROID:2017-11-01"]}, {"type": "archlinux", "idList": ["ASA-201701-32", "ASA-201701-35", "ASA-201701-38"]}, {"type": "avleonov", "idList": ["AVLEONOV:B1FBE34AF90D9EFE8FB00EA97D833417"]}, {"type": "centos", "idList": ["CESA-2017:0386", "CESA-2017:0817", "CESA-2017:0933", "CESA-2017:1308", "CESA-2017:1372", "CESA-2017:1615", "CESA-2017:1723", "CESA-2017:1842", "CESA-2018:0151", "CESA-2018:1319", "CESA-2018:1854"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:357A3D675E310E16A6C343FB03145CD4", "CFOUNDRY:4A4E5BB1A59DD906E5D792B48A62CB13", "CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "CFOUNDRY:DFAB11FD33D131C30AACDE9F4864FC0F", "CFOUNDRY:EA45FD03FD447E186F125FC46918DCD9", "CFOUNDRY:FC25CD097476B12ED115E08FD50F00D3"]}, {"type": "cloudlinux", "idList": ["CLSA-2022:1650576075"]}, {"type": "cve", "idList": ["CVE-2015-1350", "CVE-2016-10208", "CVE-2016-8405", "CVE-2016-8636", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9191", "CVE-2016-9604", "CVE-2016-9755", "CVE-2017-15649", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2618", "CVE-2017-2671", "CVE-2017-5546", "CVE-2017-5549", "CVE-2017-5550", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7472", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1099-1:57108", "DEBIAN:DLA-1200-1:A0B61", "DEBIAN:DLA-772-1:EB721", "DEBIAN:DLA-833-1:91DAA", "DEBIAN:DLA-849-1:12807", "DEBIAN:DLA-922-1:854C7", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DSA-3791-1:0D4D5", "DEBIAN:DSA-3791-1:AE0FD", "DEBIAN:DSA-3804-1:0976E", "DEBIAN:DSA-3804-1:E7F94", "DEBIAN:DSA-3886-1:89166", "DEBIAN:DSA-3886-1:F6458", "DEBIAN:DSA-3945-1:532A6", "DEBIAN:DSA-3945-1:A4CC7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-1350", "DEBIANCVE:CVE-2016-10208", "DEBIANCVE:CVE-2016-8405", "DEBIANCVE:CVE-2016-8636", "DEBIANCVE:CVE-2016-9083", "DEBIANCVE:CVE-2016-9084", "DEBIANCVE:CVE-2016-9191", "DEBIANCVE:CVE-2016-9604", "DEBIANCVE:CVE-2016-9755", "DEBIANCVE:CVE-2017-15649", "DEBIANCVE:CVE-2017-2583", "DEBIANCVE:CVE-2017-2584", "DEBIANCVE:CVE-2017-2596", "DEBIANCVE:CVE-2017-2618", "DEBIANCVE:CVE-2017-2671", "DEBIANCVE:CVE-2017-5546", "DEBIANCVE:CVE-2017-5549", "DEBIANCVE:CVE-2017-5550", "DEBIANCVE:CVE-2017-5551", "DEBIANCVE:CVE-2017-5576", "DEBIANCVE:CVE-2017-5669", "DEBIANCVE:CVE-2017-5897", "DEBIANCVE:CVE-2017-5970", "DEBIANCVE:CVE-2017-6001", "DEBIANCVE:CVE-2017-6214", "DEBIANCVE:CVE-2017-6345", "DEBIANCVE:CVE-2017-6346", "DEBIANCVE:CVE-2017-6347", "DEBIANCVE:CVE-2017-6348", "DEBIANCVE:CVE-2017-7187", "DEBIANCVE:CVE-2017-7261", "DEBIANCVE:CVE-2017-7273", "DEBIANCVE:CVE-2017-7472", "DEBIANCVE:CVE-2017-7616", "DEBIANCVE:CVE-2017-7618", "DEBIANCVE:CVE-2017-7645", "DEBIANCVE:CVE-2017-7889", "DEBIANCVE:CVE-2017-7895", "DEBIANCVE:CVE-2017-8924", "DEBIANCVE:CVE-2017-8925", "DEBIANCVE:CVE-2017-9150"]}, {"type": "exploitdb", "idList": ["EDB-ID:42136"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8A56E1C4D18EC6E5D9443B5BD5864C74"]}, {"type": "f5", "idList": ["F5:K08478022", "F5:K11023978", "F5:K15004519", "F5:K22012502", "F5:K24578092", "F5:K30737254", "F5:K31209433", "F5:K48281956", "F5:K60104355", "F5:K63771715", "F5:K80440915", "F5:K81172534", "F5:K81211720"]}, {"type": "fedora", "idList": ["FEDORA:042FF6294018", "FEDORA:0DC87601457E", "FEDORA:25B9E61491E0", "FEDORA:2AD3261A18E6", "FEDORA:2CC39660F53B", "FEDORA:3D3EF633571E", "FEDORA:3D4286087E43", "FEDORA:4BDD56194B95", "FEDORA:4E39C608F49D", "FEDORA:50F586057156", "FEDORA:5160A6047324", "FEDORA:553DD615C92C", "FEDORA:56CBF60C3443", "FEDORA:5931760652B6", "FEDORA:5E6FC604AF75", "FEDORA:65FAD61713B3", "FEDORA:76A6A60C79DB", "FEDORA:79A0B6175384", "FEDORA:804CC6092211", "FEDORA:8CDBE6067306", "FEDORA:A5F35607D661", "FEDORA:B872461491E6", "FEDORA:BE101604CBF2", "FEDORA:C44336087E4E", "FEDORA:C8F1260321CA", "FEDORA:CD2C9609392A", "FEDORA:D6CE3608F49C", "FEDORA:D89B960F8CA9", "FEDORA:D953C601BFE1", "FEDORA:E736B60877BC", "FEDORA:EEB386177DBB"]}, {"type": "ibm", "idList": ["091C926DD3372A48BCEFCA3A598C2A54BAEA4FF0AC1ADA170D539846CF9E0B12", "0D95BD029EF7D61B7C200E5DCF5114404F54883607A0E5A132C410EA37160E69", "1D8744BF536D5B133A0AEB6D2969DFF11DFBADCEF06C768998622BB424AF6C06", "289F46B747F4C8F26E8F8D17623E34EDE1DB7595184FCDCC87FEDCC356AC9965", "3225590ACA91E6DF0E178DA31C2E57BF8B7009899CBDD520B86DCF5F0582D254", "475B1D5AA0EDB6A4A0012EA2C2D64B9388A6ACC5779414E8E1A98AC9B641F6AF", "568AFE5262E7EC0E8EE6E14FF1C1D694651A8AE220CF4FA741D1505E390F16A1", "61EAA34D5E4645B71F124164E8135272DB3119CF3ABDC2864377B692FCF87527", "6B8D264C112CFCDDCE94E39A330DF7082557BFFF177349A0F825B791060643AF", "72A14F3E1A05E87987247C3A94DA37A971910E734C842EA2FD4E32CE8B24FCF5", "75F4CE8201FAA026B444CA3308E12CA9B1FBD302D6BDA963D3635F7318CA3ADB", "8A124739D0569E6C53A7C49B272231FD95577DB912C506F171888BA4DA4E27BE", "96B683CDF0F8F80CEAD97593A6461520A4EA4F7D0C5E1136D74257ADE7C15BD8", "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "AF6E3EC9D5A5C3CF688EF87142347E0688A4AE1CB6831F92326966B86BF2D9C1", "B13E9CABE04A3A8E052E5DD7075F194AB2BDBB1AA759BCA55EBEBB657F688C5F", "B6840CECFB480133167DC8D6DBBFA04BC02F46001609AF3201683057583646BD", "CD9B5BF488F3327F1A5D08B8A25E9EF90D7304376F44A16FB3F05E06566E80FF", "F3D623A09E7D0F54DD4072DEEB91BB4360FCB6F12BC404A385E6347E729DB982"]}, {"type": "lenovo", "idList": ["LENOVO:PS500321-NOSID"]}, {"type": "mageia", "idList": ["MGASA-2017-0063", "MGASA-2017-0064", "MGASA-2017-0065", "MGASA-2017-0088", "MGASA-2017-0089", "MGASA-2017-0090", "MGASA-2017-0136", "MGASA-2017-0147", "MGASA-2017-0148", "MGASA-2017-0149"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787550"]}, {"type": "nessus", "idList": ["ALA_ALAS-2016-772.NASL", "ALA_ALAS-2017-805.NASL", "ALA_ALAS-2017-811.NASL", "ALA_ALAS-2017-814.NASL", "ALA_ALAS-2017-828.NASL", "CENTOS_RHSA-2017-0386.NASL", "CENTOS_RHSA-2017-0933.NASL", "CENTOS_RHSA-2017-1308.NASL", "CENTOS_RHSA-2017-1372.NASL", "CENTOS_RHSA-2017-1615.NASL", "CENTOS_RHSA-2017-1723.NASL", "CENTOS_RHSA-2017-1842.NASL", "CENTOS_RHSA-2018-0151.NASL", "CENTOS_RHSA-2018-1319.NASL", "CENTOS_RHSA-2018-1854.NASL", "DEBIAN_DLA-1099.NASL", "DEBIAN_DLA-1200.NASL", "DEBIAN_DLA-772.NASL", "DEBIAN_DLA-833.NASL", "DEBIAN_DLA-849.NASL", "DEBIAN_DLA-922.NASL", "DEBIAN_DLA-993.NASL", "DEBIAN_DSA-3791.NASL", "DEBIAN_DSA-3804.NASL", "DEBIAN_DSA-3886.NASL", "DEBIAN_DSA-3945.NASL", "EULEROS_SA-2017-1056.NASL", "EULEROS_SA-2017-1057.NASL", "EULEROS_SA-2017-1071.NASL", "EULEROS_SA-2017-1072.NASL", "EULEROS_SA-2017-1122.NASL", "EULEROS_SA-2017-1123.NASL", "EULEROS_SA-2017-1159.NASL", "EULEROS_SA-2017-1271.NASL", "EULEROS_SA-2019-1062.NASL", "EULEROS_SA-2019-1450.NASL", "EULEROS_SA-2019-1471.NASL", "EULEROS_SA-2019-1472.NASL", "EULEROS_SA-2019-1476.NASL", "EULEROS_SA-2019-1478.NASL", "EULEROS_SA-2019-1482.NASL", "EULEROS_SA-2019-1484.NASL", "EULEROS_SA-2019-1486.NASL", "EULEROS_SA-2019-1491.NASL", "EULEROS_SA-2019-1496.NASL", "EULEROS_SA-2019-1502.NASL", "EULEROS_SA-2019-1503.NASL", "EULEROS_SA-2019-1504.NASL", "EULEROS_SA-2019-1506.NASL", "EULEROS_SA-2019-1508.NASL", "EULEROS_SA-2019-1516.NASL", "EULEROS_SA-2019-1517.NASL", "EULEROS_SA-2019-1518.NASL", "EULEROS_SA-2019-1519.NASL", "EULEROS_SA-2019-1521.NASL", "EULEROS_SA-2019-1522.NASL", "EULEROS_SA-2019-1524.NASL", "EULEROS_SA-2019-1525.NASL", "EULEROS_SA-2019-1530.NASL", "EULEROS_SA-2019-1532.NASL", "EULEROS_SA-2019-1533.NASL", "EULEROS_SA-2019-1536.NASL", "EULEROS_SA-2019-2274.NASL", "EULEROS_SA-2019-2353.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2019-2599.NASL", "EULEROS_SA-2019-2693.NASL", "EULEROS_SA-2020-1269.NASL", "EULEROS_SA-2021-2392.NASL", "F5_BIGIP_SOL11023978.NASL", "F5_BIGIP_SOL22012502.NASL", "F5_BIGIP_SOL24578092.NASL", "F5_BIGIP_SOL60104355.NASL", "F5_BIGIP_SOL80440915.NASL", "F5_BIGIP_SOL81211720.NASL", "FEDORA_2016-5EC2475E3F.NASL", "FEDORA_2016-96D276367E.NASL", "FEDORA_2016-9C17CB9648.NASL", "FEDORA_2016-BBE98C341C.NASL", "FEDORA_2016-EE3A114958.NASL", "FEDORA_2017-0054C7B1F0.NASL", "FEDORA_2017-02174DF32F.NASL", "FEDORA_2017-0AA0F69E0C.NASL", "FEDORA_2017-17D1C05236.NASL", "FEDORA_2017-18CE368BA3.NASL", "FEDORA_2017-26C9ECD7A4.NASL", "FEDORA_2017-2E1F3694B2.NASL", "FEDORA_2017-3456BA4C93.NASL", "FEDORA_2017-387FF46A66.NASL", "FEDORA_2017-392B319BB5.NASL", "FEDORA_2017-3A9EC92DD6.NASL", "FEDORA_2017-472052EBE5.NASL", "FEDORA_2017-502CF68D68.NASL", "FEDORA_2017-6CC158C193.NASL", "FEDORA_2017-7462231059.NASL", "FEDORA_2017-787BC0D5B4.NASL", "FEDORA_2017-81FBD592D4.NASL", "FEDORA_2017-8E7549FB91.NASL", "FEDORA_2017-92D84F68CF.NASL", "FEDORA_2017-93DEC9EBA5.NASL", "FEDORA_2017-AD045F80AC.NASL", "FEDORA_2017-AD67543FC5.NASL", "FEDORA_2017-B9B1AC0D15.NASL", "FEDORA_2017-D875AE8299.NASL", "FEDORA_2017-E6012E74B6.NASL", "FEDORA_2017-FB89CA752A.NASL", "NEWSTART_CGSL_NS-SA-2019-0014_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0099_KERNEL.NASL", "NEWSTART_CGSL_NS-SA-2019-0152_KERNEL.NASL", "OPENSUSE-2016-1426.NASL", "OPENSUSE-2016-1428.NASL", "OPENSUSE-2017-1194.NASL", "OPENSUSE-2017-1224.NASL", "OPENSUSE-2017-245.NASL", "OPENSUSE-2017-246.NASL", "OPENSUSE-2017-286.NASL", "OPENSUSE-2017-287.NASL", "OPENSUSE-2017-418.NASL", "OPENSUSE-2017-419.NASL", "OPENSUSE-2017-532.NASL", "OPENSUSE-2017-562.NASL", "OPENSUSE-2017-666.NASL", "ORACLELINUX_ELSA-2017-0386.NASL", "ORACLELINUX_ELSA-2017-03861.NASL", "ORACLELINUX_ELSA-2017-0817.NASL", "ORACLELINUX_ELSA-2017-0933-1.NASL", "ORACLELINUX_ELSA-2017-0933.NASL", "ORACLELINUX_ELSA-2017-09331.NASL", "ORACLELINUX_ELSA-2017-1308-1.NASL", "ORACLELINUX_ELSA-2017-1308.NASL", "ORACLELINUX_ELSA-2017-13081.NASL", "ORACLELINUX_ELSA-2017-1372.NASL", "ORACLELINUX_ELSA-2017-1615-1.NASL", "ORACLELINUX_ELSA-2017-1615.NASL", "ORACLELINUX_ELSA-2017-16151.NASL", "ORACLELINUX_ELSA-2017-1723.NASL", "ORACLELINUX_ELSA-2017-1842-1.NASL", "ORACLELINUX_ELSA-2017-1842.NASL", "ORACLELINUX_ELSA-2017-18421.NASL", "ORACLELINUX_ELSA-2017-2412.NASL", "ORACLELINUX_ELSA-2017-3514.NASL", "ORACLELINUX_ELSA-2017-3533.NASL", "ORACLELINUX_ELSA-2017-3534.NASL", "ORACLELINUX_ELSA-2017-3535.NASL", "ORACLELINUX_ELSA-2017-3539.NASL", "ORACLELINUX_ELSA-2017-3565.NASL", "ORACLELINUX_ELSA-2017-3566.NASL", "ORACLELINUX_ELSA-2017-3567.NASL", "ORACLELINUX_ELSA-2017-3576.NASL", "ORACLELINUX_ELSA-2017-3589.NASL", "ORACLELINUX_ELSA-2017-3590.NASL", "ORACLELINUX_ELSA-2017-3591.NASL", "ORACLELINUX_ELSA-2017-3595.NASL", "ORACLELINUX_ELSA-2017-3597.NASL", "ORACLELINUX_ELSA-2017-3605.NASL", "ORACLELINUX_ELSA-2017-3606.NASL", "ORACLELINUX_ELSA-2017-3607.NASL", "ORACLELINUX_ELSA-2017-3609.NASL", "ORACLELINUX_ELSA-2017-3635.NASL", "ORACLELINUX_ELSA-2017-3636.NASL", "ORACLELINUX_ELSA-2017-3640.NASL", "ORACLELINUX_ELSA-2017-3651.NASL", "ORACLELINUX_ELSA-2017-3657.NASL", "ORACLELINUX_ELSA-2017-3658.NASL", "ORACLELINUX_ELSA-2017-3659.NASL", "ORACLELINUX_ELSA-2018-0151.NASL", "ORACLELINUX_ELSA-2018-1319.NASL", "ORACLELINUX_ELSA-2018-1854.NASL", "ORACLELINUX_ELSA-2018-4071.NASL", "ORACLELINUX_ELSA-2018-4161.NASL", "ORACLELINUX_ELSA-2018-4164.NASL", "ORACLELINUX_ELSA-2018-4172.NASL", "ORACLELINUX_ELSA-2020-5671.NASL", "ORACLELINUX_ELSA-2020-5866.NASL", "ORACLELINUX_ELSA-2020-5879.NASL", "ORACLELINUX_ELSA-2020-5881.NASL", "ORACLELINUX_ELSA-2020-5936.NASL", "ORACLELINUX_ELSA-2022-9852.NASL", "ORACLELINUX_ELSA-2022-9969.NASL", "ORACLEVM_OVMSA-2017-0039.NASL", "ORACLEVM_OVMSA-2017-0056.NASL", "ORACLEVM_OVMSA-2017-0057.NASL", "ORACLEVM_OVMSA-2017-0058.NASL", "ORACLEVM_OVMSA-2017-0062.NASL", "ORACLEVM_OVMSA-2017-0104.NASL", "ORACLEVM_OVMSA-2017-0105.NASL", "ORACLEVM_OVMSA-2017-0106.NASL", "ORACLEVM_OVMSA-2017-0119.NASL", "ORACLEVM_OVMSA-2017-0120.NASL", "ORACLEVM_OVMSA-2017-0121.NASL", "ORACLEVM_OVMSA-2017-0126.NASL", "ORACLEVM_OVMSA-2017-0143.NASL", "ORACLEVM_OVMSA-2017-0144.NASL", "ORACLEVM_OVMSA-2017-0145.NASL", "ORACLEVM_OVMSA-2017-0167.NASL", "ORACLEVM_OVMSA-2017-0168.NASL", "ORACLEVM_OVMSA-2017-0169.NASL", "ORACLEVM_OVMSA-2017-0172.NASL", "ORACLEVM_OVMSA-2017-0173.NASL", "ORACLEVM_OVMSA-2017-0174.NASL", "ORACLEVM_OVMSA-2018-0015.NASL", "ORACLEVM_OVMSA-2018-0035.NASL", "ORACLEVM_OVMSA-2018-0236.NASL", "ORACLEVM_OVMSA-2018-0237.NASL", "ORACLEVM_OVMSA-2020-0044.NASL", "ORACLEVM_OVMSA-2022-0026.NASL", "PHOTONOS_PHSA-2016-0012.NASL", "PHOTONOS_PHSA-2016-0012_LINUX.NASL", "PHOTONOS_PHSA-2017-0008.NASL", "PHOTONOS_PHSA-2017-0011.NASL", "PHOTONOS_PHSA-2017-0011_LINUX.NASL", "PHOTONOS_PHSA-2017-0014.NASL", "PHOTONOS_PHSA-2017-0014_LINUX.NASL", "PHOTONOS_PHSA-2017-0015.NASL", "PHOTONOS_PHSA-2017-0015_LINUX.NASL", "PHOTONOS_PHSA-2017-0016.NASL", "PHOTONOS_PHSA-2017-0016_LINUX.NASL", "REDHAT-RHSA-2017-0386.NASL", "REDHAT-RHSA-2017-0387.NASL", "REDHAT-RHSA-2017-0817.NASL", "REDHAT-RHSA-2017-0931.NASL", "REDHAT-RHSA-2017-0932.NASL", "REDHAT-RHSA-2017-0933.NASL", "REDHAT-RHSA-2017-1297.NASL", "REDHAT-RHSA-2017-1298.NASL", "REDHAT-RHSA-2017-1308.NASL", "REDHAT-RHSA-2017-1372.NASL", "REDHAT-RHSA-2017-1615.NASL", "REDHAT-RHSA-2017-1616.NASL", "REDHAT-RHSA-2017-1647.NASL", "REDHAT-RHSA-2017-1715.NASL", "REDHAT-RHSA-2017-1723.NASL", "REDHAT-RHSA-2017-1766.NASL", "REDHAT-RHSA-2017-1798.NASL", "REDHAT-RHSA-2017-1842.NASL", "REDHAT-RHSA-2017-2077.NASL", "REDHAT-RHSA-2017-2412.NASL", "REDHAT-RHSA-2017-2428.NASL", "REDHAT-RHSA-2017-2429.NASL", "REDHAT-RHSA-2017-2669.NASL", "REDHAT-RHSA-2017-2732.NASL", "REDHAT-RHSA-2018-0151.NASL", "REDHAT-RHSA-2018-0152.NASL", "REDHAT-RHSA-2018-0181.NASL", "REDHAT-RHSA-2018-1319.NASL", "REDHAT-RHSA-2018-1854.NASL", "SL_20170302_KERNEL_ON_SL7_X.NASL", "SL_20170412_KERNEL_ON_SL7_X.NASL", "SL_20170525_KERNEL_ON_SL7_X.NASL", "SL_20170531_KERNEL_ON_SL6_X.NASL", "SL_20170628_KERNEL_ON_SL7_X.NASL", "SL_20170711_KERNEL_ON_SL6_X.NASL", "SL_20170801_KERNEL_ON_SL7_X.NASL", "SL_20180125_KERNEL_ON_SL7_X.NASL", "SL_20180508_KERNEL_ON_SL6_X.NASL", "SL_20180619_KERNEL_ON_SL6_X.NASL", "SUSE_SU-2017-0181-1.NASL", "SUSE_SU-2017-0333-1.NASL", "SUSE_SU-2017-0437-1.NASL", "SUSE_SU-2017-0464-1.NASL", "SUSE_SU-2017-0471-1.NASL", "SUSE_SU-2017-0494-1.NASL", "SUSE_SU-2017-0517-1.NASL", "SUSE_SU-2017-0575-1.NASL", "SUSE_SU-2017-0769-1.NASL", "SUSE_SU-2017-0770-1.NASL", "SUSE_SU-2017-0771-1.NASL", "SUSE_SU-2017-0772-1.NASL", "SUSE_SU-2017-0780-1.NASL", "SUSE_SU-2017-1183-1.NASL", "SUSE_SU-2017-1247-1.NASL", "SUSE_SU-2017-1281-1.NASL", "SUSE_SU-2017-1301-1.NASL", "SUSE_SU-2017-1360-1.NASL", "SUSE_SU-2017-1853-1.NASL", "SUSE_SU-2017-2049-1.NASL", "SUSE_SU-2017-2060-1.NASL", "SUSE_SU-2017-2061-1.NASL", "SUSE_SU-2017-2072-1.NASL", "SUSE_SU-2017-2073-1.NASL", "SUSE_SU-2017-2088-1.NASL", "SUSE_SU-2017-2091-1.NASL", "SUSE_SU-2017-2092-1.NASL", "SUSE_SU-2017-2093-1.NASL", "SUSE_SU-2017-2095-1.NASL", "SUSE_SU-2017-2096-1.NASL", "SUSE_SU-2017-2098-1.NASL", "SUSE_SU-2017-2099-1.NASL", "SUSE_SU-2017-2100-1.NASL", "SUSE_SU-2017-2102-1.NASL", "SUSE_SU-2017-2103-1.NASL", "SUSE_SU-2017-2389-1.NASL", "SUSE_SU-2017-2475-1.NASL", "SUSE_SU-2017-2476-1.NASL", "SUSE_SU-2017-2497-1.NASL", "SUSE_SU-2017-2525-1.NASL", "SUSE_SU-2017-2775-1.NASL", "SUSE_SU-2017-2847-1.NASL", "SUSE_SU-2017-2869-1.NASL", "SUSE_SU-2017-2908-1.NASL", "SUSE_SU-2017-2920-1.NASL", "SUSE_SU-2017-3103-1.NASL", "SUSE_SU-2017-3117-1.NASL", "SUSE_SU-2017-3118-1.NASL", "SUSE_SU-2017-3119-1.NASL", "SUSE_SU-2017-3123-1.NASL", "SUSE_SU-2017-3124-1.NASL", "SUSE_SU-2017-3125-1.NASL", "SUSE_SU-2017-3127-1.NASL", "SUSE_SU-2017-3130-1.NASL", "SUSE_SU-2017-3131-1.NASL", "SUSE_SU-2017-3132-1.NASL", "SUSE_SU-2017-3145-1.NASL", "SUSE_SU-2017-3146-1.NASL", "SUSE_SU-2017-3147-1.NASL", "SUSE_SU-2017-3148-1.NASL", "SUSE_SU-2017-3149-1.NASL", "SUSE_SU-2017-3150-1.NASL", "SUSE_SU-2017-3151-1.NASL", "SUSE_SU-2017-3152-1.NASL", "SUSE_SU-2017-3153-1.NASL", "SUSE_SU-2017-3154-1.NASL", "SUSE_SU-2017-3157-1.NASL", "SUSE_SU-2017-3158-1.NASL", "SUSE_SU-2017-3160-1.NASL", "SUSE_SU-2017-3315-1.NASL", "SUSE_SU-2018-0011-1.NASL", "SUSE_SU-2018-0040-1.NASL", "SUSE_SU-2018-0562-1.NASL", "SUSE_SU-2018-0664-1.NASL", "SUSE_SU-2018-2332-1.NASL", "SUSE_SU-2018-2366-1.NASL", "SUSE_SU-2018-3746-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "SUSE_SU-2019-13937-1.NASL", "UBUNTU_USN-3208-1.NASL", "UBUNTU_USN-3208-2.NASL", "UBUNTU_USN-3234-1.NASL", "UBUNTU_USN-3234-2.NASL", "UBUNTU_USN-3265-1.NASL", "UBUNTU_USN-3265-2.NASL", "UBUNTU_USN-3291-1.NASL", "UBUNTU_USN-3291-2.NASL", "UBUNTU_USN-3291-3.NASL", "UBUNTU_USN-3293-1.NASL", "UBUNTU_USN-3312-1.NASL", "UBUNTU_USN-3312-2.NASL", "UBUNTU_USN-3314-1.NASL", "UBUNTU_USN-3324-1.NASL", "UBUNTU_USN-3325-1.NASL", "UBUNTU_USN-3345-1.NASL", "UBUNTU_USN-3359-1.NASL", "UBUNTU_USN-3360-1.NASL", "UBUNTU_USN-3361-1.NASL", "UBUNTU_USN-3364-1.NASL", "UBUNTU_USN-3364-2.NASL", "UBUNTU_USN-3364-3.NASL", "UBUNTU_USN-3381-1.NASL", "UBUNTU_USN-3406-1.NASL", "UBUNTU_USN-3422-1.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-3754-1.NASL", "UBUNTU_USN-4904-1.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "VIRTUOZZO_VZA-2017-010.NASL", "VIRTUOZZO_VZA-2017-025.NASL", "VIRTUOZZO_VZA-2017-029.NASL", "VIRTUOZZO_VZA-2017-031.NASL", "VIRTUOZZO_VZA-2017-032.NASL", "VIRTUOZZO_VZA-2017-037.NASL", "VIRTUOZZO_VZA-2017-038.NASL", "VIRTUOZZO_VZA-2017-042.NASL", "VIRTUOZZO_VZA-2018-041.NASL", "VIRTUOZZO_VZLSA-2017-0386.NASL", "VIRTUOZZO_VZLSA-2017-0933.NASL", "VIRTUOZZO_VZLSA-2017-1308.NASL", "VIRTUOZZO_VZLSA-2017-1372.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703791", "OPENVAS:1361412562310703804", "OPENVAS:1361412562310703886", "OPENVAS:1361412562310703945", "OPENVAS:1361412562310810159", "OPENVAS:1361412562310810170", "OPENVAS:1361412562310843061", "OPENVAS:1361412562310843062", "OPENVAS:1361412562310843095", "OPENVAS:1361412562310843096", "OPENVAS:1361412562310843139", "OPENVAS:1361412562310843140", "OPENVAS:1361412562310843164", "OPENVAS:1361412562310843165", "OPENVAS:1361412562310843175", "OPENVAS:1361412562310843176", "OPENVAS:1361412562310843198", "OPENVAS:1361412562310843199", "OPENVAS:1361412562310843200", "OPENVAS:1361412562310843210", "OPENVAS:1361412562310843220", "OPENVAS:1361412562310843234", "OPENVAS:1361412562310843247", "OPENVAS:1361412562310843249", "OPENVAS:1361412562310843250", "OPENVAS:1361412562310843252", "OPENVAS:1361412562310843254", "OPENVAS:1361412562310843255", "OPENVAS:1361412562310843273", "OPENVAS:1361412562310843297", "OPENVAS:1361412562310843312", "OPENVAS:1361412562310843461", "OPENVAS:1361412562310843628", "OPENVAS:1361412562310851449", "OPENVAS:1361412562310851489", "OPENVAS:1361412562310851506", "OPENVAS:1361412562310851513", "OPENVAS:1361412562310851515", "OPENVAS:1361412562310851516", "OPENVAS:1361412562310851529", "OPENVAS:1361412562310851530", "OPENVAS:1361412562310851544", "OPENVAS:1361412562310851548", "OPENVAS:1361412562310851566", "OPENVAS:1361412562310851632", "OPENVAS:1361412562310851638", "OPENVAS:1361412562310871768", "OPENVAS:1361412562310871796", "OPENVAS:1361412562310871823", "OPENVAS:1361412562310871827", "OPENVAS:1361412562310871838", "OPENVAS:1361412562310871842", "OPENVAS:1361412562310871855", "OPENVAS:1361412562310872105", "OPENVAS:1361412562310872111", "OPENVAS:1361412562310872115", "OPENVAS:1361412562310872292", "OPENVAS:1361412562310872293", "OPENVAS:1361412562310872320", "OPENVAS:1361412562310872326", "OPENVAS:1361412562310872344", "OPENVAS:1361412562310872370", "OPENVAS:1361412562310872371", "OPENVAS:1361412562310872383", "OPENVAS:1361412562310872391", "OPENVAS:1361412562310872392", "OPENVAS:1361412562310872432", "OPENVAS:1361412562310872433", "OPENVAS:1361412562310872473", "OPENVAS:1361412562310872476", "OPENVAS:1361412562310872547", "OPENVAS:1361412562310872548", "OPENVAS:1361412562310872568", "OPENVAS:1361412562310872569", "OPENVAS:1361412562310872575", "OPENVAS:1361412562310872578", "OPENVAS:1361412562310872626", "OPENVAS:1361412562310872634", "OPENVAS:1361412562310872640", "OPENVAS:1361412562310872655", "OPENVAS:1361412562310872656", "OPENVAS:1361412562310882673", "OPENVAS:1361412562310882694", "OPENVAS:1361412562310882725", "OPENVAS:1361412562310882728", "OPENVAS:1361412562310882747", "OPENVAS:1361412562310882752", "OPENVAS:1361412562310882836", "OPENVAS:1361412562310882875", "OPENVAS:1361412562310890833", "OPENVAS:1361412562310890849", "OPENVAS:1361412562310890922", "OPENVAS:1361412562310891099", "OPENVAS:1361412562311220171056", "OPENVAS:1361412562311220171057", "OPENVAS:1361412562311220171071", "OPENVAS:1361412562311220171072", "OPENVAS:1361412562311220171122", "OPENVAS:1361412562311220171123", "OPENVAS:1361412562311220171159", "OPENVAS:1361412562311220171271", "OPENVAS:1361412562311220191062", "OPENVAS:1361412562311220191450", "OPENVAS:1361412562311220191471", "OPENVAS:1361412562311220191472", "OPENVAS:1361412562311220191476", "OPENVAS:1361412562311220191478", "OPENVAS:1361412562311220191482", "OPENVAS:1361412562311220191484", "OPENVAS:1361412562311220191486", "OPENVAS:1361412562311220191491", "OPENVAS:1361412562311220191496", "OPENVAS:1361412562311220191502", "OPENVAS:1361412562311220191503", "OPENVAS:1361412562311220191504", "OPENVAS:1361412562311220191506", "OPENVAS:1361412562311220191508", "OPENVAS:1361412562311220191516", "OPENVAS:1361412562311220191517", "OPENVAS:1361412562311220191518", "OPENVAS:1361412562311220191519", "OPENVAS:1361412562311220191521", "OPENVAS:1361412562311220191522", "OPENVAS:1361412562311220191524", "OPENVAS:1361412562311220191525", "OPENVAS:1361412562311220191530", "OPENVAS:1361412562311220191532", "OPENVAS:1361412562311220191533", "OPENVAS:1361412562311220191536", "OPENVAS:1361412562311220192274", "OPENVAS:1361412562311220192353", "OPENVAS:1361412562311220192531", "OPENVAS:1361412562311220192599", "OPENVAS:1361412562311220192693", "OPENVAS:1361412562311220201269", "OPENVAS:703791", "OPENVAS:703804", "OPENVAS:703886"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0386", "ELSA-2017-0386-1", "ELSA-2017-0933", "ELSA-2017-0933-1", "ELSA-2017-1308", "ELSA-2017-1308-1", "ELSA-2017-1372", "ELSA-2017-1615", "ELSA-2017-1615-1", "ELSA-2017-1723", "ELSA-2017-1842", "ELSA-2017-1842-1", "ELSA-2017-2412", "ELSA-2017-2801", "ELSA-2017-3514", "ELSA-2017-3533", "ELSA-2017-3534", "ELSA-2017-3535", "ELSA-2017-3539", "ELSA-2017-3565", "ELSA-2017-3566", "ELSA-2017-3567", "ELSA-2017-3576", "ELSA-2017-3589", "ELSA-2017-3590", "ELSA-2017-3591", "ELSA-2017-3595", "ELSA-2017-3597", "ELSA-2017-3605", "ELSA-2017-3606", "ELSA-2017-3607", "ELSA-2017-3609", "ELSA-2017-3635", "ELSA-2017-3636", "ELSA-2017-3640", "ELSA-2017-3651", "ELSA-2017-3657", "ELSA-2017-3658", "ELSA-2017-3659", "ELSA-2018-0151", "ELSA-2018-1319", "ELSA-2018-1854", "ELSA-2018-4021", "ELSA-2018-4071", "ELSA-2018-4161", "ELSA-2018-4164", "ELSA-2018-4172", "ELSA-2019-4702", "ELSA-2019-4732", "ELSA-2020-5671", "ELSA-2020-5866", "ELSA-2020-5879", "ELSA-2020-5881", "ELSA-2020-5936", "ELSA-2022-9852", "ELSA-2022-9969"]}, {"type": "osv", "idList": ["OSV:DLA-1099-1", "OSV:DLA-1200-1", "OSV:DLA-772-1", "OSV:DLA-833-1", "OSV:DLA-849-1", "OSV:DLA-922-1", "OSV:DLA-993-1", "OSV:DSA-3791-1", "OSV:DSA-3804-1", "OSV:DSA-3886-1", "OSV:DSA-3886-2", "OSV:DSA-3945-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142871", "PACKETSTORM:142872"]}, {"type": "photon", "idList": ["PHSA-2016-0012", "PHSA-2017-0011", "PHSA-2017-0014", "PHSA-2017-0015", "PHSA-2017-0026", "PHSA-2017-0035", "PHSA-2017-0038", "PHSA-2017-0040", "PHSA-2017-0091", "PHSA-2018-0031", "PHSA-2019-0122", "PHSA-2019-0178"]}, {"type": "prion", "idList": ["PRION:CVE-2015-1350", "PRION:CVE-2016-10208", "PRION:CVE-2016-8405", "PRION:CVE-2016-8636", "PRION:CVE-2016-9083", "PRION:CVE-2016-9084", "PRION:CVE-2016-9191", "PRION:CVE-2016-9604", "PRION:CVE-2016-9755", "PRION:CVE-2017-15649", "PRION:CVE-2017-2583", "PRION:CVE-2017-2584", "PRION:CVE-2017-2596", "PRION:CVE-2017-2618", "PRION:CVE-2017-2671", "PRION:CVE-2017-5546", "PRION:CVE-2017-5549", "PRION:CVE-2017-5550", "PRION:CVE-2017-5551", "PRION:CVE-2017-5576", "PRION:CVE-2017-5669", "PRION:CVE-2017-5897", "PRION:CVE-2017-5970", "PRION:CVE-2017-6001", "PRION:CVE-2017-6214", "PRION:CVE-2017-6345", "PRION:CVE-2017-6346", "PRION:CVE-2017-6347", "PRION:CVE-2017-6348", "PRION:CVE-2017-7187", "PRION:CVE-2017-7261", "PRION:CVE-2017-7273", "PRION:CVE-2017-7472", "PRION:CVE-2017-7616", "PRION:CVE-2017-7618", "PRION:CVE-2017-7645", "PRION:CVE-2017-7889", "PRION:CVE-2017-7895", "PRION:CVE-2017-8924", "PRION:CVE-2017-8925", "PRION:CVE-2017-9150"]}, {"type": "redhat", "idList": ["RHSA-2017:0386", "RHSA-2017:0387", "RHSA-2017:0817", "RHSA-2017:0931", "RHSA-2017:0932", "RHSA-2017:0933", "RHSA-2017:1297", "RHSA-2017:1298", "RHSA-2017:1308", "RHSA-2017:1372", "RHSA-2017:1615", "RHSA-2017:1616", "RHSA-2017:1647", "RHSA-2017:1715", "RHSA-2017:1723", "RHSA-2017:1766", "RHSA-2017:1798", "RHSA-2017:1842", "RHSA-2017:2077", "RHSA-2017:2412", "RHSA-2017:2428", "RHSA-2017:2429", "RHSA-2017:2472", "RHSA-2017:2669", "RHSA-2017:2732", "RHSA-2018:0151", "RHSA-2018:0152", "RHSA-2018:0181", "RHSA-2018:1319", "RHSA-2018:1854"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10208", "RH:CVE-2016-8405", "RH:CVE-2016-8636", "RH:CVE-2016-9191", "RH:CVE-2016-9604", "RH:CVE-2016-9755", "RH:CVE-2017-2583", "RH:CVE-2017-2584", "RH:CVE-2017-2596", "RH:CVE-2017-2618", "RH:CVE-2017-2671", "RH:CVE-2017-5546", "RH:CVE-2017-5549", "RH:CVE-2017-5550", "RH:CVE-2017-5551", "RH:CVE-2017-5576", "RH:CVE-2017-5669", "RH:CVE-2017-5897", "RH:CVE-2017-5970", "RH:CVE-2017-6001", "RH:CVE-2017-6214", "RH:CVE-2017-6345", "RH:CVE-2017-6346", "RH:CVE-2017-6347", "RH:CVE-2017-6348", "RH:CVE-2017-7187", "RH:CVE-2017-7261", "RH:CVE-2017-7273", "RH:CVE-2017-7472", "RH:CVE-2017-7616", "RH:CVE-2017-7618", "RH:CVE-2017-7645", "RH:CVE-2017-7889", "RH:CVE-2017-8924", "RH:CVE-2017-8925", "RH:CVE-2017-9150"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:3050-1", "OPENSUSE-SU-2016:3058-1", "OPENSUSE-SU-2017:0456-1", "OPENSUSE-SU-2017:0458-1", "OPENSUSE-SU-2017:0541-1", "OPENSUSE-SU-2017:0547-1", "OPENSUSE-SU-2017:0906-1", "OPENSUSE-SU-2017:0907-1", "OPENSUSE-SU-2017:1140-1", "OPENSUSE-SU-2017:1215-1", "OPENSUSE-SU-2017:1513-1", "OPENSUSE-SU-2017:2846-1", "OPENSUSE-SU-2017:2905-1", "SUSE-SU-2017:0181-1", "SUSE-SU-2017:0333-1", "SUSE-SU-2017:0407-1", "SUSE-SU-2017:0437-1", "SUSE-SU-2017:0464-1", "SUSE-SU-2017:0471-1", "SUSE-SU-2017:0494-1", "SUSE-SU-2017:0517-1", "SUSE-SU-2017:0575-1", "SUSE-SU-2017:0759-1", "SUSE-SU-2017:0760-1", "SUSE-SU-2017:0762-1", "SUSE-SU-2017:0763-1", "SUSE-SU-2017:0764-1", "SUSE-SU-2017:0766-1", "SUSE-SU-2017:0767-1", "SUSE-SU-2017:0768-1", "SUSE-SU-2017:0769-1", "SUSE-SU-2017:0770-1", "SUSE-SU-2017:0771-1", "SUSE-SU-2017:0772-1", "SUSE-SU-2017:0773-1", "SUSE-SU-2017:0774-1", "SUSE-SU-2017:0775-1", "SUSE-SU-2017:0776-1", "SUSE-SU-2017:0777-1", "SUSE-SU-2017:0778-1", "SUSE-SU-2017:0779-1", "SUSE-SU-2017:0780-1", "SUSE-SU-2017:0781-1", "SUSE-SU-2017:0786-1", "SUSE-SU-2017:1102-1", "SUSE-SU-2017:1183-1", "SUSE-SU-2017:1247-1", "SUSE-SU-2017:1281-1", "SUSE-SU-2017:1301-1", "SUSE-SU-2017:1360-1", "SUSE-SU-2017:1853-1", "SUSE-SU-2017:1990-1", "SUSE-SU-2017:2043-1", "SUSE-SU-2017:2046-1", "SUSE-SU-2017:2049-1", "SUSE-SU-2017:2060-1", "SUSE-SU-2017:2062-1", "SUSE-SU-2017:2064-1", "SUSE-SU-2017:2065-1", "SUSE-SU-2017:2066-1", "SUSE-SU-2017:2067-1", "SUSE-SU-2017:2070-1", "SUSE-SU-2017:2072-1", "SUSE-SU-2017:2088-1", "SUSE-SU-2017:2091-1", "SUSE-SU-2017:2092-1", "SUSE-SU-2017:2095-1", "SUSE-SU-2017:2096-1", "SUSE-SU-2017:2098-1", "SUSE-SU-2017:2099-1", "SUSE-SU-2017:2102-1", "SUSE-SU-2017:2103-1", "SUSE-SU-2017:2342-1", "SUSE-SU-2017:2389-1", "SUSE-SU-2017:2475-1", "SUSE-SU-2017:2476-1", "SUSE-SU-2017:2497-1", "SUSE-SU-2017:2525-1", "SUSE-SU-2017:2775-1", "SUSE-SU-2017:2847-1", "SUSE-SU-2017:2869-1", "SUSE-SU-2017:2908-1", "SUSE-SU-2017:2920-1", "SUSE-SU-2017:3072-1", "SUSE-SU-2017:3074-1", "SUSE-SU-2017:3076-1", "SUSE-SU-2017:3103-1", "SUSE-SU-2017:3116-1", "SUSE-SU-2017:3117-1", "SUSE-SU-2017:3118-1", "SUSE-SU-2017:3119-1", "SUSE-SU-2017:3120-1", "SUSE-SU-2017:3121-1", "SUSE-SU-2017:3122-1", "SUSE-SU-2017:3123-1", "SUSE-SU-2017:3124-1", "SUSE-SU-2017:3125-1", "SUSE-SU-2017:3126-1", "SUSE-SU-2017:3127-1", "SUSE-SU-2017:3128-1", "SUSE-SU-2017:3129-1", "SUSE-SU-2017:3130-1", "SUSE-SU-2017:3131-1", "SUSE-SU-2017:3132-1", "SUSE-SU-2017:3134-1", "SUSE-SU-2017:3136-1", "SUSE-SU-2017:3139-1", "SUSE-SU-2017:3145-1", "SUSE-SU-2017:3146-1", "SUSE-SU-2017:3147-1", "SUSE-SU-2017:3148-1", "SUSE-SU-2017:3149-1", "SUSE-SU-2017:3150-1", "SUSE-SU-2017:3151-1", "SUSE-SU-2017:3152-1", "SUSE-SU-2017:3153-1", "SUSE-SU-2017:3154-1", "SUSE-SU-2017:3156-1", "SUSE-SU-2017:3157-1", "SUSE-SU-2017:3158-1", "SUSE-SU-2017:3159-1", "SUSE-SU-2017:3160-1", "SUSE-SU-2017:3267-1", "SUSE-SU-2017:3315-1", "SUSE-SU-2018:0011-1", "SUSE-SU-2018:0040-1", "SUSE-SU-2018:0180-1", "SUSE-SU-2018:0562-1", "SUSE-SU-2018:0664-1"]}, {"type": "symantec", "idList": ["SMNTC-1404"]}, {"type": "ubuntu", "idList": ["USN-3208-1", "USN-3208-2", "USN-3234-1", "USN-3234-2", "USN-3265-1", "USN-3265-2", "USN-3291-1", "USN-3291-2", "USN-3291-3", "USN-3293-1", "USN-3312-1", "USN-3312-2", "USN-3314-1", "USN-3345-1", "USN-3359-1", "USN-3360-1", "USN-3360-2", "USN-3364-1", "USN-3364-2", "USN-3364-3", "USN-3381-1", "USN-3381-2", "USN-3406-1", "USN-3406-2", "USN-3422-1", "USN-3422-2", "USN-3583-1", "USN-3583-2", "USN-3754-1", "USN-4904-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-1350", "UB:CVE-2016-10208", "UB:CVE-2016-6786", "UB:CVE-2016-8405", "UB:CVE-2016-8636", "UB:CVE-2016-9083", "UB:CVE-2016-9084", "UB:CVE-2016-9191", "UB:CVE-2016-9604", "UB:CVE-2016-9755", "UB:CVE-2017-15649", "UB:CVE-2017-2583", "UB:CVE-2017-2584", "UB:CVE-2017-2596", "UB:CVE-2017-2618", "UB:CVE-2017-2671", "UB:CVE-2017-5546", "UB:CVE-2017-5549", "UB:CVE-2017-5550", "UB:CVE-2017-5551", "UB:CVE-2017-5576", "UB:CVE-2017-5669", "UB:CVE-2017-5897", "UB:CVE-2017-5970", "UB:CVE-2017-6001", "UB:CVE-2017-6214", "UB:CVE-2017-6345", "UB:CVE-2017-6346", "UB:CVE-2017-6347", "UB:CVE-2017-6348", "UB:CVE-2017-7187", "UB:CVE-2017-7261", "UB:CVE-2017-7273", "UB:CVE-2017-7472", "UB:CVE-2017-7616", "UB:CVE-2017-7618", "UB:CVE-2017-7645", "UB:CVE-2017-7889", "UB:CVE-2017-7895", "UB:CVE-2017-8924", "UB:CVE-2017-8925", "UB:CVE-2017-9150"]}, {"type": "veracode", "idList": ["VERACODE:12423", "VERACODE:12427", "VERACODE:12506", "VERACODE:17719", "VERACODE:17861", "VERACODE:18129", "VERACODE:18131", "VERACODE:18219", "VERACODE:18220", "VERACODE:18237", "VERACODE:18240", "VERACODE:18241", "VERACODE:18243", "VERACODE:18245", "VERACODE:18246", "VERACODE:18248", "VERACODE:18250", "VERACODE:18251", "VERACODE:18890"]}, {"type": "virtuozzo", "idList": ["VZA-2017-004", "VZA-2017-010", "VZA-2017-024", "VZA-2017-025", "VZA-2017-029", "VZA-2017-030", "VZA-2017-031", "VZA-2017-032", "VZA-2017-036", "VZA-2017-037", "VZA-2017-038", "VZA-2017-042", "VZA-2018-040", "VZA-2018-041"]}, {"type": "zdt", "idList": ["1337DAY-ID-27913", "1337DAY-ID-27914"]}]}, "score": {"value": 8.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2017-811", "ALAS-2017-814", "ALAS-2017-828"]}, {"type": "androidsecurity", "idList": ["ANDROID:2017-09-01"]}, {"type": "archlinux", "idList": ["ASA-201701-32", "ASA-201701-35"]}, {"type": "centos", "idList": ["CESA-2017:0933", "CESA-2017:1372", "CESA-2017:1615", "CESA-2017:1723"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:4A4E5BB1A59DD906E5D792B48A62CB13", "CFOUNDRY:59BA3F002F833C86F9D716E2A3575DCB", "CFOUNDRY:DFAB11FD33D131C30AACDE9F4864FC0F", "CFOUNDRY:FC25CD097476B12ED115E08FD50F00D3"]}, {"type": "cve", "idList": ["CVE-2015-1350", "CVE-2016-10208", "CVE-2017-2583", "CVE-2017-2596", "CVE-2017-2671", "CVE-2017-5546", "CVE-2017-5549", "CVE-2017-5550", "CVE-2017-5576", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7472", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-7889", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1099-1:57108", "DEBIAN:DLA-1200-1:A0B61", "DEBIAN:DLA-849-1:12807", "DEBIAN:DLA-993-1:71AF5", "DEBIAN:DSA-3791-1:AE0FD", "DEBIAN:DSA-3804-1:E7F94", "DEBIAN:DSA-3886-1:F6458", "DEBIAN:DSA-3945-1:532A6"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-1350", "DEBIANCVE:CVE-2016-10208", "DEBIANCVE:CVE-2016-8405", "DEBIANCVE:CVE-2016-8636", "DEBIANCVE:CVE-2016-9083", "DEBIANCVE:CVE-2016-9084", "DEBIANCVE:CVE-2016-9191", "DEBIANCVE:CVE-2016-9604", "DEBIANCVE:CVE-2016-9755", "DEBIANCVE:CVE-2017-2583", "DEBIANCVE:CVE-2017-2584", "DEBIANCVE:CVE-2017-2596", "DEBIANCVE:CVE-2017-2618", "DEBIANCVE:CVE-2017-2671", "DEBIANCVE:CVE-2017-5546", "DEBIANCVE:CVE-2017-5549", "DEBIANCVE:CVE-2017-5550", "DEBIANCVE:CVE-2017-5551", "DEBIANCVE:CVE-2017-5576", "DEBIANCVE:CVE-2017-5669", "DEBIANCVE:CVE-2017-5897", "DEBIANCVE:CVE-2017-5970", "DEBIANCVE:CVE-2017-6001", "DEBIANCVE:CVE-2017-6214", "DEBIANCVE:CVE-2017-6345", "DEBIANCVE:CVE-2017-6346", "DEBIANCVE:CVE-2017-6347", "DEBIANCVE:CVE-2017-6348", "DEBIANCVE:CVE-2017-7187", "DEBIANCVE:CVE-2017-7261", "DEBIANCVE:CVE-2017-7273", "DEBIANCVE:CVE-2017-7472", "DEBIANCVE:CVE-2017-7616", "DEBIANCVE:CVE-2017-7618", "DEBIANCVE:CVE-2017-7645", "DEBIANCVE:CVE-2017-7889", "DEBIANCVE:CVE-2017-7895", "DEBIANCVE:CVE-2017-8924", "DEBIANCVE:CVE-2017-8925", "DEBIANCVE:CVE-2017-9150"]}, {"type": "exploitdb", "idList": ["EDB-ID:42136"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:8A56E1C4D18EC6E5D9443B5BD5864C74"]}, {"type": "f5", "idList": ["F5:K11023978", "F5:K31209433", "F5:K63771715", "F5:K81211720"]}, {"type": "fedora", "idList": ["FEDORA:042FF6294018", "FEDORA:0DC87601457E", "FEDORA:25B9E61491E0", "FEDORA:2AD3261A18E6", "FEDORA:2CC39660F53B", "FEDORA:3D3EF633571E", "FEDORA:4BDD56194B95", "FEDORA:4E39C608F49D", "FEDORA:50F586057156", "FEDORA:553DD615C92C", "FEDORA:56CBF60C3443", "FEDORA:5931760652B6", "FEDORA:5E6FC604AF75", "FEDORA:65FAD61713B3", "FEDORA:76A6A60C79DB", "FEDORA:79A0B6175384", "FEDORA:804CC6092211", "FEDORA:8CDBE6067306", "FEDORA:A5F35607D661", "FEDORA:B872461491E6", "FEDORA:BE101604CBF2", "FEDORA:C44336087E4E", "FEDORA:C8F1260321CA", "FEDORA:D6CE3608F49C", "FEDORA:D953C601BFE1", "FEDORA:E736B60877BC", "FEDORA:EEB386177DBB"]}, {"type": "ibm", "idList": ["475B1D5AA0EDB6A4A0012EA2C2D64B9388A6ACC5779414E8E1A98AC9B641F6AF", "6B8D264C112CFCDDCE94E39A330DF7082557BFFF177349A0F825B791060643AF"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-CVE-2017-5669/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2016-9604/", "MSF:ILITIES/HUAWEI-EULEROS-2_0_SP1-CVE-2017-5669/"]}, {"type": "myhack58", "idList": ["MYHACK58:62201787550"]}, {"type": "nessus", "idList": ["ALA_ALAS-2017-811.NASL", "CENTOS_RHSA-2017-0933.NASL", "CENTOS_RHSA-2017-1372.NASL", "CENTOS_RHSA-2017-1615.NASL", "DEBIAN_DLA-849.NASL", "DEBIAN_DLA-993.NASL", "DEBIAN_DSA-3791.NASL", "DEBIAN_DSA-3804.NASL", "DEBIAN_DSA-3886.NASL", "FEDORA_2016-96D276367E.NASL", "FEDORA_2017-0054C7B1F0.NASL", "FEDORA_2017-02174DF32F.NASL", "FEDORA_2017-2E1F3694B2.NASL", "FEDORA_2017-387FF46A66.NASL", "FEDORA_2017-392B319BB5.NASL", "FEDORA_2017-3A9EC92DD6.NASL", "FEDORA_2017-472052EBE5.NASL", "FEDORA_2017-502CF68D68.NASL", "FEDORA_2017-6CC158C193.NASL", "FEDORA_2017-787BC0D5B4.NASL", "FEDORA_2017-81FBD592D4.NASL", "FEDORA_2017-92D84F68CF.NASL", "FEDORA_2017-93DEC9EBA5.NASL", "FEDORA_2017-AD67543FC5.NASL", "FEDORA_2017-D875AE8299.NASL", "FEDORA_2017-FB89CA752A.NASL", "OPENSUSE-2017-286.NASL", "OPENSUSE-2017-287.NASL", "OPENSUSE-2017-666.NASL", "ORACLELINUX_ELSA-2017-0933-1.NASL", "ORACLELINUX_ELSA-2017-0933.NASL", "ORACLELINUX_ELSA-2017-1372.NASL", "ORACLELINUX_ELSA-2017-1615-1.NASL", "ORACLELINUX_ELSA-2017-1615.NASL", "ORACLELINUX_ELSA-2017-3565.NASL", "ORACLELINUX_ELSA-2017-3576.NASL", "ORACLEVM_OVMSA-2017-0104.NASL", "REDHAT-RHSA-2017-0931.NASL", "REDHAT-RHSA-2017-0932.NASL", "REDHAT-RHSA-2017-0933.NASL", "REDHAT-RHSA-2017-1372.NASL", "REDHAT-RHSA-2017-1615.NASL", "REDHAT-RHSA-2017-1616.NASL", "REDHAT-RHSA-2017-1647.NASL", "SL_20170412_KERNEL_ON_SL7_X.NASL", "SL_20170531_KERNEL_ON_SL6_X.NASL", "SL_20170628_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2017-0517-1.NASL", "SUSE_SU-2017-0769-1.NASL", "SUSE_SU-2017-0770-1.NASL", "SUSE_SU-2017-0771-1.NASL", "SUSE_SU-2017-0772-1.NASL", "SUSE_SU-2017-0780-1.NASL", "SUSE_SU-2017-1281-1.NASL", "SUSE_SU-2018-0040-1.NASL", "SUSE_SU-2019-1287-1.NASL", "SUSE_SU-2019-1289-1.NASL", "UBUNTU_USN-3208-1.NASL", "UBUNTU_USN-3208-2.NASL", "UBUNTU_USN-3234-1.NASL", "UBUNTU_USN-3234-2.NASL", "UBUNTU_USN-3291-1.NASL", "UBUNTU_USN-3291-2.NASL", "UBUNTU_USN-3291-3.NASL", "UBUNTU_USN-3293-1.NASL", "UBUNTU_USN-3314-1.NASL", "UBUNTU_USN-3324-1.NASL", "UBUNTU_USN-3325-1.NASL", "UBUNTU_USN-3345-1.NASL", "UBUNTU_USN-3583-1.NASL", "UBUNTU_USN-4904-1.NASL", "VIRTUOZZO_VZA-2017-004.NASL", "VIRTUOZZO_VZA-2017-010.NASL", "VIRTUOZZO_VZA-2017-037.NASL", "VIRTUOZZO_VZA-2017-038.NASL", "VIRTUOZZO_VZA-2017-042.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843461", "OPENVAS:1361412562310872105", "OPENVAS:1361412562310872111", "OPENVAS:1361412562310872115", "OPENVAS:1361412562310891099"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-0933", "ELSA-2017-0933-1", "ELSA-2017-1372", "ELSA-2017-1615", "ELSA-2017-1615-1", "ELSA-2017-2801", "ELSA-2017-3565", "ELSA-2017-3576", "ELSA-2017-3589", "ELSA-2017-3591"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:142871", "PACKETSTORM:142872"]}, {"type": "photon", "idList": ["PHSA-2017-0014", "PHSA-2017-0026", "PHSA-2017-0035", "PHSA-2017-0038", "PHSA-2017-0040"]}, {"type": "redhat", "idList": ["RHSA-2017:0931", "RHSA-2017:0932", "RHSA-2017:1615", "RHSA-2017:1616", "RHSA-2017:1647"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-10208", "RH:CVE-2016-8405", "RH:CVE-2016-8636", "RH:CVE-2016-9191", "RH:CVE-2016-9604", "RH:CVE-2016-9755", "RH:CVE-2017-2583", "RH:CVE-2017-2584", "RH:CVE-2017-2596", "RH:CVE-2017-2618", "RH:CVE-2017-2671", "RH:CVE-2017-5546", "RH:CVE-2017-5549", "RH:CVE-2017-5550", "RH:CVE-2017-5576", "RH:CVE-2017-5669", "RH:CVE-2017-5897", "RH:CVE-2017-5970", "RH:CVE-2017-6001", "RH:CVE-2017-6214", "RH:CVE-2017-6345", "RH:CVE-2017-6346", "RH:CVE-2017-6347", "RH:CVE-2017-6348", "RH:CVE-2017-7187", "RH:CVE-2017-7261", "RH:CVE-2017-7273", "RH:CVE-2017-7472", "RH:CVE-2017-7616", "RH:CVE-2017-7618", "RH:CVE-2017-7645", "RH:CVE-2017-7889", "RH:CVE-2017-8924", "RH:CVE-2017-8925", "RH:CVE-2017-9150"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0541-1", "OPENSUSE-SU-2017:0547-1", "OPENSUSE-SU-2017:1513-1", "SUSE-SU-2017:0517-1", "SUSE-SU-2017:0759-1", "SUSE-SU-2017:0760-1", "SUSE-SU-2017:0762-1", "SUSE-SU-2017:0763-1", "SUSE-SU-2017:0764-1", "SUSE-SU-2017:0766-1", "SUSE-SU-2017:0767-1", "SUSE-SU-2017:0768-1", "SUSE-SU-2017:0769-1", "SUSE-SU-2017:0770-1", "SUSE-SU-2017:0771-1", "SUSE-SU-2017:0772-1", "SUSE-SU-2017:0773-1", "SUSE-SU-2017:0774-1", "SUSE-SU-2017:0775-1", "SUSE-SU-2017:0776-1", "SUSE-SU-2017:0777-1", "SUSE-SU-2017:0778-1", "SUSE-SU-2017:0779-1", "SUSE-SU-2017:0780-1", "SUSE-SU-2017:0781-1", "SUSE-SU-2017:0786-1", "SUSE-SU-2017:1281-1", "SUSE-SU-2018:0040-1", "SUSE-SU-2018:0562-1"]}, {"type": "symantec", "idList": ["SMNTC-1404"]}, {"type": "ubuntu", "idList": ["USN-3208-2", "USN-3265-2", "USN-3291-1", "USN-3291-3", "USN-3314-1", "USN-3381-1", "USN-3381-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-10208", "UB:CVE-2016-8405", "UB:CVE-2016-8636", "UB:CVE-2016-9191", "UB:CVE-2016-9604", "UB:CVE-2016-9755", "UB:CVE-2017-2583", "UB:CVE-2017-2584", "UB:CVE-2017-2596", "UB:CVE-2017-2618", "UB:CVE-2017-2671", "UB:CVE-2017-5546", "UB:CVE-2017-5549", "UB:CVE-2017-5550", "UB:CVE-2017-5576", "UB:CVE-2017-5669", "UB:CVE-2017-5897", "UB:CVE-2017-5970", "UB:CVE-2017-6001", "UB:CVE-2017-6214", "UB:CVE-2017-6345", "UB:CVE-2017-6346", "UB:CVE-2017-6347", "UB:CVE-2017-6348", "UB:CVE-2017-7187", "UB:CVE-2017-7261", "UB:CVE-2017-7273", "UB:CVE-2017-7472", "UB:CVE-2017-7616", "UB:CVE-2017-7618", "UB:CVE-2017-7645", "UB:CVE-2017-7889", "UB:CVE-2017-7895", "UB:CVE-2017-8924", "UB:CVE-2017-8925", "UB:CVE-2017-9150"]}, {"type": "virtuozzo", "idList": ["VZA-2017-004", "VZA-2017-010", "VZA-2017-029", "VZA-2017-030", "VZA-2017-031", "VZA-2017-032", "VZA-2017-036", "VZA-2017-037", "VZA-2017-038", "VZA-2017-042"]}, {"type": "zdt", "idList": ["1337DAY-ID-27913"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2015-1350", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2016-10208", "epss": 0.00062, "percentile": 0.24601, "modified": "2023-05-07"}, {"cve": "CVE-2016-8405", "epss": 0.00079, "percentile": 0.3242, "modified": "2023-05-07"}, {"cve": "CVE-2016-8636", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2016-9083", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2016-9084", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2016-9191", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2016-9604", "epss": 0.00049, "percentile": 0.15306, "modified": "2023-05-07"}, {"cve": "CVE-2016-9755", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-2583", "epss": 0.00181, "percentile": 0.53791, "modified": "2023-05-07"}, {"cve": "CVE-2017-2584", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-2596", "epss": 0.00062, "percentile": 0.24601, "modified": "2023-05-07"}, {"cve": "CVE-2017-2618", "epss": 0.00045, "percentile": 0.12277, "modified": "2023-05-07"}, {"cve": "CVE-2017-2671", "epss": 0.00045, "percentile": 0.1248, "modified": "2023-05-07"}, {"cve": "CVE-2017-5546", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-5549", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-5550", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-5551", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-5576", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-5669", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-5897", "epss": 0.02027, "percentile": 0.87204, "modified": "2023-05-07"}, {"cve": "CVE-2017-5970", "epss": 0.00663, "percentile": 0.7665, "modified": "2023-05-07"}, {"cve": "CVE-2017-6001", "epss": 0.00107, "percentile": 0.42096, "modified": "2023-05-07"}, {"cve": "CVE-2017-6214", "epss": 0.02496, "percentile": 0.88487, "modified": "2023-05-07"}, {"cve": "CVE-2017-6345", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-6346", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-6347", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-6348", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-7187", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-7261", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-7273", "epss": 0.00062, "percentile": 0.24601, "modified": "2023-05-07"}, {"cve": "CVE-2017-7472", "epss": 0.00043, "percentile": 0.07494, "modified": "2023-05-07"}, {"cve": "CVE-2017-7616", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-7618", "epss": 0.00186, "percentile": 0.54351, "modified": "2023-05-07"}, {"cve": "CVE-2017-7645", "epss": 0.13403, "percentile": 0.94712, "modified": "2023-05-07"}, {"cve": "CVE-2017-7889", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-7895", "epss": 0.92105, "percentile": 0.98424, "modified": "2023-05-07"}, {"cve": "CVE-2017-8924", "epss": 0.00064, "percentile": 0.26025, "modified": "2023-05-07"}, {"cve": "CVE-2017-8925", "epss": 0.00042, "percentile": 0.05667, "modified": "2023-05-07"}, {"cve": "CVE-2017-9150", "epss": 0.00076, "percentile": 0.30866, "modified": "2023-05-07"}], "vulnersScore": 8.7}, "_state": {"dependencies": 1702058947, "score": 1702058956, "epss": 0}, "_internal": {"score_hash": "83bebca27f7fadb4f06d813cd91664e3"}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-4.10.0-27-generic"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "block-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "crypto-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "fat-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "fb-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "firewire-core-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "floppy-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "fs-core-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "fs-secondary-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "input-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "ipmi-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "irda-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "kernel-image-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-cloud-tools-4.10.0-27-generic"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-cloud-tools-4.10.0-27-lowlatency"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-headers-4.10.0-27"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-headers-4.10.0-27-generic"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-headers-4.10.0-27-lowlatency"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-cloud-tools-4.10.0-27"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-cloud-tools-4.10.0-27-dbgsym"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-tools-4.10.0-27"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-tools-4.10.0-27-dbgsym"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-hwe-udebs-generic"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-4.10.0-27-generic-dbgsym"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-4.10.0-27-lowlatency"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-4.10.0-27-lowlatency-dbgsym"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-extra-4.10.0-27-generic"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-source-4.10.0"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-tools-4.10.0-27-generic"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-tools-4.10.0-27-lowlatency"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "md-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "message-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "mouse-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "multipath-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "nfs-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "nic-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "nic-pcmcia-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "nic-shared-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "nic-usb-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "parport-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "pata-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "pcmcia-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "pcmcia-storage-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "plip-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "ppp-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "sata-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "scsi-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "serial-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "storage-core-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "usb-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "virtio-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "vlan-modules-4.10.0-27-generic-di"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "packageVersion": "4.10.0-27.30~16.04.2", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "linux-image-4.10.0-27-generic-lpae"}]}

{"nessus": [{"lastseen": "2023-12-08T14:57:40", "description": "USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please note that this update changes the Linux HWE kernel to the 4.10 based kernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from Ubuntu 16.10.\n\nBen Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. (CVE-2015-1350)\n\nRalf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208)\n\nPeter Pi discovered that the colormap handling for frame buffer devices in the Linux kernel contained an integer overflow. A local attacker could use this to disclose sensitive information (kernel memory). (CVE-2016-8405)\n\nIt was discovered that an integer overflow existed in the InfiniBand RDMA over ethernet (RXE) transport implementation in the Linux kernel.\nA local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-8636)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-9755)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS.\n(CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory).\n(CVE-2017-2584)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596)\n\nIt was discovered that SELinux in the Linux kernel did not properly handle empty writes to /proc/pid/attr. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2618)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nIt was discovered that the freelist-randomization in the SLAB memory allocator allowed duplicate freelist entries. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5546)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549)\n\nIt was discovered that a fencepost error existed in the pipe_advance() function in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5550)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the VideoCore DRM driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-5576)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)\n\nDi Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261)\n\nIt was discovered that the USB Cypress HID drivers for the Linux kernel did not properly validate reported information from the device.\nAn attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-7273)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nIt was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport USB Serial Converter device driver of the Linux kernel. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux kernel did not properly perform reference counting. A local attacker could use this to cause a denial of service (tty exhaustion).\n(CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-24T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3361-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1350", "CVE-2016-10208", "CVE-2016-8405", "CVE-2016-8636", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9191", "CVE-2016-9604", "CVE-2016-9755", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2618", "CVE-2017-2671", "CVE-2017-5546", "CVE-2017-5549", "CVE-2017-5550", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7472", "CVE-2017-7616", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150"], "modified": "2023-10-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-lowlatency", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts"], "id": "UBUNTU_USN-3361-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101929", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3361-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101929);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2015-1350\",\n \"CVE-2016-10208\",\n \"CVE-2016-8405\",\n \"CVE-2016-8636\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9191\",\n \"CVE-2016-9604\",\n \"CVE-2016-9755\",\n \"CVE-2017-2583\",\n \"CVE-2017-2584\",\n \"CVE-2017-2596\",\n \"CVE-2017-2618\",\n \"CVE-2017-2671\",\n \"CVE-2017-5546\",\n \"CVE-2017-5549\",\n \"CVE-2017-5550\",\n \"CVE-2017-5551\",\n \"CVE-2017-5576\",\n \"CVE-2017-5669\",\n \"CVE-2017-5897\",\n \"CVE-2017-5970\",\n \"CVE-2017-6001\",\n \"CVE-2017-6214\",\n \"CVE-2017-6345\",\n \"CVE-2017-6346\",\n \"CVE-2017-6347\",\n \"CVE-2017-6348\",\n \"CVE-2017-7187\",\n \"CVE-2017-7261\",\n \"CVE-2017-7273\",\n \"CVE-2017-7472\",\n \"CVE-2017-7616\",\n \"CVE-2017-7618\",\n \"CVE-2017-7645\",\n \"CVE-2017-7889\",\n \"CVE-2017-7895\",\n \"CVE-2017-8924\",\n \"CVE-2017-8925\",\n \"CVE-2017-9150\"\n );\n script_xref(name:\"USN\", value:\"3361-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3361-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-3358-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Please\nnote that this update changes the Linux HWE kernel to the 4.10 based\nkernel from Ubuntu 17.04, superseding the 4.8 based HWE kernel from\nUbuntu 16.10.\n\nBen Harris discovered that the Linux kernel would strip extended\nprivilege attributes of files when performing a failed unprivileged\nsystem call. A local attacker could use this to cause a denial of\nservice. (CVE-2015-1350)\n\nRalf Spenneberg discovered that the ext4 implementation in the Linux\nkernel did not properly validate meta block groups. An attacker with\nphysical access could use this to specially craft an ext4 image that\ncauses a denial of service (system crash). (CVE-2016-10208)\n\nPeter Pi discovered that the colormap handling for frame buffer\ndevices in the Linux kernel contained an integer overflow. A local\nattacker could use this to disclose sensitive information (kernel\nmemory). (CVE-2016-8405)\n\nIt was discovered that an integer overflow existed in the InfiniBand\nRDMA over ethernet (RXE) transport implementation in the Linux kernel.\nA local attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2016-8636)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the\nVFIO PCI driver for the Linux kernel. A local attacker with access to\na vfio PCI device file could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-9083,\nCVE-2016-9084)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel\ndid not properly perform reference counting in some situations. An\nunprivileged attacker could use this to cause a denial of service\n(system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel\nin some situations did not prevent special internal keyrings from\nbeing joined by userspace keyrings. A privileged local attacker could\nuse this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet\ndiscovered that the netfiler subsystem in the Linux kernel mishandled\nIPv6 packet reassembly. A local user could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2016-9755)\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM\nimplementation in the Linux kernel did not properly emulate\ninstructions on the SS segment register. A local attacker in a guest\nvirtual machine could use this to cause a denial of service (guest OS\ncrash) or possibly gain administrative privileges in the guest OS.\n(CVE-2017-2583)\n\nDmitry Vyukov discovered that the KVM implementation in the Linux\nkernel improperly emulated certain instructions. A local attacker\ncould use this to obtain sensitive information (kernel memory).\n(CVE-2017-2584)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel\nimproperly emulated the VMXON instruction. A local attacker in a guest\nOS could use this to cause a denial of service (memory consumption) in\nthe host OS. (CVE-2017-2596)\n\nIt was discovered that SELinux in the Linux kernel did not properly\nhandle empty writes to /proc/pid/attr. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2017-2618)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping\nsocket implementation in the Linux kernel. A local privileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nIt was discovered that the freelist-randomization in the SLAB memory\nallocator allowed duplicate freelist entries. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2017-5546)\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver\nin the Linux kernel did not properly initialize memory related to\nlogging. A local attacker could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-5549)\n\nIt was discovered that a fencepost error existed in the pipe_advance()\nfunction in the Linux kernel. A local attacker could use this to\nexpose sensitive information (kernel memory). (CVE-2017-5550)\n\nIt was discovered that the Linux kernel did not clear the setgid bit\nduring a setxattr call on a tmpfs filesystem. A local attacker could\nuse this to gain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the\nVideoCore DRM driver of the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-5576)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel\ndid not properly restrict mapping page zero. A local privileged\nattacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6\nGeneric Routing Encapsulation (GRE) tunneling implementation in the\nLinux kernel. An attacker could use this to possibly expose sensitive\ninformation. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-5970)\n\nDi Shen discovered that a race condition existed in the perf subsystem\nof the Linux kernel. A local attacker could use this to cause a denial\nof service or possibly gain administrative privileges. (CVE-2017-6001)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle\nTCP packets with the URG flag. A remote attacker could use this to\ncause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel\ndid not properly set up a destructor in certain situations. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET\nhandling code in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made\nimproper assumptions about internal data layout when performing\nchecksums. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA)\nsubsystem in the Linux kernel. A local attacker could use this to\ncause a denial of service (deadlock). (CVE-2017-6348)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the\nLinux kernel contained a stack-based buffer overflow. A local attacker\nwith access to an sg device could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the\nDirect Rendering Manager (DRM) driver for VMware devices in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-7261)\n\nIt was discovered that the USB Cypress HID drivers for the Linux\nkernel did not properly validate reported information from the device.\nAn attacker with physical access could use this to expose sensitive\ninformation (kernel memory). (CVE-2017-7273)\n\nEric Biggers discovered a memory leak in the keyring implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-7472)\n\nIt was discovered that an information leak existed in the\nset_mempolicy and mbind compat syscalls in the Linux kernel. A local\nattacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-7616)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash\n(ahash) implementation in the Linux kernel did not properly handle a\nfull request queue. A local attacker could use this to cause a denial\nof service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly handle\ncertain long RPC replies. A remote attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in\nthe Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM\nprotection mechanism. A local attacker with access to /dev/mem could\nuse this to expose sensitive information or possibly execute arbitrary\ncode. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly check for\nthe end of buffer. A remote attacker could use this to craft requests\nthat cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport\nUSB Serial Converter device driver of the Linux kernel. An attacker\nwith physical access could use this to expose sensitive information\n(kernel memory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the\nLinux kernel did not properly perform reference counting. A local\nattacker could use this to cause a denial of service (tty exhaustion).\n(CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3361-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10.0-27-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.10.0': {\n 'generic': '4.10.0-27',\n 'generic-lpae': '4.10.0-27',\n 'lowlatency': '4.10.0-27'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3361-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2015-1350', 'CVE-2016-8405', 'CVE-2016-8636', 'CVE-2016-9083', 'CVE-2016-9084', 'CVE-2016-9191', 'CVE-2016-9604', 'CVE-2016-9755', 'CVE-2016-10208', 'CVE-2017-2583', 'CVE-2017-2584', 'CVE-2017-2596', 'CVE-2017-2618', 'CVE-2017-2671', 'CVE-2017-5546', 'CVE-2017-5549', 'CVE-2017-5550', 'CVE-2017-5551', 'CVE-2017-5576', 'CVE-2017-5669', 'CVE-2017-5897', 'CVE-2017-5970', 'CVE-2017-6001', 'CVE-2017-6214', 'CVE-2017-6345', 'CVE-2017-6346', 'CVE-2017-6347', 'CVE-2017-6348', 'CVE-2017-7187', 'CVE-2017-7261', 'CVE-2017-7273', 'CVE-2017-7472', 'CVE-2017-7616', 'CVE-2017-7618', 'CVE-2017-7645', 'CVE-2017-7889', 'CVE-2017-7895', 'CVE-2017-8924', 'CVE-2017-8925', 'CVE-2017-9150');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3361-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:56:50", "description": "USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nIt was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. (CVE-2016-7917)\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632)\n\nIt was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nDi Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)\n\nIt was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-7913)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-07T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3312-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7913", "CVE-2016-7917", "CVE-2016-8632", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9604", "CVE-2017-2596", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7472", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-3312-2.NASL", "href": "https://www.tenable.com/plugins/nessus/100665", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3312-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100665);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2016-7913\",\n \"CVE-2016-7917\",\n \"CVE-2016-8632\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9604\",\n \"CVE-2017-2596\",\n \"CVE-2017-2671\",\n \"CVE-2017-6001\",\n \"CVE-2017-7472\",\n \"CVE-2017-7618\",\n \"CVE-2017-7645\",\n \"CVE-2017-7889\",\n \"CVE-2017-7895\"\n );\n script_xref(name:\"USN\", value:\"3312-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3312-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-3312-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that the netfilter netlink implementation in the\nLinux kernel did not properly validate batch messages. A local\nattacker with the CAP_NET_ADMIN capability could use this to expose\nsensitive information or cause a denial of service. (CVE-2016-7917)\n\nQian Zhang discovered a heap-based buffer overflow in the\ntipc_msg_build() function in the Linux kernel. A local attacker could\nuse to cause a denial of service (system crash) or possibly execute\narbitrary code with administrative privileges. (CVE-2016-8632)\n\nIt was discovered that the keyring implementation in the Linux kernel\nin some situations did not prevent special internal keyrings from\nbeing joined by userspace keyrings. A privileged local attacker could\nuse this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel\nimproperly emulated the VMXON instruction. A local attacker in a guest\nOS could use this to cause a denial of service (memory consumption) in\nthe host OS. (CVE-2017-2596)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping\nsocket implementation in the Linux kernel. A local privileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nDi Shen discovered that a race condition existed in the perf subsystem\nof the Linux kernel. A local attacker could use this to cause a denial\nof service or possibly gain administrative privileges. (CVE-2017-6001)\n\nEric Biggers discovered a memory leak in the keyring implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash\n(ahash) implementation in the Linux kernel did not properly handle a\nfull request queue. A local attacker could use this to cause a denial\nof service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly handle\ncertain long RPC replies. A remote attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in\nthe Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM\nprotection mechanism. A local attacker with access to /dev/mem could\nuse this to expose sensitive information or possibly execute arbitrary\ncode. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly check for\nthe end of buffer. A remote attacker could use this to craft requests\nthat cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7895)\n\nIt was discovered that a use-after-free vulnerability existed in the\ndevice driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2016-7913)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the\nVFIO PCI driver for the Linux kernel. A local attacker with access to\na vfio PCI device file could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-9083,\nCVE-2016-9084).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3312-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '14.04': {\n '4.4.0': {\n 'generic': '4.4.0-79',\n 'generic-lpae': '4.4.0-79',\n 'lowlatency': '4.4.0-79',\n 'powerpc-e500mc': '4.4.0-79',\n 'powerpc-smp': '4.4.0-79',\n 'powerpc64-emb': '4.4.0-79',\n 'powerpc64-smp': '4.4.0-79'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3312-2');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2016-7913', 'CVE-2016-7917', 'CVE-2016-8632', 'CVE-2016-9083', 'CVE-2016-9084', 'CVE-2016-9604', 'CVE-2017-2596', 'CVE-2017-2671', 'CVE-2017-6001', 'CVE-2017-7472', 'CVE-2017-7618', 'CVE-2017-7645', 'CVE-2017-7889', 'CVE-2017-7895');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3312-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:56:15", "description": "It was discovered that the netfilter netlink implementation in the Linux kernel did not properly validate batch messages. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information or cause a denial of service. (CVE-2016-7917)\n\nQian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632)\n\nIt was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nDi Shen discovered that a race condition existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service or possibly gain administrative privileges. (CVE-2017-6001)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)\n\nIt was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-7913)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-07T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3312-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7913", "CVE-2016-7917", "CVE-2016-8632", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9604", "CVE-2017-2596", "CVE-2017-2671", "CVE-2017-6001", "CVE-2017-7472", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1014-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1018-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1057-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1059-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts"], "id": "UBUNTU_USN-3312-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100664", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3312-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100664);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2016-7913\",\n \"CVE-2016-7917\",\n \"CVE-2016-8632\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9604\",\n \"CVE-2017-2596\",\n \"CVE-2017-2671\",\n \"CVE-2017-6001\",\n \"CVE-2017-7472\",\n \"CVE-2017-7618\",\n \"CVE-2017-7645\",\n \"CVE-2017-7889\",\n \"CVE-2017-7895\"\n );\n script_xref(name:\"USN\", value:\"3312-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3312-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that the netfilter netlink implementation in the\nLinux kernel did not properly validate batch messages. A local\nattacker with the CAP_NET_ADMIN capability could use this to expose\nsensitive information or cause a denial of service. (CVE-2016-7917)\n\nQian Zhang discovered a heap-based buffer overflow in the\ntipc_msg_build() function in the Linux kernel. A local attacker could\nuse to cause a denial of service (system crash) or possibly execute\narbitrary code with administrative privileges. (CVE-2016-8632)\n\nIt was discovered that the keyring implementation in the Linux kernel\nin some situations did not prevent special internal keyrings from\nbeing joined by userspace keyrings. A privileged local attacker could\nuse this to bypass module verification. (CVE-2016-9604)\n\nDmitry Vyukov discovered that KVM implementation in the Linux kernel\nimproperly emulated the VMXON instruction. A local attacker in a guest\nOS could use this to cause a denial of service (memory consumption) in\nthe host OS. (CVE-2017-2596)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping\nsocket implementation in the Linux kernel. A local privileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nDi Shen discovered that a race condition existed in the perf subsystem\nof the Linux kernel. A local attacker could use this to cause a denial\nof service or possibly gain administrative privileges. (CVE-2017-6001)\n\nEric Biggers discovered a memory leak in the keyring implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash\n(ahash) implementation in the Linux kernel did not properly handle a\nfull request queue. A local attacker could use this to cause a denial\nof service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly handle\ncertain long RPC replies. A remote attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in\nthe Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM\nprotection mechanism. A local attacker with access to /dev/mem could\nuse this to expose sensitive information or possibly execute arbitrary\ncode. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly check for\nthe end of buffer. A remote attacker could use this to craft requests\nthat cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7895)\n\nIt was discovered that a use-after-free vulnerability existed in the\ndevice driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A\nlocal attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2016-7913)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the\nVFIO PCI driver for the Linux kernel. A local attacker with access to\na vfio PCI device file could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-9083,\nCVE-2016-9084).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3312-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1014-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1018-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1057-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1059-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-79-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-79',\n 'generic-lpae': '4.4.0-79',\n 'lowlatency': '4.4.0-79',\n 'powerpc-e500mc': '4.4.0-79',\n 'powerpc-smp': '4.4.0-79',\n 'powerpc64-emb': '4.4.0-79',\n 'powerpc64-smp': '4.4.0-79',\n 'gke': '4.4.0-1014',\n 'aws': '4.4.0-1018',\n 'raspi2': '4.4.0-1057',\n 'snapdragon': '4.4.0-1059'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3312-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2016-7913', 'CVE-2016-7917', 'CVE-2016-8632', 'CVE-2016-9083', 'CVE-2016-9084', 'CVE-2016-9604', 'CVE-2017-2596', 'CVE-2017-2671', 'CVE-2017-6001', 'CVE-2017-7472', 'CVE-2017-7618', 'CVE-2017-7645', 'CVE-2017-7889', 'CVE-2017-7895');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3312-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:50:32", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.\n\n - CVE-2016-6786 / CVE-2016-6787 It was discovered that the performance events subsystem does not properly manage locks during certain migrations, allowing a local attacker to escalate privileges. This can be mitigated by disabling unprivileged use of performance events:sysctl kernel.perf_event_paranoid=3\n\n - CVE-2016-8405 Peter Pi of Trend Micro discovered that the frame buffer video subsystem does not properly check bounds while copying color maps to userspace, causing a heap buffer out-of-bounds read, leading to information disclosure.\n\n - CVE-2016-9191 CAI Qian discovered that reference counting is not properly handled within proc_sys_readdir in the sysctl implementation, allowing a local denial of service (system hang) or possibly privilege escalation.\n\n - CVE-2017-2583 Xiaohan Zhang reported that KVM for amd64 does not correctly emulate loading of a null stack selector. This can be used by a user in a guest VM for denial of service (on an Intel CPU) or to escalate privileges within the VM (on an AMD CPU).\n\n - CVE-2017-2584 Dmitry Vyukov reported that KVM for x86 does not correctly emulate memory access by the SGDT and SIDT instructions, which can result in a use-after-free and information leak.\n\n - CVE-2017-2596 Dmitry Vyukov reported that KVM leaks page references when emulating a VMON for a nested hypervisor. This can be used by a privileged user in a guest VM for denial of service or possibly to gain privileges in the host.\n\n - CVE-2017-2618 It was discovered that an off-by-one in the handling of SELinux attributes in /proc/pid/attr could result in local denial of service.\n\n - CVE-2017-5549 It was discovered that the KLSI KL5KUSB105 serial USB device driver could log the contents of uninitialised kernel memory, resulting in an information leak.\n\n - CVE-2017-5551 Jan Kara found that changing the POSIX ACL of a file on tmpfs never cleared its set-group-ID flag, which should be done if the user changing it is not a member of the group-owner. In some cases, this would allow the user-owner of an executable to gain the privileges of the group-owner.\n\n - CVE-2017-5897 Andrey Konovalov discovered an out-of-bounds read flaw in the ip6gre_err function in the IPv6 networking code.\n\n - CVE-2017-5970 Andrey Konovalov discovered a denial-of-service flaw in the IPv4 networking code. This can be triggered by a local or remote attacker if a local UDP or raw socket has the IP_RETOPTS option enabled.\n\n - CVE-2017-6001 Di Shen discovered a race condition between concurrent calls to the performance events subsystem, allowing a local attacker to escalate privileges. This flaw exists because of an incomplete fix of CVE-2016-6786. This can be mitigated by disabling unprivileged use of performance events: sysctl kernel.perf_event_paranoid=3\n\n - CVE-2017-6074 Andrey Konovalov discovered a use-after-free vulnerability in the DCCP networking code, which could result in denial of service or local privilege escalation. On systems that do not already have the dccp module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-dccp.conf install dccp false", "cvss3": {}, "published": "2017-02-24T00:00:00", "type": "nessus", "title": "Debian DSA-3791-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-6786", "CVE-2016-6787", "CVE-2016-8405", "CVE-2016-9191", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2618", "CVE-2017-5549", "CVE-2017-5551", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-6001", "CVE-2017-6074"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3791.NASL", "href": "https://www.tenable.com/plugins/nessus/97357", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3791. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97357);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-6786\", \"CVE-2016-6787\", \"CVE-2016-8405\", \"CVE-2016-9191\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2618\", \"CVE-2017-5549\", \"CVE-2017-5551\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-6001\", \"CVE-2017-6074\");\n script_xref(name:\"DSA\", value:\"3791\");\n\n script_name(english:\"Debian DSA-3791-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\n - CVE-2016-6786 / CVE-2016-6787\n It was discovered that the performance events subsystem\n does not properly manage locks during certain\n migrations, allowing a local attacker to escalate\n privileges. This can be mitigated by disabling\n unprivileged use of performance events:sysctl\n kernel.perf_event_paranoid=3\n\n - CVE-2016-8405\n Peter Pi of Trend Micro discovered that the frame buffer\n video subsystem does not properly check bounds while\n copying color maps to userspace, causing a heap buffer\n out-of-bounds read, leading to information disclosure.\n\n - CVE-2016-9191\n CAI Qian discovered that reference counting is not\n properly handled within proc_sys_readdir in the sysctl\n implementation, allowing a local denial of service\n (system hang) or possibly privilege escalation.\n\n - CVE-2017-2583\n Xiaohan Zhang reported that KVM for amd64 does not\n correctly emulate loading of a null stack selector. This\n can be used by a user in a guest VM for denial of\n service (on an Intel CPU) or to escalate privileges\n within the VM (on an AMD CPU).\n\n - CVE-2017-2584\n Dmitry Vyukov reported that KVM for x86 does not\n correctly emulate memory access by the SGDT and SIDT\n instructions, which can result in a use-after-free and\n information leak.\n\n - CVE-2017-2596\n Dmitry Vyukov reported that KVM leaks page references\n when emulating a VMON for a nested hypervisor. This can\n be used by a privileged user in a guest VM for denial of\n service or possibly to gain privileges in the host.\n\n - CVE-2017-2618\n It was discovered that an off-by-one in the handling of\n SELinux attributes in /proc/pid/attr could result in\n local denial of service.\n\n - CVE-2017-5549\n It was discovered that the KLSI KL5KUSB105 serial USB\n device driver could log the contents of uninitialised\n kernel memory, resulting in an information leak.\n\n - CVE-2017-5551\n Jan Kara found that changing the POSIX ACL of a file on\n tmpfs never cleared its set-group-ID flag, which should\n be done if the user changing it is not a member of the\n group-owner. In some cases, this would allow the\n user-owner of an executable to gain the privileges of\n the group-owner.\n\n - CVE-2017-5897\n Andrey Konovalov discovered an out-of-bounds read flaw\n in the ip6gre_err function in the IPv6 networking code.\n\n - CVE-2017-5970\n Andrey Konovalov discovered a denial-of-service flaw in\n the IPv4 networking code. This can be triggered by a\n local or remote attacker if a local UDP or raw socket\n has the IP_RETOPTS option enabled.\n\n - CVE-2017-6001\n Di Shen discovered a race condition between concurrent\n calls to the performance events subsystem, allowing a\n local attacker to escalate privileges. This flaw exists\n because of an incomplete fix of CVE-2016-6786. This can\n be mitigated by disabling unprivileged use of\n performance events: sysctl kernel.perf_event_paranoid=3\n\n - CVE-2017-6074\n Andrey Konovalov discovered a use-after-free\n vulnerability in the DCCP networking code, which could\n result in denial of service or local privilege\n escalation. On systems that do not already have the dccp\n module loaded, this can be mitigated by disabling\n it:echo >> /etc/modprobe.d/disable-dccp.conf install\n dccp false\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-6786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-6787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-8405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-9191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-2583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-2584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-2596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-2618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-6786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3791\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.39-1+deb8u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.39-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:50", "description": "It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-25T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3265-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7374"], "modified": "2023-10-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1012-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1016-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1054-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1057-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic-lpae"], "id": "UBUNTU_USN-3265-1.NASL", "href": "https://www.tenable.com/plugins/nessus/99657", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3265-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99657);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2017-5669\",\n \"CVE-2017-5897\",\n \"CVE-2017-5970\",\n \"CVE-2017-5986\",\n \"CVE-2017-6214\",\n \"CVE-2017-6345\",\n \"CVE-2017-6346\",\n \"CVE-2017-6347\",\n \"CVE-2017-6348\",\n \"CVE-2017-7374\"\n );\n script_xref(name:\"USN\", value:\"3265-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3265-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6\nGeneric Routing Encapsulation (GRE) tunneling implementation in the\nLinux kernel. An attacker could use this to possibly expose sensitive\ninformation. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel\ndid not properly restrict mapping page zero. A local privileged\nattacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle\nTCP packets with the URG flag. A remote attacker could use this to\ncause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel\ndid not properly set up a destructor in certain situations. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET\nhandling code in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made\nimproper assumptions about internal data layout when performing\nchecksums. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA)\nsubsystem in the Linux kernel. A local attacker could use this to\ncause a denial of service (deadlock). (CVE-2017-6348).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3265-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1012-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1016-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1054-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1057-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-75',\n 'generic-lpae': '4.4.0-75',\n 'lowlatency': '4.4.0-75',\n 'powerpc-e500mc': '4.4.0-75',\n 'powerpc-smp': '4.4.0-75',\n 'powerpc64-emb': '4.4.0-75',\n 'powerpc64-smp': '4.4.0-75',\n 'gke': '4.4.0-1012',\n 'aws': '4.4.0-1016',\n 'raspi2': '4.4.0-1054',\n 'snapdragon': '4.4.0-1057'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3265-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2017-5669', 'CVE-2017-5897', 'CVE-2017-5970', 'CVE-2017-5986', 'CVE-2017-6214', 'CVE-2017-6345', 'CVE-2017-6346', 'CVE-2017-6347', 'CVE-2017-6348', 'CVE-2017-7374');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3265-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:58", "description": "USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nIt was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-04-25T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3265-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-7374"], "modified": "2023-10-23T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-3265-2.NASL", "href": "https://www.tenable.com/plugins/nessus/99658", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3265-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99658);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2017-5669\",\n \"CVE-2017-5897\",\n \"CVE-2017-5970\",\n \"CVE-2017-5986\",\n \"CVE-2017-6214\",\n \"CVE-2017-6345\",\n \"CVE-2017-6346\",\n \"CVE-2017-6347\",\n \"CVE-2017-6348\",\n \"CVE-2017-7374\"\n );\n script_xref(name:\"USN\", value:\"3265-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3265-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nIt was discovered that a use-after-free flaw existed in the filesystem\nencryption subsystem in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash). (CVE-2017-7374)\n\nAndrey Konovalov discovered an out-of-bounds access in the IPv6\nGeneric Routing Encapsulation (GRE) tunneling implementation in the\nLinux kernel. An attacker could use this to possibly expose sensitive\ninformation. (CVE-2017-5897)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-5970)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel\ndid not properly restrict mapping page zero. A local privileged\nattacker could use this to execute arbitrary code. (CVE-2017-5669)\n\nAlexander Popov discovered that a race condition existed in the Stream\nControl Transmission Protocol (SCTP) implementation in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-5986)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle\nTCP packets with the URG flag. A remote attacker could use this to\ncause a denial of service. (CVE-2017-6214)\n\nAndrey Konovalov discovered that the LLC subsytem in the Linux kernel\ndid not properly set up a destructor in certain situations. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-6345)\n\nIt was discovered that a race condition existed in the AF_PACKET\nhandling code in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-6346)\n\nAndrey Konovalov discovered that the IP layer in the Linux kernel made\nimproper assumptions about internal data layout when performing\nchecksums. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-6347)\n\nDmitry Vyukov discovered race conditions in the Infrared (IrDA)\nsubsystem in the Linux kernel. A local attacker could use this to\ncause a denial of service (deadlock). (CVE-2017-6348).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3265-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-5897\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-75-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '14.04': {\n '4.4.0': {\n 'generic': '4.4.0-75',\n 'generic-lpae': '4.4.0-75',\n 'lowlatency': '4.4.0-75',\n 'powerpc-e500mc': '4.4.0-75',\n 'powerpc-smp': '4.4.0-75',\n 'powerpc64-emb': '4.4.0-75',\n 'powerpc64-smp': '4.4.0-75'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3265-2');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2017-5669', 'CVE-2017-5897', 'CVE-2017-5970', 'CVE-2017-5986', 'CVE-2017-6214', 'CVE-2017-6345', 'CVE-2017-6346', 'CVE-2017-6347', 'CVE-2017-6348', 'CVE-2017-7374');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3265-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:03:42", "description": "It was discovered that the Linux kernel did not properly initialize a Wake- on-Lan data structure. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2014-9900)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet discovered that the netfiler subsystem in the Linux kernel mishandled IPv6 packet reassembly. A local user could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2016-9755)\n\nAlexander Potapenko discovered a race condition in the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-1000380)\n\nIt was discovered that the Linux kernel did not clear the setgid bit during a setxattr call on a tmpfs filesystem. A local attacker could use this to gain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the VideoCore DRM driver of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-5576)\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly validate some ioctl arguments. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-7346)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport USB Serial Converter device driver of the Linux kernel. An attacker with physical access could use this to expose sensitive information (kernel memory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux kernel did not properly perform reference counting. A local attacker could use this to cause a denial of service (tty exhaustion).\n(CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the output of the print_bpf_insn function. A local attacker could use this to obtain sensitive address information. (CVE-2017-9150)\n\nMurray McAllister discovered that the DRM driver for VMware Virtual GPUs in the Linux kernel did not properly initialize memory. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-9605).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-07-21T00:00:00", "type": "nessus", "title": "Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3359-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9900", "CVE-2016-9755", "CVE-2017-1000380", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-7346", "CVE-2017-7895", "CVE-2017-8924", "CVE-2017-8925", "CVE-2017-9150", "CVE-2017-9605"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:16.10"], "id": "UBUNTU_USN-3359-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101894", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3359-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101894);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2014-9900\", \"CVE-2016-9755\", \"CVE-2017-1000380\", \"CVE-2017-5551\", \"CVE-2017-5576\", \"CVE-2017-7346\", \"CVE-2017-7895\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9150\", \"CVE-2017-9605\");\n script_xref(name:\"USN\", value:\"3359-1\");\n\n script_name(english:\"Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3359-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the Linux kernel did not properly initialize a\nWake- on-Lan data structure. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2014-9900)\n\nDmitry Vyukov, Andrey Konovalov, Florian Westphal, and Eric Dumazet\ndiscovered that the netfiler subsystem in the Linux kernel mishandled\nIPv6 packet reassembly. A local user could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2016-9755)\n\nAlexander Potapenko discovered a race condition in the Advanced Linux\nSound Architecture (ALSA) subsystem in the Linux kernel. A local\nattacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-1000380)\n\nIt was discovered that the Linux kernel did not clear the setgid bit\nduring a setxattr call on a tmpfs filesystem. A local attacker could\nuse this to gain elevated group privileges. (CVE-2017-5551)\n\nMurray McAllister discovered that an integer overflow existed in the\nVideoCore DRM driver of the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-5576)\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the\nLinux kernel did not properly validate some ioctl arguments. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-7346)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly check for\nthe end of buffer. A remote attacker could use this to craft requests\nthat cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7895)\n\nIt was discovered that an integer underflow existed in the Edgeport\nUSB Serial Converter device driver of the Linux kernel. An attacker\nwith physical access could use this to expose sensitive information\n(kernel memory). (CVE-2017-8924)\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the\nLinux kernel did not properly perform reference counting. A local\nattacker could use this to cause a denial of service (tty exhaustion).\n(CVE-2017-8925)\n\nJann Horn discovered that bpf in Linux kernel does not restrict the\noutput of the print_bpf_insn function. A local attacker could use this\nto obtain sensitive address information. (CVE-2017-9150)\n\nMurray McAllister discovered that the DRM driver for VMware Virtual\nGPUs in the Linux kernel did not properly initialize memory. A local\nattacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-9605).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3359-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.8-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/08/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2014-9900\", \"CVE-2016-9755\", \"CVE-2017-1000380\", \"CVE-2017-5551\", \"CVE-2017-5576\", \"CVE-2017-7346\", \"CVE-2017-7895\", \"CVE-2017-8924\", \"CVE-2017-8925\", \"CVE-2017-9150\", \"CVE-2017-9605\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3359-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-1043-raspi2\", pkgver:\"4.8.0-1043.47\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-59-generic\", pkgver:\"4.8.0-59.64\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-59-generic-lpae\", pkgver:\"4.8.0-59.64\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-4.8.0-59-lowlatency\", pkgver:\"4.8.0-59.64\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic\", pkgver:\"4.8.0.59.72\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.8.0.59.72\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.8.0.59.72\")) flag++;\nif (ubuntu_check(osver:\"16.10\", pkgname:\"linux-image-raspi2\", pkgver:\"4.8.0.1043.47\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.8-generic / linux-image-4.8-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:38", "description": "The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914).\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly manages lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52 (bnc#1030573).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189).\n\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1025235).\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).\n\n - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377).\n\n - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulates the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785).\n\n - CVE-2017-2583: The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel improperly emulates a 'MOV SS, NULL selector' instruction, which allowed guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application (bnc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851).\n\nThe following non-security bugs were fixed :\n\n - Fix kABI breakage of musb struct in 4.1.39 (stable 4.1.39).\n\n - Revert 'ptrace: Capture the ptracer's creds not PT_PTRACE_CAP' (stable 4.1.39).\n\n - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n\n - ext4: validate s_first_meta_bg at mount time (bsc#1023377).\n\n - kabi/severities: Ignore x86/kvm kABI changes for 4.1.39\n\n - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n\n - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415).\n\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415).\n\n - l2tp: hold socket before dropping lock in l2tp_ip(, 6)_recv() (bsc#1028415).\n\n - l2tp: lock socket before checking flags in connect() (bsc#1028415).\n\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bsc#1030118).", "cvss3": {}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-419)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10200", "CVE-2016-10208", "CVE-2016-2117", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2636", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-7184"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource"], "id": "OPENSUSE-2017-419.NASL", "href": "https://www.tenable.com/plugins/nessus/99157", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-419.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99157);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-10208\", \"CVE-2016-2117\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-2596\", \"CVE-2017-2636\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6347\", \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-7184\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-419)\");\n script_summary(english:\"Check for the openSUSE-2017-419 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 kernel was updated to 4.1.39 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the\n Linux kernel did not restrict the address calculated by\n a certain rounding operation, which allowed local users\n to map page zero, and consequently bypass a protection\n mechanism that exists for the mmap system call, by\n making crafted shmget and shmat system calls in a\n privileged context (bnc#1026914).\n\n - CVE-2017-6348: The hashbin_delete function in\n net/irda/irqueue.c in the Linux kernel improperly\n manages lock dropping, which allowed local users to\n cause a denial of service (deadlock) via crafted\n operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in\n net/xfrm/xfrm_user.c in the Linux kernel did not\n validate certain size data after an XFRM_MSG_NEWAE\n update, which allowed local users to obtain root\n privileges or cause a denial of service (heap-based\n out-of-bounds access) by leveraging the CAP_NET_ADMIN\n capability, as demonstrated during a Pwn2Own competition\n at CanSecWest 2017 for the Ubuntu 16.10 linux-image-*\n package 4.8.0.41.52 (bnc#1030573).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP\n Encapsulation feature in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the\n SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and\n net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in\n the Linux kernel allowed local users to gain privileges\n or cause a denial of service (double free) by setting\n the HDLC line discipline (bnc#1027565).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did\n not ensure that a certain destructor exists in required\n circumstances, which allowed local users to cause a\n denial of service (BUG_ON) or possibly have unspecified\n other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c\n in the Linux kernel allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a multithreaded application\n that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in\n net/ipv4/ip_sockglue.c in the Linux kernel has incorrect\n expectations about skb data layout, which allowed local\n users to cause a denial of service (buffer over-read) or\n possibly have unspecified other impact via crafted\n system calls, as demonstrated by use of the MSG_MORE\n flag in conjunction with loopback UDP transmission\n (bnc#1027179).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did\n not properly restrict association peel-off operations\n during certain wait states, which allowed local users to\n cause a denial of service (invalid unlock and double\n free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2017-5986 (bnc#1025235).\n\n - CVE-2017-6214: The tcp_splice_read function in\n net/ipv4/tcp.c in the Linux kernel allowed remote\n attackers to cause a denial of service (infinite loop\n and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux\n kernel incorrectly enables scatter/gather I/O, which\n allowed remote attackers to obtain sensitive information\n from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-10208: The ext4_fill_super function in\n fs/ext4/super.c in the Linux kernel did not properly\n validate meta block groups, which allowed physically\n proximate attackers to cause a denial of service\n (out-of-bounds read and system crash) via a crafted ext4\n image (bnc#1023377).\n\n - CVE-2017-2596: The nested_vmx_check_vmptr function in\n arch/x86/kvm/vmx.c in the Linux kernel improperly\n emulates the VMXON instruction, which allowed KVM L1\n guest OS users to cause a denial of service (host OS\n memory consumption) by leveraging the mishandling of\n page references (bnc#1022785).\n\n - CVE-2017-2583: The load_segment_descriptor\n implementation in arch/x86/kvm/emulate.c in the Linux\n kernel improperly emulates a 'MOV SS, NULL selector'\n instruction, which allowed guest OS users to cause a\n denial of service (guest OS crash) or gain guest OS\n privileges via a crafted application (bnc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux\n kernel allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt (bnc#1019851).\n\nThe following non-security bugs were fixed :\n\n - Fix kABI breakage of musb struct in 4.1.39 (stable\n 4.1.39).\n\n - Revert 'ptrace: Capture the ptracer's creds not\n PT_PTRACE_CAP' (stable 4.1.39).\n\n - ext4: fix fencepost in s_first_meta_bg validation\n (bsc#1029986).\n\n - ext4: validate s_first_meta_bg at mount time\n (bsc#1023377).\n\n - kabi/severities: Ignore x86/kvm kABI changes for 4.1.39\n\n - l2tp: fix address test in __l2tp_ip6_bind_lookup()\n (bsc#1028415).\n\n - l2tp: fix lookup for sockets not bound to a device in\n l2tp_ip (bsc#1028415).\n\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6\n bind() (bsc#1028415).\n\n - l2tp: hold socket before dropping lock in l2tp_ip(,\n 6)_recv() (bsc#1028415).\n\n - l2tp: lock socket before checking flags in connect()\n (bsc#1028415).\n\n - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp\n (bsc#1030118).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1019851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1022785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1023377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1025235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1026722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1026914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1027565\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1029986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968697\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.39-53.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.39-53.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.39-53.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.39-53.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:37", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag.(CVE-2017-6214)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669)\n\n - The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.(CVE-2017-6348)\n\n - Race condition in kernel/events/core.c in the Linux kernel before 4.9.7 allows local users to gain privileges via a crafted application that makes concurrent perf_event_open system calls for moving a software group into a hardware context.(CVE-2017-6001)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1056)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5669", "CVE-2017-6001", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348"], "modified": "2021-01-06T00:00:00", "cpe": ["cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:kernel-debug-devel"], "id": "EULEROS_SA-2017-1056.NASL", "href": "https://www.tenable.com/plugins/nessus/99901", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99901);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-5669\",\n \"CVE-2017-6001\",\n \"CVE-2017-6074\",\n \"CVE-2017-6214\",\n \"CVE-2017-6348\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1056)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A use-after-free flaw was found in the way the Linux\n kernel's Datagram Congestion Control Protocol (DCCP)\n implementation freed SKB (socket buffer) resources for\n a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO\n option is set on the socket. A local, unprivileged user\n could use this flaw to alter the kernel memory,\n allowing them to escalate their privileges on the\n system. (CVE-2017-6074)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the\n Linux kernel before 4.9.11 allows remote attackers to\n cause a denial of service (infinite loop and soft\n lockup) via vectors involving a TCP packet with the URG\n flag.(CVE-2017-6214)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel\n through 4.9.12 does not restrict the address calculated\n by a certain rounding operation, which allows local\n users to map page zero, and consequently bypass a\n protection mechanism that exists for the mmap system\n call, by making crafted shmget and shmat system calls\n in a privileged context.(CVE-2017-5669)\n\n - The hashbin_delete function in net/irda/irqueue.c in\n the Linux kernel before 4.9.13 improperly manages lock\n dropping, which allows local users to cause a denial of\n service (deadlock) via crafted operations on IrDA\n devices.(CVE-2017-6348)\n\n - Race condition in kernel/events/core.c in the Linux\n kernel before 4.9.7 allows local users to gain\n privileges via a crafted application that makes\n concurrent perf_event_open system calls for moving a\n software group into a hardware context.(CVE-2017-6001)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1056\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56132594\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.44.58.28\",\n \"kernel-debug-3.10.0-327.44.58.28\",\n \"kernel-debug-devel-3.10.0-327.44.58.28\",\n \"kernel-devel-3.10.0-327.44.58.28\",\n \"kernel-headers-3.10.0-327.44.58.28\",\n \"kernel-tools-3.10.0-327.44.58.28\",\n \"kernel-tools-libs-3.10.0-327.44.58.28\",\n \"perf-3.10.0-327.44.58.28\",\n \"python-perf-3.10.0-327.44.58.28\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:00:55", "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n\n - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215).\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703).\n\n - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377).\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914).\n\n - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938).\n\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235).\n\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189).\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066).\n\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1350", "CVE-2016-10044", "CVE-2016-10200", "CVE-2016-10208", "CVE-2016-2117", "CVE-2016-3070", "CVE-2016-5243", "CVE-2016-7117", "CVE-2016-9588", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7616"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1247-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1247-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100150);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1350\", \"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-10208\", \"CVE-2016-2117\", \"CVE-2016-3070\", \"CVE-2016-5243\", \"CVE-2016-7117\", \"CVE-2016-9588\", \"CVE-2017-2671\", \"CVE-2017-5669\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7616\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2017:1247-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel\n provided an incomplete set of requirements for setattr\n operations that underspecifies removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bnc#914939).\n\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux\n kernel incorrectly enabled scatter/gather I/O, which\n allowed remote attackers to obtain sensitive information\n from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2016-3070: The trace_writeback_dirty_page\n implementation in include/trace/events/writeback.h in\n the Linux kernel improperly interacted with\n mm/migrate.c, which allowed local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact by\n triggering a certain page move (bnc#979215).\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not\n properly copy a certain string, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#983212).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bnc#1003077).\n\n - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel\n mismanages the #BP and #OF exceptions, which allowed\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest (bnc#1015703).\n\n - CVE-2016-10044: The aio_mount function in fs/aio.c in\n the Linux kernel did not properly restrict execute\n access, which made it easier for local users to bypass\n intended SELinux W^X policy restrictions, and\n consequently gain privileges, via an io_setup system\n call (bnc#1023992).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP\n Encapsulation feature in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the\n SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and\n net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2016-10208: The ext4_fill_super function in\n fs/ext4/super.c in the Linux kernel did not properly\n validate meta block groups, which allowed physically\n proximate attackers to cause a denial of service\n (out-of-bounds read and system crash) via a crafted ext4\n image (bnc#1023377).\n\n - CVE-2017-2671: The ping_unhash function in\n net/ipv4/ping.c in the Linux kernel is too late in\n obtaining a certain lock and consequently cannot ensure\n that disconnect function calls are safe, which allowed\n local users to cause a denial of service (panic) by\n leveraging access to the protocol value of IPPROTO_ICMP\n in a socket system call (bnc#1031003).\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the\n Linux kernel did not restrict the address calculated by\n a certain rounding operation, which allowed local users\n to map page zero, and consequently bypass a protection\n mechanism that exists for the mmap system call, by\n making crafted shmget and shmat system calls in a\n privileged context (bnc#1026914).\n\n - CVE-2017-5897: The ip6gre_err function in\n net/ipv6/ip6_gre.c in the Linux kernel allowed remote\n attackers to have unspecified impact via vectors\n involving GRE flags in an IPv6 packet, which trigger an\n out-of-bounds access (bnc#1023762).\n\n - CVE-2017-5970: The ipv4_pktinfo_prepare function in\n net/ipv4/ip_sockglue.c in the Linux kernel allowed\n attackers to cause a denial of service (system crash)\n via (1) an application that made crafted system calls or\n possibly (2) IPv4 traffic with invalid IP options\n (bnc#1024938).\n\n - CVE-2017-5986: Race condition in the\n sctp_wait_for_sndbuf function in net/sctp/socket.c in\n the Linux kernel allowed local users to cause a denial\n of service (assertion failure and panic) via a\n multithreaded application that peels off an association\n in a certain buffer-full state (bnc#1025235).\n\n - CVE-2017-6074: The dccp_rcv_state_process function in\n net/dccp/input.c in the Linux kernel mishandled\n DCCP_PKT_REQUEST packet data structures in the LISTEN\n state, which allowed local users to obtain root\n privileges or cause a denial of service (double free)\n via an application that made an IPV6_RECVPKTINFO\n setsockopt system call (bnc#1026024).\n\n - CVE-2017-6214: The tcp_splice_read function in\n net/ipv4/tcp.c in the Linux kernel allowed remote\n attackers to cause a denial of service (infinite loop\n and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did\n not ensure that a certain destructor exists in required\n circumstances, which allowed local users to cause a\n denial of service (BUG_ON) or possibly have unspecified\n other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c\n in the Linux kernel allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a multithreaded application\n that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n\n - CVE-2017-6348: The hashbin_delete function in\n net/irda/irqueue.c in the Linux kernel improperly\n managed lock dropping, which allowed local users to\n cause a denial of service (deadlock) via crafted\n operations on IrDA devices (bnc#1027178).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did\n not properly restrict association peel-off operations\n during certain wait states, which allowed local users to\n cause a denial of service (invalid unlock and double\n free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2017-5986 (bnc#1027066).\n\n - CVE-2017-7187: The sg_ioctl function in\n drivers/scsi/sg.c in the Linux kernel allowed local\n users to cause a denial of service (stack-based buffer\n overflow) or possibly have unspecified other impact via\n a large command size in an SG_NEXT_CMD_LEN ioctl call,\n leading to out-of-bounds write access in the sg_write\n function (bnc#1030213).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not check for a zero value of certain levels\n data, which allowed local users to cause a denial of\n service (ZERO_SIZE_PTR dereference, and GPF and possibly\n panic) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031052).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate addition of certain levels data,\n which allowed local users to trigger an integer overflow\n and out-of-bounds write, and cause a denial of service\n (system hang or crash) or possibly gain privileges, via\n a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031440).\n\n - CVE-2017-7308: The packet_set_ring function in\n net/packet/af_packet.c in the Linux kernel did not\n properly validate certain block-size data, which allowed\n local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted\n system calls (bnc#1031579).\n\n - CVE-2017-7616: Incorrect error handling in the\n set_mempolicy and mbind compat syscalls in\n mm/mempolicy.c in the Linux kernel allowed local users\n to obtain sensitive information from uninitialized stack\n data by triggering failure of a certain bitmap operation\n (bnc#1033336).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027149\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10044/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10200/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5243/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5970/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5986/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6214/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7187/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7294/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7616/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171247-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8f96323f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12:zypper in -t patch\nSUSE-SLE-SAP-12-2017-749=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2017-749=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-749=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_72-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_72-default-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_72-xen-1-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.61-52.72.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.61-52.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:56:03", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive various security and bugfixes. Notable new/improved features :\n\n - Improved support for Hyper-V\n\n - Support for the tcp_westwood TCP scheduling algorithm The following security bugs were fixed :\n\n - CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel allowed privileged KVM guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a single-context INVEPT instruction with a NULL EPT pointer (bsc#1035877).\n\n - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type. (bsc#1029850).\n\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c. (bsc#1030593)\n\n - CVE-2016-9604: This fixes handling of keyrings starting with '.' in KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to manipulate privileged keyrings (bsc#1035576)\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (bnc#1033336).\n\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670).\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579)\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003)\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440)\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052)\n\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213)\n\n - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanaged the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bsc#1015703).\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415)\n\n - CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377).\n\n - CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bsc#1023762).\n\n - CVE-2017-5986: A race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235).\n\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024)\n\n - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application (bnc#1008842)\n\n - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178).\n\n - CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992).\n\n - CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacts with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215).\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190)\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189)\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066)\n\n - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235).\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722)\n\n - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697)\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bsc#914939).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bsc#1003077).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-22T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1360-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1350", "CVE-2016-10044", "CVE-2016-10200", "CVE-2016-10208", "CVE-2016-2117", "CVE-2016-3070", "CVE-2016-5243", "CVE-2016-7117", "CVE-2016-9191", "CVE-2016-9588", "CVE-2016-9604", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5669", "CVE-2017-5897", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7645", "CVE-2017-8106"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1360-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100320", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1360-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100320);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1350\", \"CVE-2016-10044\", \"CVE-2016-10200\", \"CVE-2016-10208\", \"CVE-2016-2117\", \"CVE-2016-3070\", \"CVE-2016-5243\", \"CVE-2016-7117\", \"CVE-2016-9191\", \"CVE-2016-9588\", \"CVE-2016-9604\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5669\", \"CVE-2017-5897\", \"CVE-2017-5986\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\", \"CVE-2017-6951\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7645\", \"CVE-2017-8106\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1360-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to\nreceive various security and bugfixes. Notable new/improved features :\n\n - Improved support for Hyper-V\n\n - Support for the tcp_westwood TCP scheduling algorithm\n The following security bugs were fixed :\n\n - CVE-2017-8106: The handle_invept function in\n arch/x86/kvm/vmx.c in the Linux kernel allowed\n privileged KVM guest OS users to cause a denial of\n service (NULL pointer dereference and host OS crash) via\n a single-context INVEPT instruction with a NULL EPT\n pointer (bsc#1035877).\n\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed\n local users to cause a denial of service (NULL pointer\n dereference and OOPS) via a request_key system call for\n the 'dead' type. (bsc#1029850).\n\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel\n allowed local users to gain privileges or cause a denial\n of service (NULL pointer dereference and system crash)\n via vectors involving a NULL value for a certain match\n field, related to the keyring_search_iterator function\n in keyring.c. (bsc#1030593)\n\n - CVE-2016-9604: This fixes handling of keyrings starting\n with '.' in KEYCTL_JOIN_SESSION_KEYRING, which could\n have allowed local users to manipulate privileged\n keyrings (bsc#1035576)\n\n - CVE-2017-7616: Incorrect error handling in the\n set_mempolicy and mbind compat syscalls in\n mm/mempolicy.c in the Linux kernel allowed local users\n to obtain sensitive information from uninitialized stack\n data by triggering failure of a certain bitmap\n operation. (bnc#1033336).\n\n - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd\n subsystem in the Linux kernel allowed remote attackers\n to cause a denial of service (system crash) via a long\n RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (bsc#1034670).\n\n - CVE-2017-7308: The packet_set_ring function in\n net/packet/af_packet.c in the Linux kernel did not\n properly validate certain block-size data, which allowed\n local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted\n system calls (bnc#1031579)\n\n - CVE-2017-2671: The ping_unhash function in\n net/ipv4/ping.c in the Linux kernel was too late in\n obtaining a certain lock and consequently could not\n ensure that disconnect function calls are safe, which\n allowed local users to cause a denial of service (panic)\n by leveraging access to the protocol value of\n IPPROTO_ICMP in a socket system call (bnc#1031003)\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate addition of certain levels data,\n which allowed local users to trigger an integer overflow\n and out-of-bounds write, and cause a denial of service\n (system hang or crash) or possibly gain privileges, via\n a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031440)\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not check for a zero value of certain levels\n data, which allowed local users to cause a denial of\n service (ZERO_SIZE_PTR dereference, and GPF and possibly\n panic) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031052)\n\n - CVE-2017-7187: The sg_ioctl function in\n drivers/scsi/sg.c in the Linux kernel allowed local\n users to cause a denial of service (stack-based buffer\n overflow) or possibly have unspecified other impact via\n a large command size in an SG_NEXT_CMD_LEN ioctl call,\n leading to out-of-bounds write access in the sg_write\n function (bnc#1030213)\n\n - CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel\n mismanaged the #BP and #OF exceptions, which allowed\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest (bsc#1015703).\n\n - CVE-2017-5669: The do_shmat function in ipc/shm.c in the\n Linux kernel did not restrict the address calculated by\n a certain rounding operation, which allowed local users\n to map page zero, and consequently bypass a protection\n mechanism that exists for the mmap system call, by\n making crafted shmget and shmat system calls in a\n privileged context (bnc#1026914).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP\n Encapsulation feature in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the\n SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and\n net/l2tp/l2tp_ip6.c (bnc#1028415)\n\n - CVE-2016-10208: The ext4_fill_super function in\n fs/ext4/super.c in the Linux kernel did not properly\n validate meta block groups, which allowed physically\n proximate attackers to cause a denial of service\n (out-of-bounds read and system crash) via a crafted ext4\n image (bnc#1023377).\n\n - CVE-2017-5897: The ip6gre_err function in\n net/ipv6/ip6_gre.c in the Linux kernel allowed remote\n attackers to have unspecified impact via vectors\n involving GRE flags in an IPv6 packet, which trigger an\n out-of-bounds access (bsc#1023762).\n\n - CVE-2017-5986: A race condition in the\n sctp_wait_for_sndbuf function in net/sctp/socket.c in\n the Linux kernel allowed local users to cause a denial\n of service (assertion failure and panic) via a\n multithreaded application that peels off an association\n in a certain buffer-full state (bsc#1025235).\n\n - CVE-2017-6074: The dccp_rcv_state_process function in\n net/dccp/input.c in the Linux kernel mishandled\n DCCP_PKT_REQUEST packet data structures in the LISTEN\n state, which allowed local users to obtain root\n privileges or cause a denial of service (double free)\n via an application that made an IPV6_RECVPKTINFO\n setsockopt system call (bnc#1026024)\n\n - CVE-2016-9191: The cgroup offline implementation in the\n Linux kernel mishandled certain drain operations, which\n allowed local users to cause a denial of service (system\n hang) by leveraging access to a container environment\n for executing a crafted application (bnc#1008842)\n\n - CVE-2017-6348: The hashbin_delete function in\n net/irda/irqueue.c in the Linux kernel improperly\n managed lock dropping, which allowed local users to\n cause a denial of service (deadlock) via crafted\n operations on IrDA devices (bnc#1027178).\n\n - CVE-2016-10044: The aio_mount function in fs/aio.c in\n the Linux kernel did not properly restrict execute\n access, which made it easier for local users to bypass\n intended SELinux W^X policy restrictions, and\n consequently gain privileges, via an io_setup system\n call (bnc#1023992).\n\n - CVE-2016-3070: The trace_writeback_dirty_page\n implementation in include/trace/events/writeback.h in\n the Linux kernel improperly interacts with mm/migrate.c,\n which allowed local users to cause a denial of service\n (NULL pointer dereference and system crash) or possibly\n have unspecified other impact by triggering a certain\n page move (bnc#979215).\n\n - CVE-2016-5243: The tipc_nl_compat_link_dump function in\n net/tipc/netlink_compat.c in the Linux kernel did not\n properly copy a certain string, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#983212).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did\n not ensure that a certain destructor exists in required\n circumstances, which allowed local users to cause a\n denial of service (BUG_ON) or possibly have unspecified\n other impact via crafted system calls (bnc#1027190)\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c\n in the Linux kernel allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a multithreaded application\n that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189)\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did\n not properly restrict association peel-off operations\n during certain wait states, which allowed local users to\n cause a denial of service (invalid unlock and double\n free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2017-5986 (bnc#1027066)\n\n - CVE-2017-5986: Race condition in the\n sctp_wait_for_sndbuf function in net/sctp/socket.c in\n the Linux kernel allowed local users to cause a denial\n of service (assertion failure and panic) via a\n multithreaded application that peels off an association\n in a certain buffer-full state (bsc#1025235).\n\n - CVE-2017-6214: The tcp_splice_read function in\n net/ipv4/tcp.c in the Linux kernel allowed remote\n attackers to cause a denial of service (infinite loop\n and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722)\n\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux\n kernel incorrectly enables scatter/gather I/O, which\n allowed remote attackers to obtain sensitive information\n from kernel memory by reading packet data (bnc#968697)\n\n - CVE-2015-1350: The VFS subsystem in the Linux kernel\n provided an incomplete set of requirements for setattr\n operations that underspecifies removing extended\n privilege attributes, which allowed local users to cause\n a denial of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program (bsc#914939).\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n is mishandled during error processing (bsc#1003077).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012985\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015703\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023824\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025039\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029850\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1033336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=103470\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1034700\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035738\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1036752\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1038261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=799133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=857926\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=914939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=922853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=930399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=937444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940946\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954763\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988065\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=993832\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1350/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10044/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10200/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10208/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3070/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5243/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9191/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9588/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9604/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5986/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6214/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6348/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6951/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7187/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7294/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7616/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7645/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-8106/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171360-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b505b515\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2017-831=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2017-831=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2017-831=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2017-831=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-831=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-831=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.40.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.40.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:02:21", "description": "Security Fix(es) :\n\n - A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS\n\n - 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system.\n (CVE-2017-7477, Important)\n\n - The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel (denial of service). (CVE-2017-7645, Important)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n - The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.\n (CVE-2017-2583, Moderate)\n\n - A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.\n (CVE-2017-6214, Moderate)\n\nBug Fix(es) :\n\n - Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs.\n\n - If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times. Consequently, the performance of listing the directory was sub-optimal. With this update, the restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved.\n\n - The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected.\n\n - When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver and QEMU no longer crashes in the described situation.\n\n - When the operating system was booted with the in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation.\n\n - When creating or destroying a VM with Virtual Function I/O (VFIO) devices with 'Hugepages' feature enabled, errors in Direct Memory Access (DMA) page table entry (PTE) mappings occurred, and QEMU memory usage behaved unpredictably. This update fixes range computation when making room for large pages in Input/Output Memory Management Unit (IOMMU). As a result, errors in DMA PTE mappings no longer occur, and QEMU has a predictable memory usage in the described situation.", "cvss3": {}, "published": "2017-06-29T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20170628)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170628_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/101105", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101105);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20170628)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - A flaw was found in the way Linux kernel allocates heap\n memory to build the scattergather list from a fragment\n list(skb_shinfo(skb)->frag_list) in the socket\n buffer(skb_buff). The heap overflow occurred if\n 'MAX_SKB_FRAGS\n\n - 1' parameter and 'NETIF_F_FRAGLIST' feature were used\n together. A remote user or process could use this flaw\n to potentially escalate their privilege on a system.\n (CVE-2017-7477, Important)\n\n - The NFS2/3 RPC client could send long arguments to the\n NFS server. These encoded arguments are stored in an\n array of memory pages, and accessed using pointer\n variables. Arbitrarily long arguments could make these\n pointers point outside the array and cause an\n out-of-bounds memory access. A remote user or program\n could use this flaw to crash the kernel (denial of\n service). (CVE-2017-7645, Important)\n\n - The NFSv2 and NFSv3 server implementations in the Linux\n kernel through 4.10.13 lacked certain checks for the end\n of a buffer. A remote attacker could trigger a\n pointer-arithmetic error or possibly cause other\n unspecified impacts using crafted requests related to\n fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895,\n Important)\n\n - The Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support was vulnerable to an\n incorrect segment selector(SS) value error. The error\n could occur while loading values into the SS register in\n long mode. A user or process inside a guest could use\n this flaw to crash the guest, resulting in DoS or\n potentially escalate their privileges inside the guest.\n (CVE-2017-2583, Moderate)\n\n - A flaw was found in the Linux kernel's handling of\n packets with the URG flag. Applications using the\n splice() and tcp_splice_read() functionality could allow\n a remote attacker to force the kernel to enter a\n condition in which it could loop indefinitely.\n (CVE-2017-6214, Moderate)\n\nBug Fix(es) :\n\n - Previously, the reserved-pages counter (HugePages_Rsvd)\n was bigger than the total-pages counter\n (HugePages_Total) in the /proc/meminfo file, and\n HugePages_Rsvd underflowed. With this update, the\n HugeTLB feature of the Linux kernel has been fixed, and\n HugePages_Rsvd underflow no longer occurs.\n\n - If a directory on a NFS client was modified while being\n listed, the NFS client could restart the directory\n listing multiple times. Consequently, the performance of\n listing the directory was sub-optimal. With this update,\n the restarting of the directory listing happens less\n frequently. As a result, the performance of listing the\n directory while it is being modified has improved.\n\n - The Fibre Channel over Ethernet (FCoE) adapter in some\n cases failed to reboot. This update fixes the qla2xxx\n driver, and FCoE adapter now reboots as expected.\n\n - When a VM with Virtual Function I/O (VFIO) device was\n rebooted, the QEMU process occasionally terminated\n unexpectedly due to a failed VFIO Direct Memory Access\n (DMA) map request. This update fixes the vfio driver and\n QEMU no longer crashes in the described situation.\n\n - When the operating system was booted with the in-box\n lpfc driver, a kernel panic occurred on the\n little-endian variant of IBM Power Systems. This update\n fixes lpfc, and the kernel no longer panics in the\n described situation.\n\n - When creating or destroying a VM with Virtual Function\n I/O (VFIO) devices with 'Hugepages' feature enabled,\n errors in Direct Memory Access (DMA) page table entry\n (PTE) mappings occurred, and QEMU memory usage behaved\n unpredictably. This update fixes range computation when\n making room for large pages in Input/Output Memory\n Management Unit (IOMMU). As a result, errors in DMA PTE\n mappings no longer occur, and QEMU has a predictable\n memory usage in the described situation.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1706&L=scientific-linux-errata&F=&S=&P=6811\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86d5e542\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:56:46", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was sub-optimal. With this update, the restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO) devices with 'Hugepages' feature enabled, errors in Direct Memory Access (DMA) page table entry (PTE) mappings occurred, and QEMU memory usage behaved unpredictably. This update fixes range computation when making room for large pages in Input/Output Memory Management Unit (IOMMU). As a result, errors in DMA PTE mappings no longer occur, and QEMU has a predictable memory usage in the described situation.\n(BZ#1450856)", "cvss3": {}, "published": "2017-06-29T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2017:1615)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-1615.NASL", "href": "https://www.tenable.com/plugins/nessus/101101", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1615. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(101101);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:43\");\n\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_xref(name:\"RHSA\", value:\"2017:1615\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2017:1615)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and\n'NETIF_F_FRAGLIST' feature were used together. A remote user or\nprocess could use this flaw to potentially escalate their privilege on\na system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and\naccessed using pointer variables. Arbitrarily long arguments could\nmake these pointers point outside the array and cause an out-of-bounds\nmemory access. A remote user or program could use this flaw to crash\nthe kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel\nthrough 4.10.13 lacked certain checks for the end of a buffer. A\nremote attacker could trigger a pointer-arithmetic error or possibly\ncause other unspecified impacts using crafted requests related to\nfs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support was vulnerable to an incorrect segment\nselector(SS) value error. The error could occur while loading values\ninto the SS register in long mode. A user or process inside a guest\ncould use this flaw to crash the guest, resulting in DoS or\npotentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the\nURG flag. Applications using the splice() and tcp_splice_read()\nfunctionality could allow a remote attacker to force the kernel to\nenter a condition in which it could loop indefinitely. (CVE-2017-6214,\nModerate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and\nXiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger\nthan the total-pages counter (HugePages_Total) in the /proc/meminfo\nfile, and HugePages_Rsvd underflowed. With this update, the HugeTLB\nfeature of the Linux kernel has been fixed, and HugePages_Rsvd\nunderflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the\nNFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was\nsub-optimal. With this update, the restarting of the directory listing\nhappens less frequently. As a result, the performance of listing the\ndirectory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed\nto reboot. This update fixes the qla2xxx driver, and FCoE adapter now\nreboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the\nQEMU process occasionally terminated unexpectedly due to a failed VFIO\nDirect Memory Access (DMA) map request. This update fixes the vfio\ndriver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a\nkernel panic occurred on the little-endian variant of IBM Power\nSystems. This update fixes lpfc, and the kernel no longer panics in\nthe described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO)\ndevices with 'Hugepages' feature enabled, errors in Direct Memory\nAccess (DMA) page table entry (PTE) mappings occurred, and QEMU memory\nusage behaved unpredictably. This update fixes range computation when\nmaking room for large pages in Input/Output Memory Management Unit\n(IOMMU). As a result, errors in DMA PTE mappings no longer occur, and\nQEMU has a predictable memory usage in the described situation.\n(BZ#1450856)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/3090941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:1615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-2583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-6214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7895\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2017:1615\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:1615\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.26.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-10T16:45:46", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-16151 advisory.\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. (CVE-2017-6214)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\n - Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. (CVE-2017-7477)\n\n - The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (CVE-2017-7645)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-09-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : ELSA-2017-1615-1: / kernel (ELSA-2017-16151)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2023-09-07T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-16151.NASL", "href": "https://www.tenable.com/plugins/nessus/180809", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-16151.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(180809);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/07\");\n\n script_cve_id(\n \"CVE-2017-2583\",\n \"CVE-2017-6214\",\n \"CVE-2017-7477\",\n \"CVE-2017-7645\",\n \"CVE-2017-7895\"\n );\n\n script_name(english:\"Oracle Linux 7 : ELSA-2017-1615-1: / kernel (ELSA-2017-16151)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-16151 advisory.\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5\n improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial\n of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers\n to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the\n URG flag. (CVE-2017-6214)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the\n end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have\n unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\n - Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through\n 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by\n leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to\n an error in the skb_to_sgvec function. (CVE-2017-7477)\n\n - The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers\n to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (CVE-2017-7645)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-1615-1.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/09/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-514.26.1.0.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-16151');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-abi-whitelists-3.10.0-514.26.1.0.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-debug-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.26.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:56:11", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-1615 advisory.\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. (CVE-2017-6214)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\n - Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function. (CVE-2017-7477)\n\n - The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (CVE-2017-7645)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2017-1615)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2017-1615.NASL", "href": "https://www.tenable.com/plugins/nessus/101139", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-1615.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101139);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2017-2583\",\n \"CVE-2017-6214\",\n \"CVE-2017-7477\",\n \"CVE-2017-7645\",\n \"CVE-2017-7895\"\n );\n script_xref(name:\"RHSA\", value:\"2017:1615\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2017-1615)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2017-1615 advisory.\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5\n improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial\n of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers\n to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the\n URG flag. (CVE-2017-6214)\n\n - The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the\n end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have\n unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.\n (CVE-2017-7895)\n\n - Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through\n 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by\n leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to\n an error in the skb_to_sgvec function. (CVE-2017-7477)\n\n - The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers\n to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c,\n fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. (CVE-2017-7645)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-1615.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-514.26.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-1615');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-3.10.0-514.26.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-514.26.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-514.26.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-514.26.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-514.26.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-514.26.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-514.26.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-514.26.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.26.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-514.26.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.26.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:56:48", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lacked certain checks for the end of a buffer. A remote attacker could trigger a pointer-arithmetic error or possibly cause other unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. The error could occur while loading values into the SS register in long mode. A user or process inside a guest could use this flaw to crash the guest, resulting in DoS or potentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely. (CVE-2017-6214, Moderate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than the total-pages counter (HugePages_Total) in the /proc/meminfo file, and HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was sub-optimal. With this update, the restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO) devices with 'Hugepages' feature enabled, errors in Direct Memory Access (DMA) page table entry (PTE) mappings occurred, and QEMU memory usage behaved unpredictably. This update fixes range computation when making room for large pages in Input/Output Memory Management Unit (IOMMU). As a result, errors in DMA PTE mappings no longer occur, and QEMU has a predictable memory usage in the described situation.\n(BZ#1450856)", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2017:1615)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-1615.NASL", "href": "https://www.tenable.com/plugins/nessus/101120", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:1615 and \n# CentOS Errata and Security Advisory 2017:1615 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101120);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_xref(name:\"RHSA\", value:\"2017:1615\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2017:1615)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* A flaw was found in the way Linux kernel allocates heap memory to\nbuild the scattergather list from a fragment\nlist(skb_shinfo(skb)->frag_list) in the socket buffer(skb_buff). The\nheap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and\n'NETIF_F_FRAGLIST' feature were used together. A remote user or\nprocess could use this flaw to potentially escalate their privilege on\na system. (CVE-2017-7477, Important)\n\n* The NFS2/3 RPC client could send long arguments to the NFS server.\nThese encoded arguments are stored in an array of memory pages, and\naccessed using pointer variables. Arbitrarily long arguments could\nmake these pointers point outside the array and cause an out-of-bounds\nmemory access. A remote user or program could use this flaw to crash\nthe kernel (denial of service). (CVE-2017-7645, Important)\n\n* The NFSv2 and NFSv3 server implementations in the Linux kernel\nthrough 4.10.13 lacked certain checks for the end of a buffer. A\nremote attacker could trigger a pointer-arithmetic error or possibly\ncause other unspecified impacts using crafted requests related to\nfs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)\n\n* The Linux kernel built with the Kernel-based Virtual Machine\n(CONFIG_KVM) support was vulnerable to an incorrect segment\nselector(SS) value error. The error could occur while loading values\ninto the SS register in long mode. A user or process inside a guest\ncould use this flaw to crash the guest, resulting in DoS or\npotentially escalate their privileges inside the guest.\n(CVE-2017-2583, Moderate)\n\n* A flaw was found in the Linux kernel's handling of packets with the\nURG flag. Applications using the splice() and tcp_splice_read()\nfunctionality could allow a remote attacker to force the kernel to\nenter a condition in which it could loop indefinitely. (CVE-2017-6214,\nModerate)\n\nRed Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and\nXiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.\n\nBug Fix(es) :\n\n* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger\nthan the total-pages counter (HugePages_Total) in the /proc/meminfo\nfile, and HugePages_Rsvd underflowed. With this update, the HugeTLB\nfeature of the Linux kernel has been fixed, and HugePages_Rsvd\nunderflow no longer occurs. (BZ#1445184)\n\n* If a directory on a NFS client was modified while being listed, the\nNFS client could restart the directory listing multiple times.\nConsequently, the performance of listing the directory was\nsub-optimal. With this update, the restarting of the directory listing\nhappens less frequently. As a result, the performance of listing the\ndirectory while it is being modified has improved. (BZ#1450851)\n\n* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed\nto reboot. This update fixes the qla2xxx driver, and FCoE adapter now\nreboots as expected. (BZ#1446246)\n\n* When a VM with Virtual Function I/O (VFIO) device was rebooted, the\nQEMU process occasionally terminated unexpectedly due to a failed VFIO\nDirect Memory Access (DMA) map request. This update fixes the vfio\ndriver and QEMU no longer crashes in the described situation.\n(BZ#1450855)\n\n* When the operating system was booted with the in-box lpfc driver, a\nkernel panic occurred on the little-endian variant of IBM Power\nSystems. This update fixes lpfc, and the kernel no longer panics in\nthe described situation. (BZ#1452044)\n\n* When creating or destroying a VM with Virtual Function I/O (VFIO)\ndevices with 'Hugepages' feature enabled, errors in Direct Memory\nAccess (DMA) page table entry (PTE) mappings occurred, and QEMU memory\nusage behaved unpredictably. This update fixes range computation when\nmaking room for large pages in Input/Output Memory Management Unit\n(IOMMU). As a result, errors in DMA PTE mappings no longer occur, and\nQEMU has a predictable memory usage in the described situation.\n(BZ#1450856)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-June/022489.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?327ae90b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7895\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-19T13:48:48", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.(CVE-2017-18255)\n\n - In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.(CVE-2017-18270)\n\n - The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn't properly validate the sigevent-i1/4zsigev_notify field, which leads to out-of-bounds access in the show_timer function.(CVE-2017-18344)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.(CVE-2017-2584)\n\n - Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled(nested=1), is vulnerable to host memory leakage issue. It could occur while emulating VMXON instruction in 'handle_vmon'. An L1 guest user could use this flaw to leak host memory potentially resulting in DoS.(CVE-2017-2596)\n\n - A race condition flaw was found in the N_HLDC Linux kernel driver when accessing n_hdlc.tbuf list that can lead to double free. A local, unprivileged user able to set the HDLC line discipline on the tty device could use this flaw to increase their privileges on the system.(CVE-2017-2636)\n\n - A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type-i1/4zmatch is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.(CVE-2017-2647)\n\n - A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.(CVE-2017-2671)\n\n - A vulnerability was found in the Linux kernel in 'tmpfs' file system. When file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via 'setxattr' sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way this allows to bypass the check in 'chmod'.(CVE-2017-5551)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel, through 4.9.12, does not restrict the address calculated by a certain rounding operation. This allows privileged local users to map page zero and, consequently, bypass a protection mechanism that exists for the mmap system call. This is possible by making crafted shmget and shmat system calls in a privileged context.(CVE-2017-5669)\n\n - A vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst.\n This could result in a system crash or possible privilege escalation.(CVE-2017-5970)\n\n - It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread.(CVE-2017-5986)\n\n - It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context.(CVE-2017-6001)\n\n - A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.(CVE-2017-6074)\n\n - A flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality could allow a remote attacker to force the kernel to enter a condition in which it could loop indefinitely.(CVE-2017-6214)\n\n - The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.(CVE-2017-6348)\n\n - It was found that the code in net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. This vulnerability was introduced by CVE-2017-5986 fix (commit 2dcab5984841).(CVE-2017-6353)\n\n - The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allows local users to cause a denial of service via a request_key system call for the 'dead' key type.(CVE-2017-6951)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function.(CVE-2017-7187)\n\n - In was found that in the Linux kernel, in vmw_surface_define_ioctl() function in 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a 'num_sizes' parameter is assigned a user-controlled value which is not checked if it is zero. This is used in a call to kmalloc() and later leads to dereferencing ZERO_SIZE_PTR, which in turn leads to a GPF and possibly to a kernel panic.(CVE-2017-7261)\n\n - An out-of-bounds write vulnerability was found in the Linux kernel's vmw_surface_define_ioctl() function, in the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-7294)\n\n - It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2017-7308)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1502)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18255", "CVE-2017-18270", "CVE-2017-18344", "CVE-2017-2584", "CVE-2017-2596", "CVE-2017-2636", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5551", "CVE-2017-5669", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6001", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6348", "CVE-2017-6353", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1502.NASL", "href": "https://www.tenable.com/plugins/nessus/124825", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124825);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18255\",\n \"CVE-2017-18270\",\n \"CVE-2017-18344\",\n \"CVE-2017-2584\",\n \"CVE-2017-2596\",\n \"CVE-2017-2636\",\n \"CVE-2017-2647\",\n \"CVE-2017-2671\",\n \"CVE-2017-5551\",\n \"CVE-2017-5669\",\n \"CVE-2017-5970\",\n \"CVE-2017-5986\",\n \"CVE-2017-6001\",\n \"CVE-2017-6074\",\n \"CVE-2017-6214\",\n \"CVE-2017-6348\",\n \"CVE-2017-6353\",\n \"CVE-2017-6951\",\n \"CVE-2017-7187\",\n \"CVE-2017-7261\",\n \"CVE-2017-7294\",\n \"CVE-2017-7308\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1502)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The perf_cpu_time_max_percent_handler function in\n kernel/events/core.c in the Linux kernel before 4.11\n allows local users to cause a denial of service\n (integer overflow) or possibly have unspecified other\n impact via a large value, as demonstrated by an\n incorrect sample-rate calculation.(CVE-2017-18255)\n\n - In the Linux kernel before 4.13.5, a local user could\n create keyrings for other users via keyctl commands,\n setting unwanted defaults or causing a denial of\n service.(CVE-2017-18270)\n\n - The timer_create syscall implementation in\n kernel/time/posix-timers.c in the Linux kernel doesn't\n properly validate the sigevent-i1/4zsigev_notify field,\n which leads to out-of-bounds access in the show_timer\n function.(CVE-2017-18344)\n\n - arch/x86/kvm/emulate.c in the Linux kernel through\n 4.9.3 allows local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt.(CVE-2017-2584)\n\n - Linux kernel built with the KVM visualization support\n (CONFIG_KVM), with nested visualization(nVMX) feature\n enabled(nested=1), is vulnerable to host memory leakage\n issue. It could occur while emulating VMXON instruction\n in 'handle_vmon'. An L1 guest user could use this flaw\n to leak host memory potentially resulting in\n DoS.(CVE-2017-2596)\n\n - A race condition flaw was found in the N_HLDC Linux\n kernel driver when accessing n_hdlc.tbuf list that can\n lead to double free. A local, unprivileged user able to\n set the HDLC line discipline on the tty device could\n use this flaw to increase their privileges on the\n system.(CVE-2017-2636)\n\n - A flaw was found that can be triggered in\n keyring_search_iterator in keyring.c if type-i1/4zmatch\n is NULL. A local user could use this flaw to crash the\n system or, potentially, escalate their\n privileges.(CVE-2017-2647)\n\n - A race condition leading to a NULL pointer dereference\n was found in the Linux kernel's Link Layer Control\n implementation. A local attacker with access to ping\n sockets could use this flaw to crash the\n system.(CVE-2017-2671)\n\n - A vulnerability was found in the Linux kernel in\n 'tmpfs' file system. When file permissions are modified\n via 'chmod' and the user is not in the owning group or\n capable of CAP_FSETID, the setgid bit is cleared in\n inode_change_ok(). Setting a POSIX ACL via 'setxattr'\n sets the file permissions as well as the new ACL, but\n doesn't clear the setgid bit in a similar way this\n allows to bypass the check in 'chmod'.(CVE-2017-5551)\n\n - The do_shmat function in ipc/shm.c in the Linux kernel,\n through 4.9.12, does not restrict the address\n calculated by a certain rounding operation. This allows\n privileged local users to map page zero and,\n consequently, bypass a protection mechanism that exists\n for the mmap system call. This is possible by making\n crafted shmget and shmat system calls in a privileged\n context.(CVE-2017-5669)\n\n - A vulnerability was found in the Linux kernel where\n having malicious IP options present would cause the\n ipv4_pktinfo_prepare() function to drop/free the dst.\n This could result in a system crash or possible\n privilege escalation.(CVE-2017-5970)\n\n - It was reported that with Linux kernel, earlier than\n version v4.10-rc8, an application may trigger a BUG_ON\n in sctp_wait_for_sndbuf if the socket tx buffer is\n full, a thread is waiting on it to queue more data, and\n meanwhile another thread peels off the association\n being used by the first thread.(CVE-2017-5986)\n\n - It was found that the original fix for CVE-2016-6786\n was incomplete. There exist a race between two\n concurrent sys_perf_event_open() calls when both try\n and move the same pre-existing software group into a\n hardware context.(CVE-2017-6001)\n\n - A use-after-free flaw was found in the way the Linux\n kernel's Datagram Congestion Control Protocol (DCCP)\n implementation freed SKB (socket buffer) resources for\n a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO\n option is set on the socket. A local, unprivileged user\n could use this flaw to alter the kernel memory,\n allowing them to escalate their privileges on the\n system.(CVE-2017-6074)\n\n - A flaw was found in the Linux kernel's handling of\n packets with the URG flag. Applications using the\n splice() and tcp_splice_read() functionality could\n allow a remote attacker to force the kernel to enter a\n condition in which it could loop\n indefinitely.(CVE-2017-6214)\n\n - The hashbin_delete function in net/irda/irqueue.c in\n the Linux kernel improperly manages lock dropping,\n which allows local users to cause a denial of service\n (deadlock) via crafted operations on IrDA\n devices.(CVE-2017-6348)\n\n - It was found that the code in net/sctp/socket.c in the\n Linux kernel through 4.10.1 does not properly restrict\n association peel-off operations during certain wait\n states, which allows local users to cause a denial of\n service (invalid unlock and double free) via a\n multithreaded application. This vulnerability was\n introduced by CVE-2017-5986 fix (commit\n 2dcab5984841).(CVE-2017-6353)\n\n - The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allows\n local users to cause a denial of service via a\n request_key system call for the 'dead' key\n type.(CVE-2017-6951)\n\n - The sg_ioctl function in drivers/scsi/sg.c in the Linux\n kernel allows local users to cause a denial of service\n (stack-based buffer overflow) or possibly have\n unspecified other impacts via a large command size in\n an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds\n write access in the sg_write function.(CVE-2017-7187)\n\n - In was found that in the Linux kernel, in\n vmw_surface_define_ioctl() function in\n 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a\n 'num_sizes' parameter is assigned a user-controlled\n value which is not checked if it is zero. This is used\n in a call to kmalloc() and later leads to dereferencing\n ZERO_SIZE_PTR, which in turn leads to a GPF and\n possibly to a kernel panic.(CVE-2017-7261)\n\n - An out-of-bounds write vulnerability was found in the\n Linux kernel's vmw_surface_define_ioctl() function, in\n the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due\n to the nature of the flaw, privilege escalation cannot\n be fully ruled out, although we believe it is\n unlikely.(CVE-2017-7294)\n\n - It was found that the packet_set_ring() function of the\n Linux kernel's networking implementation did not\n properly validate certain block-size data. A local\n attacker with CAP_NET_RAW capability could use this\n flaw to trigger a buffer overflow, resulting in the\n crash of the system. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled\n out.(CVE-2017-7308)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1502\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e37118f9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-08T14:56:32", "description": "It was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nJongHwan Kim discovered an out-of-bounds read in the TCP stack of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or leak sensitive information. (CVE-2017-7277)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash (ahash) implementation in the Linux kernel did not properly handle a full request queue. A local attacker could use this to cause a denial of service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism. A local attacker with access to /dev/mem could use this to expose sensitive information or possibly execute arbitrary code. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly check for the end of buffer. A remote attacker could use this to craft requests that cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7895)\n\nFabian Grunbichler discovered that the Packet action API implementation in the Linux kernel improperly handled uninitialized data. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7979)\n\nIt was discovered that the Conexant USB driver in the Linux kernel improperly handled memory in some configurations. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-8063)\n\nIt was discovered that the DVD USB framework in the Linux kernel improperly handled memory in some configurations. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-8064)\n\nIt was discovered that the virtio console driver in the Linux kernel improperly handled memory. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-8067).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-06-07T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3314-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9604", "CVE-2017-2671", "CVE-2017-7277", "CVE-2017-7472", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-7895", "CVE-2017-7979", "CVE-2017-8063", "CVE-2017-8064", "CVE-2017-8067"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3314-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100668", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3314-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100668);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2016-9604\", \"CVE-2017-2671\", \"CVE-2017-7277\", \"CVE-2017-7472\", \"CVE-2017-7618\", \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-7895\", \"CVE-2017-7979\", \"CVE-2017-8063\", \"CVE-2017-8064\", \"CVE-2017-8067\");\n script_xref(name:\"USN\", value:\"3314-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3314-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the keyring implementation in the Linux kernel\nin some situations did not prevent special internal keyrings from\nbeing joined by userspace keyrings. A privileged local attacker could\nuse this to bypass module verification. (CVE-2016-9604)\n\nDaniel Jiang discovered that a race condition existed in the ipv4 ping\nsocket implementation in the Linux kernel. A local privileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-2671)\n\nJongHwan Kim discovered an out-of-bounds read in the TCP stack of the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or leak sensitive information. (CVE-2017-7277)\n\nEric Biggers discovered a memory leak in the keyring implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-7472)\n\nSabrina Dubroca discovered that the asynchronous cryptographic hash\n(ahash) implementation in the Linux kernel did not properly handle a\nfull request queue. A local attacker could use this to cause a denial\nof service (infinite recursion). (CVE-2017-7618)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly handle\ncertain long RPC replies. A remote attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-7645)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in\nthe Linux kernel did not properly enforce the CONFIG_STRICT_DEVMEM\nprotection mechanism. A local attacker with access to /dev/mem could\nuse this to expose sensitive information or possibly execute arbitrary\ncode. (CVE-2017-7889)\n\nTuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3\nserver implementations in the Linux kernel did not properly check for\nthe end of buffer. A remote attacker could use this to craft requests\nthat cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7895)\n\nFabian Grunbichler discovered that the Packet action API\nimplementation in the Linux kernel improperly handled uninitialized\ndata. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2017-7979)\n\nIt was discovered that the Conexant USB driver in the Linux kernel\nimproperly handled memory in some configurations. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-8063)\n\nIt was discovered that the DVD USB framework in the Linux kernel\nimproperly handled memory in some configurations. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-8064)\n\nIt was discovered that the virtio console driver in the Linux kernel\nimproperly handled memory. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-8067).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3314-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9604\", \"CVE-2017-2671\", \"CVE-2017-7277\", \"CVE-2017-7472\", \"CVE-2017-7618\", \"CVE-2017-7645\", \"CVE-2017-7889\", \"CVE-2017-7895\", \"CVE-2017-7979\", \"CVE-2017-8063\", \"CVE-2017-8064\", \"CVE-2017-8067\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3314-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1006-raspi2\", pkgver:\"4.10.0-1006.8\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-22-generic\", pkgver:\"4.10.0-22.24\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-22-generic-lpae\", pkgver:\"4.10.0-22.24\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-22-lowlatency\", pkgver:\"4.10.0-22.24\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.22.24\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.22.24\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.22.24\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1006.8\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:55:40", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to receive various security and bugfixes. Notable new/improved features :\n\n - Improved support for Hyper-V\n\n - Support for Matrox G200eH3\n\n - Support for tcp_westwood The following security bugs were fixed :\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052).\n\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213).\n\n - CVE-2017-7374: Use-after-free vulnerability in fs/crypto/ in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, causing cryptographic transform objects to be freed prematurely (bnc#1032006).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066).\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).\n\n - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel had incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179).\n\n - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application (bnc#1008842).\n\n - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulated the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785).\n\n - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-08T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1183-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10200", "CVE-2016-2117", "CVE-2016-9191", "CVE-2017-2596", "CVE-2017-2671", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6347", "CVE-2017-6353", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7374"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-1183-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100023", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:1183-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100023);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-2117\", \"CVE-2016-9191\", \"CVE-2017-2596\", \"CVE-2017-2671\", \"CVE-2017-5986\", \"CVE-2017-6074\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6347\", \"CVE-2017-6353\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7374\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1183-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to\nreceive various security and bugfixes. Notable new/improved features :\n\n - Improved support for Hyper-V\n\n - Support for Matrox G200eH3\n\n - Support for tcp_westwood The following security bugs\n were fixed :\n\n - CVE-2017-2671: The ping_unhash function in\n net/ipv4/ping.c in the Linux kernel was too late in\n obtaining a certain lock and consequently could not\n ensure that disconnect function calls are safe, which\n allowed local users to cause a denial of service (panic)\n by leveraging access to the protocol value of\n IPPROTO_ICMP in a socket system call (bnc#1031003).\n\n - CVE-2017-7308: The packet_set_ring function in\n net/packet/af_packet.c in the Linux kernel did not\n properly validate certain block-size data, which allowed\n local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted\n system calls (bnc#1031579).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate addition of certain levels data,\n which allowed local users to trigger an integer overflow\n and out-of-bounds write, and cause a denial of service\n (system hang or crash) or possibly gain privileges, via\n a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031440).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not check for a zero value of certain levels\n data, which allowed local users to cause a denial of\n service (ZERO_SIZE_PTR dereference, and GPF and possibly\n panic) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031052).\n\n - CVE-2017-7187: The sg_ioctl function in\n drivers/scsi/sg.c in the Linux kernel allowed local\n users to cause a denial of service (stack-based buffer\n overflow) or possibly have unspecified other impact via\n a large command size in an SG_NEXT_CMD_LEN ioctl call,\n leading to out-of-bounds write access in the sg_write\n function (bnc#1030213).\n\n - CVE-2017-7374: Use-after-free vulnerability in\n fs/crypto/ in the Linux kernel allowed local users to\n cause a denial of service (NULL pointer dereference) or\n possibly gain privileges by revoking keyring keys being\n used for ext4, f2fs, or ubifs encryption, causing\n cryptographic transform objects to be freed prematurely\n (bnc#1032006).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP\n Encapsulation feature in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (use-after-free) by making multiple bind system calls\n without properly ascertaining whether a socket has the\n SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and\n net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did\n not ensure that a certain destructor exists in required\n circumstances, which allowed local users to cause a\n denial of service (BUG_ON) or possibly have unspecified\n other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c\n in the Linux kernel allowed local users to cause a\n denial of service (use-after-free) or possibly have\n unspecified other impact via a multithreaded application\n that made PACKET_FANOUT setsockopt system calls\n (bnc#1027189).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did\n not properly restrict association peel-off operations\n during certain wait states, which allowed local users to\n cause a denial of service (invalid unlock and double\n free) via a multithreaded application. NOTE: this\n vulnerability exists because of an incorrect fix for\n CVE-2017-5986 (bnc#1027066).\n\n - CVE-2017-6214: The tcp_splice_read function in\n net/ipv4/tcp.c in the Linux kernel allowed remote\n attackers to cause a denial of service (infinite loop\n and soft lockup) via vectors involving a TCP packet with\n the URG flag (bnc#1026722).\n\n - CVE-2016-2117: The atl2_probe function in\n drivers/net/ethernet/atheros/atlx/atl2.c in the Linux\n kernel incorrectly enables scatter/gather I/O, which\n allowed remote attackers to obtain sensitive information\n from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in\n net/ipv4/ip_sockglue.c in the Linux kernel had incorrect\n expectations about skb data layout, which allowed local\n users to cause a denial of service (buffer over-read) or\n possibly have unspecified other impact via crafted\n system calls, as demonstrated by use of the MSG_MORE\n flag in conjunction with loopback UDP transmission\n (bnc#1027179).\n\n - CVE-2016-9191: The cgroup offline implementation in the\n Linux kernel mishandled certain drain operations, which\n allowed local users to cause a denial of service (system\n hang) by leveraging access to a container environment\n for executing a crafted application (bnc#1008842).\n\n - CVE-2017-2596: The nested_vmx_check_vmptr function in\n arch/x86/kvm/vmx.c in the Linux kernel improperly\n emulated the VMXON instruction, which allowed KVM L1\n guest OS users to cause a denial of service (host OS\n memory consumption) by leveraging the mishandling of\n page references (bnc#1022785).\n\n - CVE-2017-6074: The dccp_rcv_state_process function in\n net/dccp/input.c in the Linux kernel mishandled\n DCCP_PKT_REQUEST packet data structures in the LISTEN\n state, which allowed local users to obtain root\n privileges or cause a denial of service (double free)\n via an application that made an IPV6_RECVPKTINFO\n setsockopt system call (bnc#1026024).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008842\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022785\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023866\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025683\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026462\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026505\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1026722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027195\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1027616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028041\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028217\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1028895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029514\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1029986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1030213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1032681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=897662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968697\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987899\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-10200/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9191/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2596/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6074/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6214/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6345/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6346/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6347/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-6353/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7187/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7261/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7294/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7308/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7374/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20171183-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e163b69f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-697=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-697=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-697=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-697=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-697=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2017-697=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-697=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-697=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.59-92.17.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.59-92.17.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.59-92.17.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:55:13", "description": "The openSUSE Leap 42.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel allowed attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue (bnc#1033340).\n\n - CVE-2016-10318: A missing authorization check in the fscrypt_process_policy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel allowed a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of service (bnc#1032435).\n\n - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336).\n\n - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579).\n\n - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052).\n\n - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213).\n\nThe following non-security bugs were fixed :\n\n - ata: ahci_xgene: free structure returned by acpi_get_object_info() (bsc#1033518).\n\n - doc/README.SUSE: update links to KMP manual\n\n - ext4: do not perform data journaling when data is encrypted (bsc#1012876).\n\n - ext4: fix use-after-iput when fscrypt contexts are inconsistent (bsc#1012829).\n\n - ext4: mark inode dirty after converting inline directory (bsc#1012876).\n\n - ext4: reject inodes with negative size (bsc#1012876).\n\n - fs, seqfile: always allow oom killer (bsc#1012876).\n\n - ipv6: make ECMP route replacement less greedy (bsc#930399).\n\n - l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415).\n\n - mm: filemap: do not plant shadow entries without radix tree node (bsc#1012876).\n\n - netfilter: allow logging from non-init namespaces (bsc#970083).\n\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670 CVE#2017-7645).\n\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670 CVE#2017-7645).\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670 CVE#2017-7645).", "cvss3": {}, "published": "2017-05-09T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2017-562)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10318", "CVE-2017-2671", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7618"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pv", "p-cpe:/a:novell:opensuse:kernel-pv-base", "p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pv-debugsource", "p-cpe:/a:novell:opensuse:kernel-pv-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2017-562.NASL", "href": "https://www.tenable.com/plugins/nessus/100044", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-562.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100044);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-10318\", \"CVE-2017-2671\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2017-562)\");\n script_summary(english:\"Check for the openSUSE-2017-562 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2017-7618: crypto/ahash.c in the Linux kernel\n allowed attackers to cause a denial of service (API\n operation calling its own callback, and infinite\n recursion) by triggering EBUSY on a full queue\n (bnc#1033340).\n\n - CVE-2016-10318: A missing authorization check in the\n fscrypt_process_policy function in fs/crypto/policy.c in\n the ext4 and f2fs filesystem encryption support in the\n Linux kernel allowed a user to assign an encryption\n policy to a directory owned by a different user,\n potentially creating a denial of service (bnc#1032435).\n\n - CVE-2017-7616: Incorrect error handling in the\n set_mempolicy and mbind compat syscalls in\n mm/mempolicy.c in the Linux kernel allowed local users\n to obtain sensitive information from uninitialized stack\n data by triggering failure of a certain bitmap operation\n (bnc#1033336).\n\n - CVE-2017-7308: The packet_set_ring function in\n net/packet/af_packet.c in the Linux kernel did not\n properly validate certain block-size data, which allowed\n local users to cause a denial of service (overflow) or\n possibly have unspecified other impact via crafted\n system calls (bnc#1031579).\n\n - CVE-2017-2671: The ping_unhash function in\n net/ipv4/ping.c in the Linux kernel is too late in\n obtaining a certain lock and consequently cannot ensure\n that disconnect function calls are safe, which allowed\n local users to cause a denial of service (panic) by\n leveraging access to the protocol value of IPPROTO_ICMP\n in a socket system call (bnc#1031003).\n\n - CVE-2017-7294: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not validate addition of certain levels data,\n which allowed local users to trigger an integer overflow\n and out-of-bounds write, and cause a denial of service\n (system hang or crash) or possibly gain privileges, via\n a crafted ioctl call for a /dev/dri/renderD* device\n (bnc#1031440).\n\n - CVE-2017-7261: The vmw_surface_define_ioctl function in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel did not check for a zero value of certain levels\n data, which allowed local users to cause a denial of\n service (ZERO_SIZE_PTR dereference, and GPF and possibly\n panic) via a crafted ioctl call for a /dev/dri/renderD*\n device (bnc#1031052).\n\n - CVE-2017-7187: The sg_ioctl function in\n drivers/scsi/sg.c in the Linux kernel allowed local\n users to cause a denial of service (stack-based buffer\n overflow) or possibly have unspecified other impact via\n a large command size in an SG_NEXT_CMD_LEN ioctl call,\n leading to out-of-bounds write access in the sg_write\n function (bnc#1030213).\n\nThe following non-security bugs were fixed :\n\n - ata: ahci_xgene: free structure returned by\n acpi_get_object_info() (bsc#1033518).\n\n - doc/README.SUSE: update links to KMP manual\n\n - ext4: do not perform data journaling when data is\n encrypted (bsc#1012876).\n\n - ext4: fix use-after-iput when fscrypt contexts are\n inconsistent (bsc#1012829).\n\n - ext4: mark inode dirty after converting inline directory\n (bsc#1012876).\n\n - ext4: reject inodes with negative size (bsc#1012876).\n\n - fs, seqfile: always allow oom killer (bsc#1012876).\n\n - ipv6: make ECMP route replacement less greedy\n (bsc#930399).\n\n - l2tp: hold tunnel socket when handling control frames in\n l2tp_ip and l2tp_ip6 (bsc#1028415).\n\n - mm: filemap: do not plant shadow entries without radix\n tree node (bsc#1012876).\n\n - netfilter: allow logging from non-init namespaces\n (bsc#970083).\n\n - nfsd4: minor NFSv2/v3 write decoding cleanup\n (bsc#1034670 CVE#2017-7645).\n\n - nfsd: check for oversized NFSv2/v3 arguments\n (bsc#1034670 CVE#2017-7645).\n\n - nfsd: stricter decoding of write-like NFSv2/v3 ops\n (bsc#1034670 CVE#2017-7645).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012876\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1028415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1030213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1032435\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033340\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1033518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1034670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970083\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pv-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-default-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-html-4.1.39-56.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-docs-pdf-4.1.39-56.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-macros-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-4.1.39-56.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-build-debugsource-4.1.39-56.3\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-obs-qa-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-source-vanilla-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"kernel-syms-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pae-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-pv-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"i686\", reference:\"kernel-xen-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-pv-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-4.1.39-56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-4.1.39-56.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T15:01:01", "description": "It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses.\nA physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251)\n\nIt was discovered that the asynchronous I/O (aio) subsystem of the Linux kernel did not properly set permissions on aio memory mappings in some situations. An attacker could use this to more easily exploit other vulnerabilities. (CVE-2016-10044)\n\nBaozeng Ding and Andrey Konovalov discovered a race condition in the L2TPv3 IP Encapsulation implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-10200)\n\nAndreas Gruenbacher and Jan Kara discovered that the filesystem implementation in the Linux kernel did not clear the setgid bit during a setxattr call. A local attacker could use this to possibly elevate group privileges. (CVE-2016-7097)\n\nSergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered that the key management subsystem in the Linux kernel did not properly allocate memory in some situations. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-8650)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the VFIO PCI driver for the Linux kernel. A local attacker with access to a vfio PCI device file could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-9083, CVE-2016-9084)\n\nIt was discovered that an information leak existed in\n__get_user_asm_ex() in the Linux kernel. A local attacker could use this to expose sensitive information. (CVE-2016-9178)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did not properly perform reference counting in some situations. An unprivileged attacker could use this to cause a denial of service (system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel in some situations did not prevent special internal keyrings from being joined by userspace keyrings. A privileged local attacker could use this to bypass module verification. (CVE-2016-9604)\n\nIt was discovered that an integer overflow existed in the trace subsystem of the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2016-9754)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)\n\nIt was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)\n\nIt was discovered that the keyring implementation in the Linux kernel did not properly restrict searches for dead keys. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-6951)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nEric Biggers discovered a memory leak in the keyring implementation in the Linux kernel. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-7472)\n\nIt was discovered that a buffer overflow existed in the Broadcom FullMAC WLAN driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7541).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-09-19T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3422-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10044", "CVE-2016-10200", "CVE-2016-7097", "CVE-2016-8650", "CVE-2016-9083", "CVE-2016-9084", "CVE-2016-9178", "CVE-2016-9191", "CVE-2016-9604", "CVE-2016-9754", "CVE-2017-1000251", "CVE-2017-5970", "CVE-2017-6214", "CVE-2017-6346", "CVE-2017-6951", "CVE-2017-7187", "CVE-2017-7472", "CVE-2017-7541"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-powerpc-e500", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-3422-1.NASL", "href": "https://www.tenable.com/plugins/nessus/103326", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3422-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(103326);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2016-10044\",\n \"CVE-2016-10200\",\n \"CVE-2016-7097\",\n \"CVE-2016-8650\",\n \"CVE-2016-9083\",\n \"CVE-2016-9084\",\n \"CVE-2016-9178\",\n \"CVE-2016-9191\",\n \"CVE-2016-9604\",\n \"CVE-2016-9754\",\n \"CVE-2017-1000251\",\n \"CVE-2017-5970\",\n \"CVE-2017-6214\",\n \"CVE-2017-6346\",\n \"CVE-2017-6951\",\n \"CVE-2017-7187\",\n \"CVE-2017-7472\",\n \"CVE-2017-7541\"\n );\n script_xref(name:\"USN\", value:\"3422-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3422-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"It was discovered that a buffer overflow existed in the Bluetooth\nstack of the Linux kernel when handling L2CAP configuration responses.\nA physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2017-1000251)\n\nIt was discovered that the asynchronous I/O (aio) subsystem of the\nLinux kernel did not properly set permissions on aio memory mappings\nin some situations. An attacker could use this to more easily exploit\nother vulnerabilities. (CVE-2016-10044)\n\nBaozeng Ding and Andrey Konovalov discovered a race condition in the\nL2TPv3 IP Encapsulation implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-10200)\n\nAndreas Gruenbacher and Jan Kara discovered that the filesystem\nimplementation in the Linux kernel did not clear the setgid bit during\na setxattr call. A local attacker could use this to possibly elevate\ngroup privileges. (CVE-2016-7097)\n\nSergej Schumilo, Ralf Spenneberg, and Hendrik Schwartke discovered\nthat the key management subsystem in the Linux kernel did not properly\nallocate memory in some situations. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2016-8650)\n\nVlad Tsyrklevich discovered an integer overflow vulnerability in the\nVFIO PCI driver for the Linux kernel. A local attacker with access to\na vfio PCI device file could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-9083,\nCVE-2016-9084)\n\nIt was discovered that an information leak existed in\n__get_user_asm_ex() in the Linux kernel. A local attacker could use\nthis to expose sensitive information. (CVE-2016-9178)\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel\ndid not properly perform reference counting in some situations. An\nunprivileged attacker could use this to cause a denial of service\n(system hang). (CVE-2016-9191)\n\nIt was discovered that the keyring implementation in the Linux kernel\nin some situations did not prevent special internal keyrings from\nbeing joined by userspace keyrings. A privileged local attacker could\nuse this to bypass module verification. (CVE-2016-9604)\n\nIt was discovered that an integer overflow existed in the trace\nsubsystem of the Linux kernel. A local privileged attacker could use\nthis to cause a denial of service (system crash). (CVE-2016-9754)\n\nAndrey Konovalov discovered that the IPv4 implementation in the Linux\nkernel did not properly handle invalid IP options in some situations.\nAn attacker could use this to cause a denial of service or possibly\nexecute arbitrary code. (CVE-2017-5970)\n\nDmitry Vyukov discovered that the Linux kernel did not properly handle\nTCP packets with the URG flag. A remote attacker could use this to\ncause a denial of service. (CVE-2017-6214)\n\nIt was discovered that a race condition existed in the AF_PACKET\nhandling code in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2017-6346)\n\nIt was discovered that the keyring implementation in the Linux kernel\ndid not properly restrict searches for dead keys. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-6951)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the\nLinux kernel contained a stack-based buffer overflow. A local attacker\nwith access to an sg device could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nEric Biggers discovered a memory leak in the keyring implementation in\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (memory consumption). (CVE-2017-7472)\n\nIt was discovered that a buffer overflow existed in the Broadcom\nFullMAC WLAN driver in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2017-7541).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3422-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-1000251\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/09/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-powerpc-e500\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-132-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '14.04': {\n '3.13.0': {\n 'generic': '3.13.0-132',\n 'generic-lpae': '3.13.0-132',\n 'lowlatency': '3.13.0-132',\n 'powerpc-e500': '3.13.0-132',\n 'powerpc-e500mc': '3.13.0-132',\n 'powerpc-smp': '3.13.0-132',\n 'powerpc64-emb': '3.13.0-132',\n 'powerpc64-smp': '3.13.0-132'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3422-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2016-7097', 'CVE-2016-8650', 'CVE-2016-9083', 'CVE-2016-9084', 'CVE-2016-9178', 'CVE-2016-9191', 'CVE-2016-9604', 'CVE-2016-9754', 'CVE-2016-10044', 'CVE-2016-10200', 'CVE-2017-5970', 'CVE-2017-6214', 'CVE-2017-6346', 'CVE-2017-6951', 'CVE-2017-7187', 'CVE-2017-7472', 'CVE-2017-7541', 'CVE-2017-1000251');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3422-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:54:09", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.\n\n - CVE-2016-9588 Jim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 (nested) virtual machine. A local attacker in an L2 guest VM can take advantage of this flaw to cause a denial of service for the L1 guest VM.\n\n - CVE-2017-2636 Alexander Popov discovered a race condition flaw in the n_hdlc line discipline that can lead to a double free. A local unprivileged user can take advantage of this flaw for privilege escalation. On systems that do not already have the n_hdlc module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false\n\n - CVE-2017-5669 Gareth Evans reported that privileged users can map memory at address 0 through the shmat() system call.\n This could make it easier to exploit other kernel security vulnerabilities via a set-UID program.\n\n - CVE-2017-5986 Alexander Popov reported a race condition in the SCTP implementation that can be used by local users to cause a denial-of-service (crash). The initial fix for this was incorrect and introduced further security issues ( CVE-2017-6353 ). This update includes a later fix that avoids those. On systems that do not already have the sctp module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-sctp.conf install sctp false\n\n - CVE-2017-6214 Dmitry Vyukov reported a bug in the TCP implementation's handling of urgent data in the splice() system call.\n This can be used by a remote attacker for denial-of-service (hang) against applications that read from TCP sockets with splice().\n\n - CVE-2017-6345 Andrey Konovalov reported that the LLC type 2 implementation incorrectly assigns socket buffer ownership. This can be used by a local user to cause a denial-of-service (crash). On systems that do not already have the llc2 module loaded, this can be mitigated by disabling it:echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false\n\n - CVE-2017-6346 Dmitry Vyukov reported a race condition in the raw packet (af_packet) fanout feature. Local users with the CAP_NET_RAW capability (in any user namespace) can use this for denial-of-service and possibly for privilege escalation.\n\n - CVE-2017-6348 Dmitry Vyukov reported that the general queue implementation in the IrDA subsystem does not properly manage multiple locks, possibly allowing local users to cause a denial-of-service (deadlock) via crafted operations on IrDA devices.", "cvss3": {}, "published": "2017-03-09T00:00:00", "type": "nessus", "title": "Debian DSA-3804-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9588", "CVE-2017-2636", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6348", "CVE-2017-6353"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3804.NASL", "href": "https://www.tenable.com/plugins/nessus/97615", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3804. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97615);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9588\", \"CVE-2017-2636\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\");\n script_xref(name:\"DSA\", value:\"3804\");\n\n script_name(english:\"Debian DSA-3804-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\n - CVE-2016-9588\n Jim Mattson discovered that the KVM implementation for\n Intel x86 processors does not properly handle #BP and\n #OF exceptions in an L2 (nested) virtual machine. A\n local attacker in an L2 guest VM can take advantage of\n this flaw to cause a denial of service for the L1 guest\n VM.\n\n - CVE-2017-2636\n Alexander Popov discovered a race condition flaw in the\n n_hdlc line discipline that can lead to a double free. A\n local unprivileged user can take advantage of this flaw\n for privilege escalation. On systems that do not already\n have the n_hdlc module loaded, this can be mitigated by\n disabling it:echo >> /etc/modprobe.d/disable-n_hdlc.conf\n install n_hdlc false\n\n - CVE-2017-5669\n Gareth Evans reported that privileged users can map\n memory at address 0 through the shmat() system call.\n This could make it easier to exploit other kernel\n security vulnerabilities via a set-UID program.\n\n - CVE-2017-5986\n Alexander Popov reported a race condition in the SCTP\n implementation that can be used by local users to cause\n a denial-of-service (crash). The initial fix for this\n was incorrect and introduced further security issues (\n CVE-2017-6353 ). This update includes a later fix that\n avoids those. On systems that do not already have the\n sctp module loaded, this can be mitigated by disabling\n it:echo >> /etc/modprobe.d/disable-sctp.conf install\n sctp false\n\n - CVE-2017-6214\n Dmitry Vyukov reported a bug in the TCP implementation's\n handling of urgent data in the splice() system call.\n This can be used by a remote attacker for\n denial-of-service (hang) against applications that read\n from TCP sockets with splice().\n\n - CVE-2017-6345\n Andrey Konovalov reported that the LLC type 2\n implementation incorrectly assigns socket buffer\n ownership. This can be used by a local user to cause a\n denial-of-service (crash). On systems that do not\n already have the llc2 module loaded, this can be\n mitigated by disabling it:echo >>\n /etc/modprobe.d/disable-llc2.conf install llc2 false\n\n - CVE-2017-6346\n Dmitry Vyukov reported a race condition in the raw\n packet (af_packet) fanout feature. Local users with the\n CAP_NET_RAW capability (in any user namespace) can use\n this for denial-of-service and possibly for privilege\n escalation.\n\n - CVE-2017-6348\n Dmitry Vyukov reported that the general queue\n implementation in the IrDA subsystem does not properly\n manage multiple locks, possibly allowing local users to\n cause a denial-of-service (deadlock) via crafted\n operations on IrDA devices.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2016-9588\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-2636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6346\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-6348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2017/dsa-3804\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 3.16.39-1+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.39-1+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.39-1+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:55:35", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.\n\nCVE-2016-2188\n\nRalf Spenneberg of OpenSource Security reported that the iowarrior device driver did not sufficiently validate USB descriptors. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash).\n\nCVE-2016-9604\n\nIt was discovered that the keyring subsystem allowed a process to set a special internal keyring as its session keyring. The security impact in this version of the kernel is unknown.\n\nCVE-2016-10200\n\nBaozeng Ding and Andrey Konovalov reported a race condition in the L2TP implementation which could corrupt its table of bound sockets. A local user could use this to cause a denial of service (crash) or possibly for privilege escalation.\n\nCVE-2017-2647 / CVE-2017-6951\n\nidl3r reported that the keyring subsystem would allow a process to search for 'dead' keys, causing a NULL pointer dereference. A local user could use this to cause a denial of service (crash).\n\nCVE-2017-2671\n\nDaniel Jiang discovered a race condition in the ping socket implementation. A local user with access to ping sockets could use this to cause a denial of service (crash) or possibly for privilege escalation. This feature is not accessible to any users by default.\n\nCVE-2017-5967\n\nXing Gao reported that the /proc/timer_list file showed information about all processes, not considering PID namespaces. If timer debugging was enabled by a privileged user, this leaked information to processes contained in PID namespaces.\n\nCVE-2017-5970\n\nAndrey Konovalov discovered a denial of service flaw in the IPv4 networking code. This can be triggered by a local or remote attacker if a local UDP or raw socket has the IP_RETOPTS option enabled.\n\nCVE-2017-7184\n\nChaitin Security Research Lab discovered that the net xfrm subsystem did not sufficiently validate replay state parameters, allowing a heap buffer overflow. This can be used by a local user with the CAP_NET_ADMIN capability for privilege escalation.\n\nCVE-2017-7261\n\nVladis Dronov and Murray McAllister reported that the vmwgfx driver did not sufficiently validate rendering surface parameters. In a VMware guest, this can be used by a local user to cause a denial of service (crash).\n\nCVE-2017-7273\n\nBenoit Camredon reported that the hid-cypress driver did not sufficiently validate HID reports. This possibly allowed a physically present user with a specially designed USB device to cause a denial of service (crash).\n\nCVE-2017-7294\n\nLi Qiang reported that the vmwgfx driver did not sufficiently validate rendering surface parameters. In a VMware guest, this can be used by a local user to cause a denial of service (crash) or possibly for privilege escalation.\n\nCVE-2017-7308\n\nAndrey Konovalov reported that the packet socket (AF_PACKET) implementation did not sufficiently validate buffer parameters. This can be used by a local user with the CAP_NET_RAW capability for privilege escalation.\n\nCVE-2017-7472\n\nEric Biggers reported that the keyring subsystem allowed a thread to create new thread keyrings repeatedly, causing a memory leak. This can be used by a local user to cause a denial of service (memory exhaustion).\n\nCVE-2017-7616\n\nChris Salls reported an information leak in the 32-bit big-endian compatibility implementations of set_mempolicy() and mbind(). This does not affect any architecture supported in Debian 7 LTS.\n\nCVE-2017-7618\n\nSabrina Dubroca reported that the cryptographic hash subsystem does not correctly handle submission of unaligned data to a device that is already busy, resulting in infinite recursion. On some systems this can be used by local users to cause a denial of service (crash).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.2.88-1. This version also includes bug fixes from upstream version 3.2.88, and fixes some older security issues in the keyring, packet socket and cryptographic hash subsystems that do not have CVE IDs.\n\nFor Debian 8 'Jessie', most of these problems have been fixed in version 3.16.43-1 which will be part of the next point release.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-01T00:00:00", "type": "nessus", "title": "Debian DLA-922-1 : linux security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10200", "CVE-2016-2188", "CVE-2016-9604", "CVE-2017-2647", "CVE-2017-2671", "CVE-2017-5967", "CVE-2017-5970", "CVE-2017-6951", "CVE-2017-7184", "CVE-2017-7261", "CVE-2017-7273", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7472", "CVE-2017-7616", "CVE-2017-7618"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-922.NASL", "href": "https://www.tenable.com/plugins/nessus/99733", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-922-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99733);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10200\", \"CVE-2016-2188\", \"CVE-2016-9604\", \"CVE-2017-2647\", \"CVE-2017-2671\", \"CVE-2017-5967\", \"CVE-2017-5970\", \"CVE-2017-6951\", \"CVE-2017-7184\", \"CVE-2017-7261\", \"CVE-2017-7273\", \"CVE-2017-7294\", \"CVE-2017-7308\", \"CVE-2017-7472\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n\n script_name(english:\"Debian DLA-922-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-2188\n\nRalf Spenneberg of OpenSource Security reported that the iowarrior\ndevice driver did not sufficiently validate USB descriptors. This\nallowed a physically present user with a specially designed USB device\nto cause a denial of service (crash).\n\nCVE-2016-9604\n\nIt was discovered that the keyring subsystem allowed a process to set\na special internal keyring as its session keyring. The security impact\nin this version of the kernel is unknown.\n\nCVE-2016-10200\n\nBaozeng Ding and Andrey Konovalov reported a race condition in the\nL2TP implementation which could corrupt its table of bound sockets. A\nlocal user could use this to cause a denial of service (crash) or\npossibly for privilege escalation.\n\nCVE-2017-2647 / CVE-2017-6951\n\nidl3r reported that the keyring subsystem would allow a process to\nsearch for 'dead' keys, causing a NULL pointer dereference. A local\nuser could use this to cause a denial of service (crash).\n\nCVE-2017-2671\n\nDaniel Jiang discovered a race condition in the ping socket\nimplementation. A local user with access to ping sockets could use\nthis to cause a denial of service (crash) or possibly for privilege\nescalation. This feature is not accessible to any users by default.\n\nCVE-2017-5967\n\nXing Gao reported that the /proc/timer_list file showed information\nabout all processes, not considering PID namespaces. If timer\ndebugging was enabled by a privileged user, this leaked information to\nprocesses contained in PID namespaces.\n\nCVE-2017-5970\n\nAndrey Konovalov discovered a denial of service flaw in the IPv4\nnetworking code. This can be triggered by a local or remote attacker\nif a local UDP or raw socket has the IP_RETOPTS option enabled.\n\nCVE-2017-7184\n\nChaitin Security Research Lab discovered that the net xfrm subsystem\ndid not sufficiently validate replay state parameters, allowing a heap\nbuffer overflow. This can be used by a local user with the\nCAP_NET_ADMIN capability for privilege escalation.\n\nCVE-2017-7261\n\nVladis Dronov and Murray McAllister reported that the vmwgfx driver\ndid not sufficiently validate rendering surface parameters. In a\nVMware guest, this can be used by a local user to cause a denial of\nservice (crash).\n\nCVE-2017-7273\n\nBenoit Camredon reported that the hid-cypress driver did not\nsufficiently validate HID reports. This possibly allowed a physically\npresent user with a specially designed USB device to cause a denial of\nservice (crash).\n\nCVE-2017-7294\n\nLi Qiang reported that the vmwgfx driver did not sufficiently validate\nrendering surface parameters. In a VMware guest, this can be used by a\nlocal user to cause a denial of service (crash) or possibly for\nprivilege escalation.\n\nCVE-2017-7308\n\nAndrey Konovalov reported that the packet socket (AF_PACKET)\nimplementation did not sufficiently validate buffer parameters. This\ncan be used by a local user with the CAP_NET_RAW capability for\nprivilege escalation.\n\nCVE-2017-7472\n\nEric Biggers reported that the keyring subsystem allowed a thread to\ncreate new thread keyrings repeatedly, causing a memory leak. This can\nbe used by a local user to cause a denial of service (memory\nexhaustion).\n\nCVE-2017-7616\n\nChris Salls reported an information leak in the 32-bit big-endian\ncompatibility implementations of set_mempolicy() and mbind(). This\ndoes not affect any architecture supported in Debian 7 LTS.\n\nCVE-2017-7618\n\nSabrina Dubroca reported that the cryptographic hash subsystem does\nnot correctly handle submission of unaligned data to a device that is\nalready busy, resulting in infinite recursion. On some systems this\ncan be used by local users to cause a denial of service (crash).\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.88-1. This version also includes bug fixes from upstream version\n3.2.88, and fixes some older security issues in the keyring, packet\nsocket and cryptographic hash subsystems that do not have CVE IDs.\n\nFor Debian 8 'Jessie', most of these problems have been fixed in\nversion 3.16.43-1 which will be part of the next point release.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/04/msg00041.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected linux package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.88-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-06T15:26:19", "description": "Dmitry Vyukov discovered that KVM implementation in the Linux kernel improperly emulated the VMXON instruction. A local attacker in a guest OS could use this to cause a denial of service (memory consumption) in the host OS. (CVE-2017-2596)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nJason Donenfeld discovered a heap overflow in the MACsec module in the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7477)\n\nIt was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3293-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2596", "CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7477", "CVE-2017-7616"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04"], "id": "UBUNTU_USN-3293-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100255", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3293-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100255);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2017-2596\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7477\", \"CVE-2017-7616\");\n script_xref(name:\"USN\", value:\"3293-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3293-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Dmitry Vyukov discovered that KVM implementation in the Linux kernel\nimproperly emulated the VMXON instruction. A local attacker in a guest\nOS could use this to cause a denial of service (memory consumption) in\nthe host OS. (CVE-2017-2596)\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the\nLinux kernel contained a stack-based buffer overflow. A local attacker\nwith access to an sg device could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the\nDirect Rendering Manager (DRM) driver for VMware devices in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nJason Donenfeld discovered a heap overflow in the MACsec module in the\nLinux kernel. An attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2017-7477)\n\nIt was discovered that an information leak existed in the\nset_mempolicy and mbind compat syscalls in the Linux kernel. A local\nattacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-7616).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3293-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/02/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nvar release = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-2596\", \"CVE-2017-7187\", \"CVE-2017-7261\", \"CVE-2017-7294\", \"CVE-2017-7477\", \"CVE-2017-7616\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3293-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar flag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1005-raspi2\", pkgver:\"4.10.0-1005.7\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-21-generic\", pkgver:\"4.10.0-21.23\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-21-generic-lpae\", pkgver:\"4.10.0-21.23\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-21-lowlatency\", pkgver:\"4.10.0-21.23\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.21.23\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.21.23\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.21.23\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1005.7\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:55:41", "description": "Infinite recursion in ahash.c by triggering EBUSY on a full queue :\n\nA vulnerability was found in crypto/ahash.c in the Linux kernel which allows attackers to cause a denial of service (API operation calling its own callback, and infinite recursion) by triggering EBUSY on a full queue.(CVE-2017-7618)\n\nTime subsystem allows local users to discover real PID values :\n\nThe time subsystem in the Linux kernel, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the __timer_stats_timer_set_start_info function in kernel/time/timer.c.(CVE-2017-5967)\n\nStack-based buffer overflow in sg_ioctl function :\n\nThe sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impacts via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function. (CVE-2017-7187)\n\nIncorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c :\n\nIncorrect error handling in the set_mempolicy() and mbind() compat syscalls in mm/mempolicy.c; in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616)\n\nRace condition in Link Layer Control :\n\nA race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system.\n(CVE-2017-2671)\n\nOverflow in check for priv area size :\n\nIt was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system.\nDue to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-7308)", "cvss3": {}, "published": "2017-05-11T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-828)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2671", "CVE-2017-5967", "CVE-2017-7187", "CVE-2017-7308", "CVE-2017-7616", "CVE-2017-7618"], "modified": "2019-04-10T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-828.NASL", "href": "https://www.tenable.com/plugins/nessus/100106", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-828.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(100106);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/04/10 16:10:16\");\n\n script_cve_id(\"CVE-2017-2671\", \"CVE-2017-5967\", \"CVE-2017-7187\", \"CVE-2017-7308\", \"CVE-2017-7616\", \"CVE-2017-7618\");\n script_xref(name:\"ALAS\", value:\"2017-828\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-828)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Infinite recursion in ahash.c by triggering EBUSY on a full queue :\n\nA vulnerability was found in crypto/ahash.c in the Linux kernel which\nallows attackers to cause a denial of service (API operation calling\nits own callback, and infinite recursion) by triggering EBUSY on a\nfull queue.(CVE-2017-7618)\n\nTime subsystem allows local users to discover real PID values :\n\nThe time subsystem in the Linux kernel, when CONFIG_TIMER_STATS is\nenabled, allows local users to discover real PID values (as\ndistinguished from PID values inside a PID namespace) by reading the\n/proc/timer_list file, related to the print_timer function in\nkernel/time/timer_list.c and the __timer_stats_timer_set_start_info\nfunction in kernel/time/timer.c.(CVE-2017-5967)\n\nStack-based buffer overflow in sg_ioctl function :\n\nThe sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allows\nlocal users to cause a denial of service (stack-based buffer overflow)\nor possibly have unspecified other impacts via a large command size in\nan SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access\nin the sg_write function. (CVE-2017-7187)\n\nIncorrect error handling in the set_mempolicy and mbind compat\nsyscalls in mm/mempolicy.c :\n\nIncorrect error handling in the set_mempolicy() and mbind() compat\nsyscalls in mm/mempolicy.c; in the Linux kernel allows local users to\nobtain sensitive information from uninitialized stack data by\ntriggering failure of a certain bitmap operation. (CVE-2017-7616)\n\nRace condition in Link Layer Control :\n\nA race condition leading to a NULL pointer dereference was found in\nthe Linux kernel's Link Layer Control implementation. A local attacker\nwith access to ping sockets could use this flaw to crash the system.\n(CVE-2017-2671)\n\nOverflow in check for priv area size :\n\nIt was found that the packet_set_ring() function of the Linux kernel's\nnetworking implementation did not properly validate certain block-size\ndata. A local attacker with CAP_NET_RAW capability could use this flaw\nto trigger a buffer overflow, resulting in the crash of the system.\nDue to the nature of the flaw, privilege escalation cannot be fully\nruled out, although we believe it is unlikely. (CVE-2017-7308)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-828.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'AF_PACKET packet_set_ring Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.9.27-14.31.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.9.27-14.31.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:56:47", "description": "Description of changes:\n\n- [3.10.0-514.26.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>alexey.petrenko at oracle.com</A>)\n- Update x509.genkey [bug 24817676]\n\n[3.10.0-514.26.1.el7]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] {CVE-2017-1000364}\n- Revert: [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n\n[3.10.0-514.25.1.el7]\n- [lib] kobject: grab an extra reference on kobject->sd to allow duplicate deletes (Aristeu Rozanski) [1454851 1427252]\n- [kernel] module: When modifying a module's text ignore modules which are going away too (Aaron Tomlin) [1454684 1386313]\n- [kernel] module: Ensure a module's state is set accordingly during module coming cleanup code (Aaron Tomlin) [1454684 1386313]\n- [net] vxlan: do not output confusing error message (Jiri Benc) [1454636 1445054]\n- [net] vxlan: correctly handle ipv6.disable module parameter (Jiri Benc) [1454636 1445054]\n- [iommu] vt-d: fix range computation when making room for large pages (Alex Williamson) [1450856 1435612]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ('J. Bruce Fields') [1449282 1443204] {CVE-2017-7895}\n- [md] dm mirror: use all available legs on multiple failures (Mike Snitzer) [1449176 1383444]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments ('J. Bruce Fields') [1447642 1442407] {CVE-2017-7645}\n- [scsi] ses: don't get power status of SES device slot on probe (Gustavo Duarte) [1446650 1434768]\n- [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) [1446649 1441747]\n- [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) [1445546 1445545] {CVE-2017-7477}\n- [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S Peterson) [1433882 1404005]\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) [1430579 1430580] {CVE-2017-6214}\n- [mm] vma_merge: correct false positive from \n__vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548]\n- [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk (Andrea Arcangeli) [1428840 1374548]\n- [mm] fix use-after-free if memory allocation failed in vma_adjust() (Andrea Arcangeli) [1428840 1374548]\n- [x86] kvm: x86: fix emulation of 'MOV SS, null selector' (Radim Krcmar) [1414742 1414743] {CVE-2017-2583}\n- [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) [1450041 1411321]\n- [pci] pciehp: Prioritize data-link event over presence detect (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Don't re-read Slot Status when queuing hotplug event (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Process all hotplug events before looking for new ones (Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) [1450124 1435818]\n\n[3.10.0-514.24.1.el7]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1452044 1443116]\n- [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex Williamson) [1450855 1438403]\n- [vfio] type1: Remove locked page accounting workqueue (Alex Williamson) [1450855 1438403]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) [1450851 1442068]\n- [x86] xen: do not re-use pirq number cached in pci device msi msg data (Vitaly Kuznetsov) [1450037 1433831]\n- [powerpc] mm: Add missing global TLB invalidate if cxl is active (Steve Best) [1449178 1440776]\n- [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 1395838]\n\n[3.10.0-514.23.1.el7]\n- [scsi] qla2xxx: Defer marking device lost when receiving an RSCN (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Add fix to read correct register value for ISP82xx (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Disable the adapter and skip error recovery in case of register disconnect (Himanshu Madhani) [1446246 1436940]\n\n[3.10.0-514.22.1.el7]\n- [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry Woodman) [1445184 1385473]", "cvss3": {}, "published": "2017-06-30T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2017-1615-1) (Stack Clash)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000364", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7895"], "modified": "2021-06-03T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-1615-1.NASL", "href": "https://www.tenable.com/plugins/nessus/101138", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-1615-1.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101138);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2017-1000364\", \"CVE-2017-2583\", \"CVE-2017-6214\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7895\");\n script_xref(name:\"IAVA\", value:\"2017-A-0288-S\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2017-1615-1) (Stack Clash)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n- [3.10.0-514.26.1.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug \n22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel \n(olkmod_signing_key.x509)(<A HREF='https://oss.oracle.com/mailman/listinfo/el-errata'>alexey.petrenko at oracle.com</A>)\n- Update x509.genkey [bug 24817676]\n\n[3.10.0-514.26.1.el7]\n- [mm] enlarge stack guard gap (Larry Woodman) [1452732 1452733] \n{CVE-2017-1000364}\n- Revert: [md] dm mirror: use all available legs on multiple failures \n(Mike Snitzer) [1449176 1383444]\n\n[3.10.0-514.25.1.el7]\n- [lib] kobject: grab an extra reference on kobject->sd to allow \nduplicate deletes (Aristeu Rozanski) [1454851 1427252]\n- [kernel] module: When modifying a module's text ignore modules which \nare going away too (Aaron Tomlin) [1454684 1386313]\n- [kernel] module: Ensure a module's state is set accordingly during \nmodule coming cleanup code (Aaron Tomlin) [1454684 1386313]\n- [net] vxlan: do not output confusing error message (Jiri Benc) \n[1454636 1445054]\n- [net] vxlan: correctly handle ipv6.disable module parameter (Jiri \nBenc) [1454636 1445054]\n- [iommu] vt-d: fix range computation when making room for large pages \n(Alex Williamson) [1450856 1435612]\n- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops ('J. Bruce \nFields') [1449282 1443204] {CVE-2017-7895}\n- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup ('J. Bruce Fields') \n[1449282 1443204] {CVE-2017-7895}\n- [md] dm mirror: use all available legs on multiple failures (Mike \nSnitzer) [1449176 1383444]\n- [fs] nfsd: check for oversized NFSv2/v3 arguments ('J. Bruce Fields') \n[1447642 1442407] {CVE-2017-7645}\n- [scsi] ses: don't get power status of SES device slot on probe \n(Gustavo Duarte) [1446650 1434768]\n- [scsi] ipr: do not set DID_PASSTHROUGH on CHECK CONDITION (Steve Best) \n[1446649 1441747]\n- [net] macsec: dynamically allocate space for sglist (Sabrina Dubroca) \n[1445546 1445545] {CVE-2017-7477}\n- [net] macsec: avoid heap overflow in skb_to_sgvec (Sabrina Dubroca) \n[1445546 1445545] {CVE-2017-7477}\n- [fs] gfs2: Allow glocks to be unlocked after withdraw (Robert S \nPeterson) [1433882 1404005]\n- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti) \n[1430579 1430580] {CVE-2017-6214}\n- [mm] vma_merge: correct false positive from \n__vma_unlink->validate_mm_rb (Andrea Arcangeli) [1428840 1374548]\n- [mm] vma_merge: fix race vm_page_prot race condition against rmap_walk \n(Andrea Arcangeli) [1428840 1374548]\n- [mm] fix use-after-free if memory allocation failed in vma_adjust() \n(Andrea Arcangeli) [1428840 1374548]\n- [x86] kvm: x86: fix emulation of 'MOV SS, null selector' (Radim \nKrcmar) [1414742 1414743] {CVE-2017-2583}\n- [powerpc] prom: Increase minimum RMA size to 512MB (Gustavo Duarte) \n[1450041 1411321]\n- [pci] pciehp: Prioritize data-link event over presence detect (Myron \nStowe) [1450124 1435818]\n- [pci] pciehp: Don't re-read Slot Status when queuing hotplug event \n(Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Process all hotplug events before looking for new ones \n(Myron Stowe) [1450124 1435818]\n- [pci] pciehp: Rename pcie_isr() locals for clarity (Myron Stowe) \n[1450124 1435818]\n\n[3.10.0-514.24.1.el7]\n- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) \n[1452044 1443116]\n- [vfio] type1: Reduce repetitive calls in vfio_pin_pages_remote() (Alex \nWilliamson) [1450855 1438403]\n- [vfio] type1: Remove locked page accounting workqueue (Alex \nWilliamson) [1450855 1438403]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Dave \nWysochanski) [1450851 1442068]\n- [fs] nfs: Be more targeted about readdirplus use when doing \nlookup/revalidation (Dave Wysochanski) [1450851 1442068]\n- [fs] nfs: Fix a performance regression in readdir (Dave Wysochanski) \n[1450851 1442068]\n- [x86] xen: do not re-use pirq number cached in pci device msi msg data \n(Vitaly Kuznetsov) [1450037 1433831]\n- [powerpc] mm: Add missing global TLB invalidate if cxl is active \n(Steve Best) [1449178 1440776]\n- [powerpc] boot: Fix zImage TOC alignment (Gustavo Duarte) [1444343 \n1395838]\n\n[3.10.0-514.23.1.el7]\n- [scsi] qla2xxx: Defer marking device lost when receiving an RSCN \n(Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix typo in driver (Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Fix crash in qla2xxx_eh_abort on bad ptr (Himanshu \nMadhani) [1446246 1436940]\n- [scsi] qla2xxx: Avoid that issuing a LIP triggers a kernel crash \n(Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Add fix to read correct register value for ISP82xx \n(Himanshu Madhani) [1446246 1436940]\n- [scsi] qla2xxx: Disable the adapter and skip error recovery in case of \nregister disconnect (Himanshu Madhani) [1446246 1436940]\n\n[3.10.0-514.22.1.el7]\n- [mm] hugetlb: don't use reserved during VM_SHARED mapping cow (Larry \nWoodman) [1445184 1385473]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-June/007023.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages. Note that the updated package may\nnot be immediately available from the package repository or its\nmirrors.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'rsh_stack_clash_priv_esc.rb');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/06/29\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/06/30\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.26.1.0.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.26.1.0.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:52:20", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that was mishandled during error processing (bnc#1003077).\n\n - CVE-2017-5576: Integer overflow in the vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted size value in a VC4_SUBMIT_CL ioctl call (bnc#1021294).\n\n - CVE-2017-5577: The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM driver in the Linux kernel did not set an errno value upon certain overflow detections, which allowed local users to cause a denial of service (incorrect pointer dereference and OOPS) via inconsistent size values in a VC4_SUBMIT_CL ioctl call (bnc#1021294).\n\n - CVE-2017-5551: The simple_set_acl function in fs/posix_acl.c in the Linux kernel preserved the setgid bit during a setxattr call involving a tmpfs filesystem, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. (bnc#1021258).\n\n - CVE-2017-2583: The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel improperly emulated a 'MOV SS, NULL selector' instruction, which allowed guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application (bnc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel mishandled uid and gid mappings, which allowed local users to gain privileges by establishing a user namespace, waiting for a root process to enter that namespace with an unsafe uid or gid, and then using the ptrace system call. NOTE: the vendor states 'there is no kernel bug here' (bnc#1010933).\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540).\n\n - CVE-2017-5897: fixed a bug in the Linux kernel IPv6 implementation which allowed remote attackers to trigger an out-of-bounds access, leading to a denial-of-service attack (bnc#1023762).\n\n - CVE-2017-5970: Fixed a possible denial-of-service that could have been triggered by sending bad IP options on a socket (bsc#1024938).\n\n - CVE-2017-5986: an application could have triggered a BUG_ON() in sctp_wait_for_sndbuf() if the socket TX buffer was full, a thread was waiting on it to queue more data, and meanwhile another thread peeled off the association being used by the first thread (bsc#1025235).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-03-01T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0575-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-8709", "CVE-2016-7117", "CVE-2016-9806", "CVE-2017-2583", "CVE-2017-2584", "CVE-2017-5551", "CVE-2017-5576", "CVE-2017-5577", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0575-1.NASL", "href": "https://www.tenable.com/plugins/nessus/97466", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0575-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97466);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-8709\", \"CVE-2016-7117\", \"CVE-2016-9806\", \"CVE-2017-2583\", \"CVE-2017-2584\", \"CVE-2017-5551\", \"CVE-2017-5576\", \"CVE-2017-5577\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-5986\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0575-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.49 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2016-7117: Use-after-free vulnerability in the\n __sys_recvmmsg function in net/socket.c in the Linux\n kernel allowed remote attackers to execute arbitrary\n code via vectors involving a recvmmsg system call that\n was mishandled during error processing (bnc#1003077).\n\n - CVE-2017-5576: Integer overflow in the vc4_get_bcl\n function in drivers/gpu/drm/vc4/vc4_gem.c in the\n VideoCore DRM driver in the Linux kernel allowed local\n users to cause a denial of service or possibly have\n unspecified other impact via a crafted size value in a\n VC4_SUBMIT_CL ioctl call (bnc#1021294).\n\n - CVE-2017-5577: The vc4_get_bcl function in\n drivers/gpu/drm/vc4/vc4_gem.c in the VideoCore DRM\n driver in the Linux kernel did not set an errno value\n upon certain overflow detections, which allowed local\n users to cause a denial of service (incorrect pointer\n dereference and OOPS) via inconsistent size values in a\n VC4_SUBMIT_CL ioctl call (bnc#1021294).\n\n - CVE-2017-5551: The simple_set_acl function in\n fs/posix_acl.c in the Linux kernel preserved the setgid\n bit during a setxattr call involving a tmpfs filesystem,\n which allowed local users to gain group privileges by\n leveraging the existence of a setgid program with\n restrictions on execute permissions. (bnc#1021258).\n\n - CVE-2017-2583: The load_segment_descriptor\n implementation in arch/x86/kvm/emulate.c in the Linux\n kernel improperly emulated a 'MOV SS, NULL selector'\n instruction, which allowed guest OS users to cause a\n denial of service (guest OS crash) or gain guest OS\n privileges via a crafted application (bnc#1020602).\n\n - CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux\n kernel allowed local users to obtain sensitive\n information from kernel memory or cause a denial of\n service (use-after-free) via a crafted application that\n leverages instruction emulation for fxrstor, fxsave,\n sgdt, and sidt (bnc#1019851).\n\n - CVE-2015-8709: kernel/ptrace.c in the Linux kernel\n mishandled uid and gid mappings, which allowed local\n users to gain privileges by establishing a user\n namespace, waiting for a root process to enter that\n namespace with an unsafe uid or gid, and then using the\n ptrace system call. NOTE: the vendor states 'there is no\n kernel bug here' (bnc#1010933).\n\n - CVE-2016-9806: Race condition in the netlink_dump\n function in net/netlink/af_netlink.c in the Linux kernel\n allowed local users to cause a denial of service (double\n free) or possibly have unspecified other impact via a\n crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump\n that started earlier than anticipated (bnc#1013540).\n\n - CVE-2017-5897: fixed a bug in the Linux kernel IPv6\n implementation which allowed remote attackers to trigger\n an out-of-bounds access, leading to a denial-of-service\n attack (bnc#1023762).\n\n - CVE-2017-5970: Fixed a possible denial-of-service that\n could have been triggered by sending bad IP options on a\n socket (bsc#1024938).\n\n - CVE-2017-5986: an application could have triggered a\n BUG_ON() in sctp_wait_for_sndbuf() if the socket TX\n buffer was full, a thread was waiting on it to queue\n more data, and meanwhile another thread peeled off the\n association being used by the first thread\n (bsc#1025235).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1000619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1003077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1005918\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1006472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1008742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009546\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009718\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1009911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1010933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012910\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1014410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1015840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016250\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1016979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1017410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018316\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1018913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019631\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1019851\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020214\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020817\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021248\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021260\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1021474\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1022971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024234\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1025235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=921494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=959709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982783\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=987576\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=989056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=991273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=998106\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8709/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-2584/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5576/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5577/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5897/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5970/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5986/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170575-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?91f8aa20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-300=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t\npatch SUSE-SLE-SDK-12-SP2-2017-300=1\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2017-300=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2017-300=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2017-300=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2017-300=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-300=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-300=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/02/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-base-debuginfo-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.49-92.11.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.49-92.11.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T15:59:18", "description": "USN-3291-1 fixed vulnerabilities in the generic Linux kernel. This update provides the corresponding updates for the Linux kernel built for specific processors and cloud environments.\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-18T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3291-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7616"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1013-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1017-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1055-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1058-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts"], "id": "UBUNTU_USN-3291-2.NASL", "href": "https://www.tenable.com/plugins/nessus/100266", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3291-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100266);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2017-7187\",\n \"CVE-2017-7261\",\n \"CVE-2017-7294\",\n \"CVE-2017-7616\"\n );\n script_xref(name:\"USN\", value:\"3291-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3291-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-3291-1 fixed vulnerabilities in the generic Linux kernel. This\nupdate provides the corresponding updates for the Linux kernel built\nfor specific processors and cloud environments.\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the\nLinux kernel contained a stack-based buffer overflow. A local attacker\nwith access to an sg device could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the\nDirect Rendering Manager (DRM) driver for VMware devices in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that an information leak existed in the\nset_mempolicy and mbind compat syscalls in the Linux kernel. A local\nattacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-7616).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3291-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1013-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1017-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1055-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1058-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'gke': '4.4.0-1013',\n 'aws': '4.4.0-1017',\n 'raspi2': '4.4.0-1055',\n 'snapdragon': '4.4.0-1058'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3291-2');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2017-7187', 'CVE-2017-7261', 'CVE-2017-7294', 'CVE-2017-7616');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3291-2');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:52:23", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.\n\nCVE-2016-9588\n\nJim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 (nested) virtual machine. A local attacker in an L2 guest VM can take advantage of this flaw to cause a denial of service for the L1 guest VM.\n\nCVE-2017-2636\n\nAlexander Popov discovered a race condition flaw in the n_hdlc line discipline that can lead to a double free. A local unprivileged user can take advantage of this flaw for privilege escalation. On systems that do not already have the n_hdlc module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false\n\nCVE-2017-5669\n\nGareth Evans reported that privileged users can map memory at address 0 through the shmat() system call. This could make it easier to exploit other kernel security vulnerabilities via a set-UID program.\n\nCVE-2017-5986\n\nAlexander Popov reported a race condition in the SCTP implementation that can be used by local users to cause a denial of service (crash).\nThe initial fix for this was incorrect and introduced further security issues (CVE-2017-6353). This update includes a later fix that avoids those. On systems that do not already have the sctp module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-sctp.conf install sctp false\n\nCVE-2017-6214\n\nDmitry Vyukov reported a bug in the TCP implementation's handling of urgent data in the splice() system call. This can be used by a remote attacker for denial of service (hang) against applications that read from TCP sockets with splice().\n\nCVE-2017-6345\n\nAndrey Konovalov reported that the LLC type 2 implementation incorrectly assigns socket buffer ownership. This might be usable by a local user to cause a denial of service (memory corruption or crash) or privilege escalation. On systems that do not already have the llc2 module loaded, this can be mitigated by disabling it: echo >> /etc/modprobe.d/disable-llc2.conf install llc2 false\n\nCVE-2017-6346\n\nDmitry Vyukov reported a race condition in the raw packet (af_packet) fanout feature. Local users with the CAP_NET_RAW capability (in any user namespace) can use this for denial of service and possibly for privilege escalation.\n\nCVE-2017-6348\n\nDmitry Vyukov reported that the general queue implementation in the IrDA subsystem does not properly manage multiple locks, possibly allowing local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 3.2.86-1.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-03-10T00:00:00", "type": "nessus", "title": "Debian DLA-849-1 : linux security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9588", "CVE-2017-2636", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-6346", "CVE-2017-6348", "CVE-2017-6353"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-849.NASL", "href": "https://www.tenable.com/plugins/nessus/97640", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-849-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(97640);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9588\", \"CVE-2017-2636\", \"CVE-2017-5669\", \"CVE-2017-5986\", \"CVE-2017-6214\", \"CVE-2017-6345\", \"CVE-2017-6346\", \"CVE-2017-6348\", \"CVE-2017-6353\");\n\n script_name(english:\"Debian DLA-849-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or have other\nimpacts.\n\nCVE-2016-9588\n\nJim Mattson discovered that the KVM implementation for Intel x86\nprocessors does not properly handle #BP and #OF exceptions in an L2\n(nested) virtual machine. A local attacker in an L2 guest VM can take\nadvantage of this flaw to cause a denial of service for the L1 guest\nVM.\n\nCVE-2017-2636\n\nAlexander Popov discovered a race condition flaw in the n_hdlc line\ndiscipline that can lead to a double free. A local unprivileged user\ncan take advantage of this flaw for privilege escalation. On systems\nthat do not already have the n_hdlc module loaded, this can be\nmitigated by disabling it: echo >> /etc/modprobe.d/disable-n_hdlc.conf\ninstall n_hdlc false\n\nCVE-2017-5669\n\nGareth Evans reported that privileged users can map memory at address\n0 through the shmat() system call. This could make it easier to\nexploit other kernel security vulnerabilities via a set-UID program.\n\nCVE-2017-5986\n\nAlexander Popov reported a race condition in the SCTP implementation\nthat can be used by local users to cause a denial of service (crash).\nThe initial fix for this was incorrect and introduced further security\nissues (CVE-2017-6353). This update includes a later fix that avoids\nthose. On systems that do not already have the sctp module loaded,\nthis can be mitigated by disabling it: echo >>\n/etc/modprobe.d/disable-sctp.conf install sctp false\n\nCVE-2017-6214\n\nDmitry Vyukov reported a bug in the TCP implementation's handling of\nurgent data in the splice() system call. This can be used by a remote\nattacker for denial of service (hang) against applications that read\nfrom TCP sockets with splice().\n\nCVE-2017-6345\n\nAndrey Konovalov reported that the LLC type 2 implementation\nincorrectly assigns socket buffer ownership. This might be usable by a\nlocal user to cause a denial of service (memory corruption or crash)\nor privilege escalation. On systems that do not already have the llc2\nmodule loaded, this can be mitigated by disabling it: echo >>\n/etc/modprobe.d/disable-llc2.conf install llc2 false\n\nCVE-2017-6346\n\nDmitry Vyukov reported a race condition in the raw packet (af_packet)\nfanout feature. Local users with the CAP_NET_RAW capability (in any\nuser namespace) can use this for denial of service and possibly for\nprivilege escalation.\n\nCVE-2017-6348\n\nDmitry Vyukov reported that the general queue implementation in the\nIrDA subsystem does not properly manage multiple locks, possibly\nallowing local users to cause a denial of service (deadlock) via\ncrafted operations on IrDA devices.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n3.2.86-1.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2017/03/msg00007.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected linux package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"linux\", reference:\"3.2.86-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:55:14", "description": "The 4.10.13 stable kernel update contains a number of important fixes across the tree.\n\n----\n\nThe 4.10.12 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-05T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2017-0aa0f69e0c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9604", "CVE-2017-7477", "CVE-2017-7645", "CVE-2017-7889"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2017-0AA0F69E0C.NASL", "href": "https://www.tenable.com/plugins/nessus/99987", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-0aa0f69e0c.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99987);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9604\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7889\");\n script_xref(name:\"FEDORA\", value:\"2017-0aa0f69e0c\");\n\n script_name(english:\"Fedora 24 : kernel (2017-0aa0f69e0c)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.10.13 stable kernel update contains a number of important fixes\nacross the tree.\n\n----\n\nThe 4.10.12 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-0aa0f69e0c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9604\", \"CVE-2017-7477\", \"CVE-2017-7645\", \"CVE-2017-7889\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-0aa0f69e0c\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.10.13-100.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:56:30", "description": "The 4.8.6 stable update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-08T00:00:00", "type": "nessus", "title": "Fedora 24 : kernel (2016-96d276367e)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9083", "CVE-2016-9084"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-96D276367E.NASL", "href": "https://www.tenable.com/plugins/nessus/94617", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-96d276367e.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94617);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9083\", \"CVE-2016-9084\");\n script_xref(name:\"FEDORA\", value:\"2016-96d276367e\");\n\n script_name(english:\"Fedora 24 : kernel (2016-96d276367e)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.8.6 stable update contains a number of important fixes across\nthe tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-96d276367e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2016-9083\", \"CVE-2016-9084\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2016-96d276367e\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"kernel-4.8.6-201.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:52:06", "description": "A use-after-free flaw was found in the way the Linux kernel's Datagram Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer) resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system. (CVE-2017-6074)\n\nA vulnerability was found in the Linux kernel. When file permissions are modified via chmod and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok().\nSetting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in chmod. (CVE-2016-7097)\n\nA vulnerability was found in the Linux kernel in 'tmpfs' file system.\nWhen file permissions are modified via 'chmod' and the user is not in the owning group or capable of CAP_FSETID, the setgid bit is cleared in inode_change_ok(). Setting a POSIX ACL via 'setxattr' sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way; this allows to bypass the check in 'chmod'.\n(CVE-2017-5551)\n\nAn issue was found in the Linux kernel ipv6 implementation of GRE tunnels which allows a remote attacker to trigger an out-of-bounds access. (CVE-2017-5897)\n\nIt was discovered that an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. (CVE-2017-5986)\n\nA vulnerability was found in the Linux kernel where having malicious IP options present would cause the ipv4_pktinfo_prepare() function to drop/free the dst. This could result in a system crash or possible privilege escalation. (CVE-2017-5970)\n\nA flaw was found in the Linux kernel's handling of packets with the URG flag. Applications using the splice() and tcp_splice_read() functionality can allow a remote attacker to force the kernel to enter a condition in which it can loop indefinitely. (CVE-2017-6214)\n\n(Updated on 2017-03-21: CVE-2017-5970 was fixed in this release but was previously not part of this errata.)\n\n(Updated on 2017-06-07: CVE-2017-6214 was fixed in this release but was previously not part of this errata.)", "cvss3": {}, "published": "2017-03-07T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2017-805)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-7097", "CVE-2017-5551", "CVE-2017-5897", "CVE-2017-5970", "CVE-2017-5986", "CVE-2017-6074", "CVE-2017-6214"], "modified": "2020-10-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-doc", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2017-805.NASL", "href": "https://www.tenable.com/plugins/nessus/97557", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2017-805.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(97557);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/27\");\n\n script_cve_id(\"CVE-2016-7097\", \"CVE-2017-5551\", \"CVE-2017-5897\", \"CVE-2017-5970\", \"CVE-2017-5986\", \"CVE-2017-6074\", \"CVE-2017-6214\");\n script_xref(name:\"ALAS\", value:\"2017-805\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2017-805)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A use-after-free flaw was found in the way the Linux kernel's Datagram\nCongestion Control Protocol (DCCP) implementation freed SKB (socket\nbuffer) resources for a DCCP_PKT_REQUEST packet when the\nIPV6_RECVPKTINFO option is set on the socket. A local, unprivileged\nuser could use this flaw to alter the kernel memory, allowing them to\nescalate their privileges on the system. (CVE-2017-6074)\n\nA vulnerability was found in the Linux kernel. When file permissions\nare modified via chmod and the user is not in the owning group or\ncapable of CAP_FSETID, the setgid bit is cleared in inode_change_ok().\nSetting a POSIX ACL via setxattr sets the file permissions as well as\nthe new ACL, but doesn't clear the setgid bit in a similar way; this\nallows to bypass the check in chmod. (CVE-2016-7097)\n\nA vulnerability was found in the Linux kernel in 'tmpfs' file system.\nWhen file permissions are modified via 'chmod' and the user is not in\nthe owning group or capable of CAP_FSETID, the setgid bit is cleared\nin inode_change_ok(). Setting a POSIX ACL via 'setxattr' sets the file\npermissions as well as the new ACL, but doesn't clear the setgid bit\nin a similar way; this allows to bypass the check in 'chmod'.\n(CVE-2017-5551)\n\nAn issue was found in the Linux kernel ipv6 implementation of GRE\ntunnels which allows a remote attacker to trigger an out-of-bounds\naccess. (CVE-2017-5897)\n\nIt was discovered that an application may trigger a BUG_ON in\nsctp_wait_for_sndbuf if the socket tx buffer is full, a thread is\nwaiting on it to queue more data, and meanwhile another thread peels\noff the association being used by the first thread. (CVE-2017-5986)\n\nA vulnerability was found in the Linux kernel where having malicious\nIP options present would cause the ipv4_pktinfo_prepare() function to\ndrop/free the dst. This could result in a system crash or possible\nprivilege escalation. (CVE-2017-5970)\n\nA flaw was found in the Linux kernel's handling of packets with the\nURG flag. Applications using the splice() and tcp_splice_read()\nfunctionality can allow a remote attacker to force the kernel to enter\na condition in which it can loop indefinitely. (CVE-2017-6214)\n\n(Updated on 2017-03-21: CVE-2017-5970 was fixed in this release but\nwas previously not part of this errata.)\n\n(Updated on 2017-06-07: CVE-2017-6214 was fixed in this release but\nwas previously not part of this errata.)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2017-805.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Run 'yum update kernel' to update your system. You will need to reboot\nyour system in order for the new kernel to be running.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-doc-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.4.51-40.58.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.4.51-40.58.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:22", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-3539 advisory.\n\n - Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed. (CVE-2016-7910)\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag. (CVE-2017-6214)\n\n - The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has incorrect expectations about skb data layout, which allows local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission. (CVE-2017-6347)\n\n - The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux- image-* package 4.8.0.41.52. (CVE-2017-7184)\n\n - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out- of-bounds read and system crash) via a crafted ext4 image. (CVE-2016-10208)\n\n - Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11 allows local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state. (CVE-2017-5986)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2017-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3539)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-10208", "CVE-2016-7910", "CVE-2017-2583", "CVE-2017-5986", "CVE-2017-6214", "CVE-2017-6347", "CVE-2017-7184"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.34.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.34.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2017-3539.NASL", "href": "https://www.tenable.com/plugins/nessus/99389", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3539.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99389);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2016-7910\",\n \"CVE-2016-10208\",\n \"CVE-2017-2583\",\n \"CVE-2017-5986\",\n \"CVE-2017-6214\",\n \"CVE-2017-6347\",\n \"CVE-2017-7184\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3539)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2017-3539 advisory.\n\n - Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before\n 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even\n if the corresponding start operation had failed. (CVE-2016-7910)\n\n - The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5\n improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial\n of service (guest OS crash) or gain guest OS privileges via a crafted application. (CVE-2017-2583)\n\n - The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel before 4.9.11 allows remote attackers\n to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the\n URG flag. (CVE-2017-6214)\n\n - The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel before 4.10.1 has\n incorrect expectations about skb data layout, which allows local users to cause a denial of service\n (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by\n use of the MSG_MORE flag in conjunction with loopback UDP transmission. (CVE-2017-6347)\n\n - The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not\n validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root\n privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN\n capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-\n image-* package 4.8.0.41.52. (CVE-2017-7184)\n\n - The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly\n validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-\n of-bounds read and system crash) via a crafted ext4 image. (CVE-2016-10208)\n\n - Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel before 4.9.11\n allows local users to cause a denial of service (assertion failure and panic) via a multithreaded\n application that peels off an association in a certain buffer-full state. (CVE-2017-5986)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2017-3539.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-7910\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.34.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-4.1.12-61.1.34.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-61.1.34.el6uek', '4.1.12-61.1.34.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2017-3539');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-4.1.12-61.1.34.el6uek-0.5.3-2.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.34.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.34.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.34.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.34.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.34.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.34.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'dtrace-modules-4.1.12-61.1.34.el7uek-0.5.3-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-4.1.12-61.1.34.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-61.1.34.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-61.1.34.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-61.1.34.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-61.1.34.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-61.1.34.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-4.1.12-61.1.34.el6uek / dtrace-modules-4.1.12-61.1.34.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-07T16:00:52", "description": "USN-3291-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-18T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3291-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7616"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"], "id": "UBUNTU_USN-3291-3.NASL", "href": "https://www.tenable.com/plugins/nessus/100267", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3291-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100267);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2017-7187\",\n \"CVE-2017-7261\",\n \"CVE-2017-7294\",\n \"CVE-2017-7616\"\n );\n script_xref(name:\"USN\", value:\"3291-3\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3291-3)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"USN-3291-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nDmitry Vyukov discovered that the generic SCSI (sg) subsystem in the\nLinux kernel contained a stack-based buffer overflow. A local attacker\nwith access to an sg device could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the\nDirect Rendering Manager (DRM) driver for VMware devices in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that an information leak existed in the\nset_mempolicy and mbind compat syscalls in the Linux kernel. A local\nattacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-7616).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3291-3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('14.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 14.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '14.04': {\n '4.4.0': {\n 'generic': '4.4.0-78',\n 'generic-lpae': '4.4.0-78',\n 'lowlatency': '4.4.0-78',\n 'powerpc-e500mc': '4.4.0-78',\n 'powerpc-smp': '4.4.0-78',\n 'powerpc64-emb': '4.4.0-78',\n 'powerpc64-smp': '4.4.0-78'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3291-3');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2017-7187', 'CVE-2017-7261', 'CVE-2017-7294', 'CVE-2017-7616');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3291-3');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:54:57", "description": "Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the Linux kernel contained a stack-based buffer overflow. A local attacker with access to an sg device could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that an information leak existed in the set_mempolicy and mbind compat syscalls in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-7616).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-05-17T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3291-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7187", "CVE-2017-7261", "CVE-2017-7294", "CVE-2017-7616"], "modified": "2023-10-20T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc-e500mc", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc-smp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc64-emb", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc64-smp", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts"], "id": "UBUNTU_USN-3291-1.NASL", "href": "https://www.tenable.com/plugins/nessus/100252", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3291-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100252);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2017-7187\",\n \"CVE-2017-7261\",\n \"CVE-2017-7294\",\n \"CVE-2017-7616\"\n );\n script_xref(name:\"USN\", value:\"3291-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3291-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"Dmitry Vyukov discovered that the generic SCSI (sg) subsystem in the\nLinux kernel contained a stack-based buffer overflow. A local attacker\nwith access to an sg device could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7187)\n\nIt was discovered that a NULL pointer dereference existed in the\nDirect Rendering Manager (DRM) driver for VMware devices in the Linux\nkernel. A local attacker could use this to cause a denial of service\n(system crash). (CVE-2017-7261)\n\nLi Qiang discovered that an integer overflow vulnerability existed in\nthe Direct Rendering Manager (DRM) driver for VMware devices in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2017-7294)\n\nIt was discovered that an information leak existed in the\nset_mempolicy and mbind compat syscalls in the Linux kernel. A local\nattacker could use this to expose sensitive information (kernel\nmemory). (CVE-2017-7616).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-3291-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc-e500mc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc64-emb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-78-powerpc64-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2023 Canonical, Inc. / NASL script (C) 2017-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.4.0': {\n 'generic': '4.4.0-78',\n 'generic-lpae': '4.4.0-78',\n 'lowlatency': '4.4.0-78',\n 'powerpc-e500mc': '4.4.0-78',\n 'powerpc-smp': '4.4.0-78',\n 'powerpc64-emb': '4.4.0-78',\n 'powerpc64-smp': '4.4.0-78'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-3291-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2017-7187', 'CVE-2017-7261', 'CVE-2017-7294', 'CVE-2017-7616');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-3291-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-12-08T14:53:16", "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.56 fix various security issues and bugs.\n\nThe following security bugs were fixed :\n\n - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52 (bnc#1030573).\n\n - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).\n\n - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bnc#1027565).\n\n - CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).\n\n - CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189).\n\n - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1025235).\n\n - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).\n\n - CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enables scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).\n\n - CVE-2017-6347: The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the Linux kernel has incorrect expectations about skb data layout, which allowed local users to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted system calls, as demonstrated by use of the MSG_MORE flag in conjunction with loopback UDP transmission (bnc#1027179).\n\n - CVE-2016-9191: The cgroup offline implementation in the Linux kernel mishandled certain drain operations, which allowed local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity (bnc#1008842).\n\n - CVE-2017-2596: The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux kernel improperly emulates the VMXON instruction, which allowed KVM L1 guest OS users to cause a denial of service (host OS memory consumption) by leveraging the mishandling of page references (bnc#1022785).\n\nThe following non-security bugs were fixed :\n\n - ACPI: Do not create a platform_device for IOAPIC/IOxAPIC (bsc#1028819).\n\n - ACPI, ioapic: Clear on-stack resource before using it (bsc#1028819).\n\n - ACPI: Remove platform devices from a bus on removal (bsc#1028819).\n\n - add mainline tag to one hyperv patch\n\n - bnx2x: allow adding VLANs while interface is down (bsc#1027273).\n\n - btrfs: backref: Fix soft lockup in __merge_refs function (bsc#1017641).\n\n - btrfs: incremental send, do not delay rename when parent inode is new (bsc#1028325).\n\n - btrfs: incremental send, do not issue invalid rmdir operations (bsc#1028325).\n\n - btrfs: qgroup: Move half of the qgroup accounting time out of commit trans (bsc#1017461).\n\n - btrfs: send, fix failure to rename top level inode due to name collision (bsc#1028325).\n\n - btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844 bsc#1024015)\n\n - crypto: algif_hash - avoid zero-sized array (bnc#1007962).\n\n - cxgb4vf: do not offload Rx checksums for IPv6 fragments (bsc#1026692).\n\n - drivers: hv: vmbus: Prevent sending data on a rescinded channel (fate#320485, bug#1028217).\n\n - drm/i915: Add intel_uncore_suspend / resume functions (bsc#1011913).\n\n - drm/i915: Listen for PMIC bus access notifications (bsc#1011913).\n\n - drm/mgag200: Added support for the new device G200eH3 (bsc#1007959, fate#322780)\n\n - ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n\n - Fix kABI breakage of dccp in 4.4.56 (stable-4.4.56).\n\n - futex: Add missing error handling to FUTEX_REQUEUE_PI (bsc#969755).\n\n - futex: Fix potential use-after-free in FUTEX_REQUEUE_PI (bsc#969755).\n\n - i2c: designware-baytrail: Acquire P-Unit access on bus acquire (bsc#1011913).\n\n - i2c: designware-baytrail: Call pmic_bus_access_notifier_chain (bsc#1011913).\n\n - i2c: designware-baytrail: Fix race when resetting the semaphore (bsc#1011913).\n\n - i2c: designware-baytrail: Only check iosf_mbi_available() for shared hosts (bsc#1011913).\n\n - i2c: designware: Disable pm for PMIC i2c-bus even if there is no _SEM method (bsc#1011913).\n\n - i2c-designware: increase timeout (bsc#1011913).\n\n - i2c: designware: Never suspend i2c-busses used for accessing the system PMIC (bsc#1011913).\n\n - i2c: designware: Rename accessor_flags to flags (bsc#1011913).\n\n - kABI: protect struct iscsi_conn (kabi).\n\n - kABI: protect struct se_node_acl (kabi).\n\n - kABI: restore can_rx_register parameters (kabi).\n\n - kgr/module: make a taint flag module-specific (fate#313296).\n\n - kgr: remove all arch-specific kgraft header files (fate#313296).\n\n - l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n\n - l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415).\n\n - l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415).\n\n - l2tp: hold socket before dropping lock in l2tp_ip(, 6)_recv() (bsc#1028415).\n\n - l2tp: lock socket before checking flags in connect() (bsc#1028415).\n\n - md/raid1: add rcu protection to rdev in fix_read_error (References: bsc#998106,bsc#1020048,bsc#982783).\n\n - md/raid1: fix a use-after-free bug (bsc#998106,bsc#1020048,bsc#982783).\n\n - md/raid1: handle flush request correctly (bsc#998106,bsc#1020048,bsc#982783).\n\n - md/raid1: Refactor raid1_make_request (bsc#998106,bsc#1020048,bsc#982783).\n\n - mm: fix set pageblock migratetype in deferred struct page init (bnc#1027195).\n\n - mm/page_alloc: Remove useless parameter of\n __free_pages_boot_core (bnc#1027195).\n\n - module: move add_taint_module() to a header file (fate#313296).\n\n - net/ena: change condition for host attribute configuration (bsc#1026509).\n\n - net/ena: change driver's default timeouts (bsc#1026509).\n\n - net: ena: change the return type of ena_set_push_mode() to be void (bsc#1026509).\n\n - net: ena: Fix error return code in ena_device_init() (bsc#1026509).\n\n - net/ena: fix ethtool RSS flow configuration (bsc#1026509).\n\n - net/ena: fix NULL dereference when removing the driver after device reset failed (bsc#1026509).\n\n - net/ena: fix potential access to freed memory during device reset (bsc#1026509).\n\n - net/ena: fix queues number calculation (bsc#1026509).\n\n - net/ena: fix RSS default hash configuration (bsc#1026509).\n\n - net/ena: reduce the severity of ena printouts (bsc#1026509).\n\n - net/ena: refactor ena_get_stats64 to be atomic context safe (bsc#1026509).\n\n - net/ena: remove ntuple filter support from device feature list (bsc#1026509).\n\n - net: ena: remove superfluous check in ena_remove() (bsc#1026509).\n\n - net: ena: Remove unnecessary pci_set_drvdata() (bsc#1026509).\n\n - net/ena: update driver version to 1.1.2 (bsc#1026509).\n\n - net/ena: use READ_ONCE to access completion descriptors (bsc#1026509).\n\n - net: ena: use setup_timer() and mod_timer() (bsc#1026509).\n\n - net/mlx4_core: Avoid command timeouts during VF driver device shutdown (bsc#1028017).\n\n - net/mlx4_core: Avoid delays during VF driver device shutdown (bsc#1028017).\n\n - net/mlx4_core: Fix racy CQ (Completion Queue) free (bsc#1028017).\n\n - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions (bsc#1028017).\n\n - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs (bsc#1028017).\n\n - net/mlx4_en: Fix bad WQE issue (bsc#1028017).\n\n - NFS: do not try to cross a mountpount when there isn't one there (bsc#1028041).\n\n - nvme: Do not suspend admin queue that wasn't created (bsc#1026505).\n\n - nvme: Suspend all queues before deletion (bsc#1026505).\n\n - PCI: hv: Fix wslot_to_devfn() to fix warnings on device removal (fate#320485, bug#1028217).\n\n - PCI: hv: Use device serial number as PCI domain (fate#320485, bug#1028217).\n\n - powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).\n\n - RAID1: a new I/O barrier implementation to remove resync window (bsc#998106,bsc#1020048,bsc#982783).\n\n - RAID1: avoid unnecessary spin locks in I/O barrier code (bsc#998106,bsc#1020048,bsc#982783).\n\n - Revert 'give up on gcc ilog2() constant optimizations' (kabi).\n\n - Revert 'net: introduce device min_header_len' (kabi).\n\n - Revert 'net/mlx4_en: Avoid unregister_netdev at shutdown flow' (bsc#1028017).\n\n - Revert 'nfit, libnvdimm: fix interleave set cookie calculation' (kabi).\n\n - Revert 'RDMA/core: Fix incorrect structure packing for booleans' (kabi).\n\n - Revert 'target: Fix NULL dereference during LUN lookup + active I/O shutdown' (kabi).\n\n - rtlwifi: rtl_usb: Fix missing entry in USB driver's private data (bsc#1026462).\n\n - s390/kmsg: add missing kmsg descriptions (bnc#1025683, LTC#151573).\n\n - s390/mm: fix zone calculation in arch_add_memory() (bnc#1025683, LTC#152318).\n\n - sched/loadavg: Avoid loadavg spikes caused by delayed NO_HZ accounting (bsc#1018419).\n\n - scsi_dh_alua: Do not modify the interval value for retries (bsc#1012910).\n\n - scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#1027054).\n\n - softirq: Let ksoftirqd do its job (bsc#1019618).\n\n - supported.conf: Add tcp_westwood as supported module (fate#322432)\n\n - taint/module: Clean up global and module taint flags handling (fate#313296).\n\n - Update mainline reference in patches.drivers/drm-ast-Fix-memleaks-in-error-path-in-as t_fb_create.patch See (bsc#1028158) for the context in which this was discovered upstream.\n\n - x86/apic/uv: Silence a shift wrapping warning (bsc#1023866).\n\n - x86/mce: Do not print MCEs when mcelog is active (bsc#1013994).\n\n - x86, mm: fix gup_pte_range() vs DAX mappings (bsc#1026405).\n\n - x86/mm/gup: Simplify get_user_pages() PTE bit handling (bsc#1026405).\n\n - x86/platform/intel/iosf_mbi: Add a mutex for P-Unit access (bsc#1011913).\n\n - x86/platform/intel/iosf_mbi: Add a PMIC bus access notifier (bsc#1011913).\n\n - x86/platform: Remove warning message for duplicate NMI handlers (bsc#1029220).\n\n - x86/platform/UV: Add basic CPU NMI health check (bsc#1023866).\n\n - x86/platform/UV: Add Support for UV4