{"id": "USN-3488-1", "bulletinFamily": "unix", "title": "Linux kernel (Azure) vulnerability", "description": "It was discovered that the KVM subsystem in the Linux kernel did not \nproperly keep track of nested levels in guest page tables. A local attacker \nin a guest VM could use this to cause a denial of service (host OS crash) \nor possibly execute arbitrary code in the host OS.", "published": "2017-11-21T00:00:00", "modified": "2017-11-21T00:00:00", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://ubuntu.com/security/notices/USN-3488-1", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2017-12188"], "cvelist": ["CVE-2017-12188"], "type": "ubuntu", "lastseen": "2020-07-02T11:42:11", "edition": 5, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-12188"]}, {"type": "virtuozzo", "idList": ["VZA-2017-098"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843374", "OPENVAS:1361412562310843371", "OPENVAS:1361412562310882849", "OPENVAS:1361412562310843370", "OPENVAS:1361412562311220171271", "OPENVAS:1361412562310843376", "OPENVAS:1361412562311220171292", "OPENVAS:1361412562311220191529", "OPENVAS:1361412562311220191498", "OPENVAS:1361412562310843375"]}, {"type": "nessus", "idList": ["VIRTUOZZO_VZA-2017-098.NASL", "CENTOS_RHSA-2018-0395.NASL", "UBUNTU_USN-3488-1.NASL", "UBUNTU_USN-3484-1.NASL", "UBUNTU_USN-3484-3.NASL", "REDHAT-RHSA-2018-0395.NASL", "UBUNTU_USN-3484-2.NASL", "REDHAT-RHSA-2018-0412.NASL", "ORACLELINUX_ELSA-2018-0395.NASL", "SL_20180306_KERNEL_ON_SL7_X.NASL"]}, {"type": "ubuntu", "idList": ["USN-3484-3", "USN-3484-2", "USN-3484-1", "USN-3487-1"]}, {"type": "centos", "idList": ["CESA-2018:0395"]}, {"type": "oraclelinux", "idList": ["ELSA-2018-0395"]}, {"type": "redhat", "idList": ["RHSA-2018:0412", "RHSA-2018:0395"]}], "modified": "2020-07-02T11:42:11", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2020-07-02T11:42:11", "rev": 2}, "vulnersScore": 6.5}, "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-azure", "packageVersion": "4.11.0.1015.15"}, {"OS": "Ubuntu", "OSVersion": "16.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "linux-image-4.11.0-1015-azure", "packageVersion": "4.11.0-1015.15"}], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T06:36:34", "description": "arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an \"MMU potential stack buffer overrun.\"", "edition": 6, "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2017-10-11T15:29:00", "title": "CVE-2017-12188", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-12188"], "modified": "2018-03-08T02:29:00", "cpe": ["cpe:/o:linux:linux_kernel:4.13.5"], "id": "CVE-2017-12188", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12188", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.13.5:*:*:*:*:*:*:*"]}], "virtuozzo": [{"lastseen": "2019-11-05T11:27:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12188", "CVE-2016-8399", "CVE-2017-12190"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-514.16.1.vz7.30.10 (Virtuozzo 7.0.4), 3.10.0-514.16.1.vz7.30.15 (Virtuozzo 7.0.4 HF3), and 3.10.0-514.26.1.vz7.33.22 (Virtuozzo 7.0.5).\n**Vulnerability id:** CVE-2017-12188\nLinux kernel built with the KVM virtualisation support (CONFIG_KVM), with nested virtualisation (nVMX) feature enabled (nested=1), is vulnerable to a stack buffer overflow issue. It could occur while traversing guest pagetable entries to resolve guest virtual address. A guest system could use this flaw to crash the host kernel resulting in DoS, or potentially execute arbitrary code on the host.\n\n**Vulnerability id:** CVE-2016-8399\nA flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto().\n\n**Vulnerability id:** CVE-2017-12190\nIt was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition.\n\n", "edition": 1, "modified": "2017-10-23T00:00:00", "published": "2017-10-23T00:00:00", "id": "VZA-2017-098", "href": "https://help.virtuozzo.com/customer/portal/articles/2892758", "title": "Important kernel security update: CVE-2017-12188 and other; Virtuozzo ReadyKernel patch 35.2 for Virtuozzo 7.0.4, 7.0.4 HF3, and 7.0.5", "type": "virtuozzo", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:30:28", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12188"], "description": "It was discovered that the KVM subsystem in the Linux kernel did not \nproperly keep track of nested levels in guest page tables. A local attacker \nin a guest VM could use this to cause a denial of service (host OS crash) \nor possibly execute arbitrary code in the host OS.", "edition": 6, "modified": "2017-11-21T00:00:00", "published": "2017-11-21T00:00:00", "id": "USN-3484-1", "href": "https://ubuntu.com/security/notices/USN-3484-1", "title": "Linux kernel vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12188"], "description": "It was discovered that the KVM subsystem in the Linux kernel did not \nproperly keep track of nested levels in guest page tables. A local attacker \nin a guest VM could use this to cause a denial of service (host OS crash) \nor possibly execute arbitrary code in the host OS.", "edition": 5, "modified": "2017-11-21T00:00:00", "published": "2017-11-21T00:00:00", "id": "USN-3484-3", "href": "https://ubuntu.com/security/notices/USN-3484-3", "title": "Linux kernel (GCP) vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:33:47", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12188"], "description": "USN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. \nThis update provides the corresponding updates for the Linux Hardware \nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nIt was discovered that the KVM subsystem in the Linux kernel did not \nproperly keep track of nested levels in guest page tables. A local attacker \nin a guest VM could use this to cause a denial of service (host OS crash) \nor possibly execute arbitrary code in the host OS.", "edition": 5, "modified": "2017-11-21T00:00:00", "published": "2017-11-21T00:00:00", "id": "USN-3484-2", "href": "https://ubuntu.com/security/notices/USN-3484-2", "title": "Linux kernel (HWE) vulnerability", "type": "ubuntu", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-09T00:24:24", "bulletinFamily": "unix", "cvelist": ["CVE-2017-16525", "CVE-2017-12188", "CVE-2017-14489", "CVE-2017-15265", "CVE-2017-15649", "CVE-2017-16527", "CVE-2017-15537", "CVE-2017-16526", "CVE-2017-16533", "CVE-2017-12192", "CVE-2017-14156", "CVE-2017-1000255", "CVE-2017-16529", "CVE-2017-12153", "CVE-2017-16531", "CVE-2017-16534", "CVE-2017-14954", "CVE-2017-12154", "CVE-2017-16530", "CVE-2017-12190"], "description": "It was discovered that the KVM subsystem in the Linux kernel did not \nproperly keep track of nested levels in guest page tables. A local attacker \nin a guest VM could use this to cause a denial of service (host OS crash) \nor possibly execute arbitrary code in the host OS. (CVE-2017-12188)\n\nIt was discovered that on the PowerPC architecture, the kernel did not \nproperly sanitize the signal stack when handling sigreturn(). A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-1000255)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nIt was discovered that the nested KVM implementation in the Linux kernel in \nsome situations did not properly prevent second level guests from reading \nand writing the hardware CR8 register. A local attacker in a guest could \nuse this to cause a denial of service (system crash). (CVE-2017-12154)\n\nVitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel \ndid not properly track reference counts when merging buffers. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2017-12190)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly restrict key reads on negatively instantiated keys. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nAlexander Potapenko discovered an information leak in the waitid \nimplementation of the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2017-14954)\n\nIt was discovered that a race condition existed in the ALSA subsystem of \nthe Linux kernel when creating and deleting a port via ioctl(). A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15265)\n\nDmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in \nthe Linux kernel did not properly handle attempts to set reserved bits in a \ntask's extended state (xstate) area. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2017-15537)\n\nIt was discovered that a race condition existed in the packet fanout \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-15649)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the USB \nserial console driver in the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-16525)\n\nAndrey Konovalov discovered that the Ultra Wide Band driver in the Linux \nkernel did not properly check for an error condition. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2017-16526)\n\nAndrey Konovalov discovered that the ALSA subsystem in the Linux kernel \ncontained a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2017-16527)\n\nAndrey Konovalov discovered that the ALSA subsystem in the Linux kernel did \nnot properly validate USB audio buffer descriptors. A physically proximate \nattacker could use this cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-16529)\n\nAndrey Konovalov discovered that the USB unattached storage driver in the \nLinux kernel contained out-of-bounds error when handling alternative \nsettings. A physically proximate attacker could use to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2017-16530)\n\nAndrey Konovalov discovered that the USB subsystem in the Linux kernel did \nnot properly validate USB interface association descriptors. A physically \nproximate attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-16531)\n\nAndrey Konovalov discovered that the USB subsystem in the Linux kernel did \nnot properly validate USB HID descriptors. A physically proximate attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2017-16533)\n\nAndrey Konovalov discovered that the USB subsystem in the Linux kernel did \nnot properly validate CDC metadata. A physically proximate attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-16534)", "edition": 6, "modified": "2017-11-21T00:00:00", "published": "2017-11-21T00:00:00", "id": "USN-3487-1", "href": "https://ubuntu.com/security/notices/USN-3487-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:34:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310843374", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843374", "type": "openvas", "title": "Ubuntu Update for linux-gcp USN-3484-3", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3484_3.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-gcp USN-3484-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843374\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-22 07:32:46 +0100 (Wed, 22 Nov 2017)\");\n script_cve_id(\"CVE-2017-12188\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-gcp USN-3484-3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-gcp'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the KVM subsystem in\n the Linux kernel did not properly keep track of nested levels in guest page\n tables. A local attacker in a guest VM could use this to cause a denial of\n service (host OS crash) or possibly execute arbitrary code in the host OS.\");\n script_tag(name:\"affected\", value:\"linux-gcp on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3484-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3484-3/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-1009-gcp\", ver:\"4.10.0-1009.9\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.10.0.1009.11\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310843370", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843370", "type": "openvas", "title": "Ubuntu Update for linux-azure USN-3488-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3488_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-azure USN-3488-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843370\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-22 07:31:44 +0100 (Wed, 22 Nov 2017)\");\n script_cve_id(\"CVE-2017-12188\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-azure USN-3488-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-azure'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the KVM subsystem in\n the Linux kernel did not properly keep track of nested levels in guest page\n tables. A local attacker in a guest VM could use this to cause a denial of\n service (host OS crash) or possibly execute arbitrary code in the host OS.\");\n script_tag(name:\"affected\", value:\"linux-azure on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3488-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3488-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.11.0-1015-azure\", ver:\"4.11.0-1015.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.11.0.1015.15\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310843371", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843371", "type": "openvas", "title": "Ubuntu Update for linux-hwe USN-3484-2", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3484_2.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux-hwe USN-3484-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843371\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-22 07:31:46 +0100 (Wed, 22 Nov 2017)\");\n script_cve_id(\"CVE-2017-12188\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-hwe USN-3484-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-hwe'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3484-1 fixed vulnerabilities in the\n Linux kernel for Ubuntu 17.04. This update provides the corresponding updates\n for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu\n 16.04 LTS. It was discovered that the KVM subsystem in the Linux kernel did not\n properly keep track of nested levels in guest page tables. A local attacker in a\n guest VM could use this to cause a denial of service (host OS crash) or possibly\n execute arbitrary code in the host OS.\");\n script_tag(name:\"affected\", value:\"linux-hwe on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3484-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3484-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-40-generic\", ver:\"4.10.0-40.44~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-40-generic-lpae\", ver:\"4.10.0-40.44~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-40-lowlatency\", ver:\"4.10.0-40.44~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.10.0.40.42\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.10.0.40.42\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.10.0.40.42\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310843375", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843375", "type": "openvas", "title": "Ubuntu Update for linux USN-3484-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3484_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3484-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843375\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-22 07:32:48 +0100 (Wed, 22 Nov 2017)\");\n script_cve_id(\"CVE-2017-12188\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3484-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the KVM subsystem in\n the Linux kernel did not properly keep track of nested levels in guest page\n tables. A local attacker in a guest VM could use this to cause a denial of\n service (host OS crash) or possibly execute arbitrary code in the host OS.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.04\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3484-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3484-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.04\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-1021-raspi2\", ver:\"4.10.0-1021.24\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-40-generic\", ver:\"4.10.0-40.44\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-40-generic-lpae\", ver:\"4.10.0-40.44\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.10.0-40-lowlatency\", ver:\"4.10.0-40.44\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.10.0.40.40\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.10.0.40.40\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.10.0.40.40\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.10.0.1021.22\", rls:\"UBUNTU17.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188", "CVE-2017-7518"], "description": "Check the version of kernel", "modified": "2019-03-11T00:00:00", "published": "2018-03-14T00:00:00", "id": "OPENVAS:1361412562310882849", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882849", "type": "openvas", "title": "CentOS Update for kernel CESA-2018:0395 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0395_kernel_centos7.nasl 14095 2019-03-11 13:54:56Z cfischer $\n#\n# CentOS Update for kernel CESA-2018:0395 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882849\");\n script_version(\"$Revision: 14095 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-11 14:54:56 +0100 (Mon, 11 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-03-14 08:30:16 +0100 (Wed, 14 Mar 2018)\");\n script_cve_id(\"CVE-2017-7518\", \"CVE-2017-12188\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2018:0395 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes, some of which you can see below. Space precludes documenting\nall of these bug fixes in this advisory. To see the complete list of bug\nfixes, users are directed to the referenced Knowledge Article.\n\nSecurity Fix(es):\n\n * Kernel: KVM: MMU potential stack buffer overrun during page walks\n(CVE-2017-12188, Important)\n\n * Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,\nModerate)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:0395\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-March/022768.html\");\n script_xref(name:\"URL\", value:\"https://access.redhat.com/articles/3368501\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~693.21.1.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:37:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188", "CVE-2016-8655", "CVE-2017-1000111", "CVE-2017-15274", "CVE-2017-15265", "CVE-2017-14991", "CVE-2017-15649", "CVE-2017-1000112", "CVE-2017-12192", "CVE-2017-6346"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171271", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171271", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1271)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1271\");\n script_version(\"2020-01-23T11:02:42+0000\");\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-12188\", \"CVE-2017-12192\", \"CVE-2017-14991\", \"CVE-2017-15265\", \"CVE-2017-15274\", \"CVE-2017-15649\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:02:42 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:02:42 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1271)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1271\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1271\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1271 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to resolve a guest virtual address, which allows L1 guest OS users to execute arbitrary code on the host OS or cause a denial of service (incorrect index during page walking, and host OS crash), aka an MMU potential stack buffer overrun.(CVE-2017-12188)\n\nA vulnerability was found in the Key Management sub component of the Linux kernel, where when trying to issue a KEYTCL_READ on negative key would lead to a NULL pointer dereference. A local attacker could use this flaw to crash the kernel.(CVE-2017-12192)\n\nsecurity/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.(CVE-2017-15274)\n\nLinux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW.(CVE-2017-1000111)\n\nUse-after-free vulnerability in the Linux kernel before 4.14-rc5 allows local users to have unspecified impact via vectors related to /dev/snd/seq.(CVE-2017-15265)\n\nnet/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.(CVE-2017-15649)\n\nThe sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.(CVE-2017-14991)\n\nAn exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges.(CVE-2017-1000112)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.49.1.152\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.49.1.152\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.49.1.152\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.49.1.152\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.49.1.152\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.49.1.152\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.49.1.152\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.49.1.152\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.49.1.152\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.49.1.152\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:35:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16525", "CVE-2017-15299", "CVE-2017-12188", "CVE-2017-15649", "CVE-2017-16532", "CVE-2017-16535", "CVE-2017-16537", "CVE-2017-16527", "CVE-2017-16526", "CVE-2017-16533", "CVE-2017-16536", "CVE-2017-12192", "CVE-2017-16529", "CVE-2017-16531", "CVE-2017-16538", "CVE-2017-16534", "CVE-2017-16530", "CVE-2017-16528"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171292", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171292", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1292)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1292\");\n script_version(\"2020-01-23T11:06:04+0000\");\n script_cve_id(\"CVE-2017-12188\", \"CVE-2017-12192\", \"CVE-2017-15299\", \"CVE-2017-15649\", \"CVE-2017-16525\", \"CVE-2017-16526\", \"CVE-2017-16527\", \"CVE-2017-16528\", \"CVE-2017-16529\", \"CVE-2017-16530\", \"CVE-2017-16531\", \"CVE-2017-16532\", \"CVE-2017-16533\", \"CVE-2017-16534\", \"CVE-2017-16535\", \"CVE-2017-16536\", \"CVE-2017-16537\", \"CVE-2017-16538\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:06:04 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:06:04 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1292)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1292\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1292\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1292 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS).(CVE-2017-15299)\n\nIt was found that fanout_add() in 'net/packet/af_packet.c' in the Linux kernel, before version 4.13.6, allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free bug.(CVE-2017-15649)\n\nThe keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.(CVE-2017-12192)\n\nThe Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization(nVMX) feature enabled (nested=1), was vulnerable to a stack buffer overflow issue. The vulnerability could occur while traversing guest page table entries to resolve guest virtual address(gva). An L1 guest could use this flaw to crash the host kernel resulting in denial of service (DoS) or potentially execute arbitrary code on the host to gain privileges on the system.(CVE-2017-12188)\n\nThe imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16537)\n\ndrivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).(CVE-2017-16538)\n\nThe cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16536)\n\nThe usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16535)\n\nThe cdc_parse_cdc_header function in drivers/usb/core/message.c in ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.59.59.46.h33\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:36:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-4170", "CVE-2017-12188", "CVE-2017-9242", "CVE-2014-6417", "CVE-2016-5400", "CVE-2015-3291", "CVE-2017-16527", "CVE-2017-14140", "CVE-2015-8746", "CVE-2014-8884", "CVE-2016-10147", "CVE-2013-6376", "CVE-2016-5195", "CVE-2013-7268", "CVE-2014-1438", "CVE-2014-1445", "CVE-2014-7842", "CVE-2013-2888", "CVE-2017-16528", "CVE-2013-2893"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-05T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191529", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191529", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1529)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1529\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-2888\", \"CVE-2013-2893\", \"CVE-2013-6376\", \"CVE-2013-7268\", \"CVE-2014-1438\", \"CVE-2014-1445\", \"CVE-2014-6417\", \"CVE-2014-7842\", \"CVE-2014-8884\", \"CVE-2015-3291\", \"CVE-2015-4170\", \"CVE-2015-8746\", \"CVE-2016-10147\", \"CVE-2016-5195\", \"CVE-2016-5400\", \"CVE-2017-12188\", \"CVE-2017-14140\", \"CVE-2017-16527\", \"CVE-2017-16528\", \"CVE-2017-9242\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:05:48 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1529)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1529\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1529\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1529 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7268)\n\nThe move_pages system call in mm/migrate.c in the Linux kernel doesn't check the effective uid of the target process. This enables a local attacker to learn the memory layout of a setuid executable allowing mitigation of ASLR.(CVE-2017-14140)\n\nMultiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID.(CVE-2013-2888)\n\nIt was found that if a Non-Maskable Interrupt (NMI) occurred immediately after a SYSCALL call or before a SYSRET call with the user RSP pointing to the NMI IST stack, the kernel could skip that NMI.(CVE-2015-3291)\n\nThe sound/core/seq_device.c in the Linux kernel, before 4.13.4, allows local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16528)\n\nnet/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a long unencrypted auth ticket.(CVE-2014-6417)\n\nA NULL pointer dereference flaw was found in the Linux kernel: the NFSv4.2 migration code improperly initialized the kernel structure. A local, authenticated user could use this flaw to cause a panic of the NFS client (denial of service).(CVE-2015-8746)\n\nA stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system.(CVE-2014-8884)\n\nA flaw was found in the linux kernel's implementation of the airspy USB device driver in which a leak was found when a subdev or SDR are plugged into the host.An attacker can create an targeted USB device which can emulate 64 of these devices. Then by emulating an additional device which continuously connects and disconnects, each connection attempt will leak memory which can not be recovered.(CVE-2016-5400)\n\nThe sou ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-16525", "CVE-2017-12188", "CVE-2017-14489", "CVE-2017-15265", "CVE-2017-15649", "CVE-2017-16527", "CVE-2017-15537", "CVE-2017-16526", "CVE-2017-16533", "CVE-2017-12192", "CVE-2017-14156", "CVE-2017-1000255", "CVE-2017-16529", "CVE-2017-12153", "CVE-2017-16531", "CVE-2017-16534", "CVE-2017-14954", "CVE-2017-12154", "CVE-2017-16530", "CVE-2017-12190"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2017-11-22T00:00:00", "id": "OPENVAS:1361412562310843376", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843376", "type": "openvas", "title": "Ubuntu Update for linux USN-3487-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3487_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3487-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843376\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-22 07:32:50 +0100 (Wed, 22 Nov 2017)\");\n script_cve_id(\"CVE-2017-12188\", \"CVE-2017-1000255\", \"CVE-2017-12153\", \"CVE-2017-12154\",\n \"CVE-2017-12190\", \"CVE-2017-12192\", \"CVE-2017-14156\", \"CVE-2017-14489\",\n \"CVE-2017-14954\", \"CVE-2017-15265\", \"CVE-2017-15537\", \"CVE-2017-15649\",\n \"CVE-2017-16525\", \"CVE-2017-16526\", \"CVE-2017-16527\", \"CVE-2017-16529\",\n \"CVE-2017-16530\", \"CVE-2017-16531\", \"CVE-2017-16533\", \"CVE-2017-16534\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3487-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"It was discovered that the KVM subsystem in\n the Linux kernel did not properly keep track of nested levels in guest page\n tables. A local attacker in a guest VM could use this to cause a denial of\n service (host OS crash) or possibly execute arbitrary code in the host OS.\n (CVE-2017-12188) It was discovered that on the PowerPC architecture, the kernel\n did not properly sanitize the signal stack when handling sigreturn(). A local\n attacker could use this to cause a denial of service (system crash) or possibly\n execute arbitrary code. (CVE-2017-1000255) Bo Zhang discovered that the netlink\n wireless configuration interface in the Linux kernel did not properly validate\n attributes when handling certain requests. A local attacker with the\n CAP_NET_ADMIN could use this to cause a denial of service (system crash).\n (CVE-2017-12153) It was discovered that the nested KVM implementation in the\n Linux kernel in some situations did not properly prevent second level guests\n from reading and writing the hardware CR8 register. A local attacker in a guest\n could use this to cause a denial of service (system crash). (CVE-2017-12154)\n Vitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel did not\n properly track reference counts when merging buffers. A local attacker could use\n this to cause a denial of service (memory exhaustion). (CVE-2017-12190) It was\n discovered that the key management subsystem in the Linux kernel did not\n properly restrict key reads on negatively instantiated keys. A local attacker\n could use this to cause a denial of service (system crash). (CVE-2017-12192) It\n was discovered that the ATI Radeon framebuffer driver in the Linux kernel did\n not properly initialize a data structure returned to user space. A local\n attacker could use this to expose sensitive information (kernel memory).\n (CVE-2017-14156) ChunYu Wang discovered that the iSCSI transport implementation\n in the Linux kernel did not properly validate data structures. A local attacker\n could use this to cause a denial of service (system crash). (CVE-2017-14489)\n Alexander Potapenko discovered an information leak in the waitid implementation\n of the Linux kernel. A local attacker could use this to expose sensitive\n information (kernel memory). (CVE-2017-14954) It was discovered that a race\n condition existed in the ALSA subsystem of the Linux kernel when creating and\n deleting a port via ioctl(). A local attacker could use this to cause a denial\n of service (system crash) or possibly execute arbitrary code. (CVE-2017-15265)\n Dmitry Vyukov discovered that the Floating Point Unit (fpu) subsystem in the\n Linux kernel did not properly handl ... Description truncated, for more\n information please check the Reference URL\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 17.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3487-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3487-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU17\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU17.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-1006-raspi2\", ver:\"4.13.0-1006.6\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-17-generic\", ver:\"4.13.0-17.20\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-17-generic-lpae\", ver:\"4.13.0-17.20\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.13.0-17-lowlatency\", ver:\"4.13.0-17.20\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.13.0.17.18\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.13.0.17.18\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.13.0.17.18\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.13.0.1006.4\", rls:\"UBUNTU17.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-09T17:48:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9806", "CVE-2017-11176", "CVE-2016-9794", "CVE-2016-9754", "CVE-2017-12188", "CVE-2017-1000111", "CVE-2016-9793", "CVE-2017-1000252", "CVE-2017-10810", "CVE-2017-11473", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-1000364", "CVE-2017-10911", "CVE-2017-1000410", "CVE-2017-1000370", "CVE-2017-12153", "CVE-2017-12154", "CVE-2017-11600", "CVE-2017-1000365"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-06-08T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191498", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1498)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1498\");\n script_version(\"2020-06-08T06:52:36+0000\");\n script_cve_id(\"CVE-2016-9754\", \"CVE-2016-9793\", \"CVE-2016-9794\", \"CVE-2016-9806\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-1000251\", \"CVE-2017-1000252\", \"CVE-2017-1000364\", \"CVE-2017-1000365\", \"CVE-2017-1000370\", \"CVE-2017-1000410\", \"CVE-2017-10661\", \"CVE-2017-10810\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-11600\", \"CVE-2017-12153\", \"CVE-2017-12154\", \"CVE-2017-12188\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-08 06:52:36 +0000 (Mon, 08 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:56:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1498)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1498\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1498\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1498 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754)\n\nA flaw was found in the Linux kernel's implementation of setsockopt for the SO_{SND<pipe>RCV}BUFFORCE setsockopt() system call. Users with non-namespace CAP_NET_ADMIN are able to trigger this call and create a situation in which the sockets sendbuff data size could be negative. This could adversely affect memory allocations and create situations where the system could crash or cause memory corruption.(CVE-2016-9793)\n\nA use-after-free vulnerability was found in ALSA pcm layer, which allows local users to cause a denial of service, memory corruption, or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9794)\n\nA double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9806)\n\nA race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) can use this issue to crash the system.(CVE-2017-1000111)\n\nAn exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges.(CVE-2017-1000112)\n\nA stack buffer overflow flaw was found in the way the Bluetooth subsystem of the Linux kernel processed pending L2CAP configuration responses from a client. On systems with the stack protection feature enabled in the kernel (CONFIG_CC_STACKPROTECTOR=y, which is enabled on all architectures other than s390x and ppc64le), an unauthenticated attacker able to initiate a connection to a system via Bluetooth could use this flaw to crash the system. Due to the nature of the stack protection feature, code execute ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "nessus": [{"lastseen": "2021-03-01T07:33:39", "description": "USN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nIt was discovered that the KVM subsystem in the Linux kernel did not\nproperly keep track of nested levels in guest page tables. A local\nattacker in a guest VM could use this to cause a denial of service\n(host OS crash) or possibly execute arbitrary code in the host OS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-21T00:00:00", "title": "Ubuntu 16.04 LTS : linux-hwe vulnerability (USN-3484-2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae"], "id": "UBUNTU_USN-3484-2.NASL", "href": "https://www.tenable.com/plugins/nessus/104715", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3484-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104715);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-12188\");\n script_xref(name:\"USN\", value:\"3484-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe vulnerability (USN-3484-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"USN-3484-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.\nThis update provides the corresponding updates for the Linux Hardware\nEnablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.\n\nIt was discovered that the KVM subsystem in the Linux kernel did not\nproperly keep track of nested levels in guest page tables. A local\nattacker in a guest VM could use this to cause a denial of service\n(host OS crash) or possibly execute arbitrary code in the host OS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3484-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-12188\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3484-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-40-generic\", pkgver:\"4.10.0-40.44~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-40-generic-lpae\", pkgver:\"4.10.0-40.44~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-40-lowlatency\", pkgver:\"4.10.0-40.44~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.10.0.40.42\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.10.0.40.42\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.10.0.40.42\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:33:39", "description": "It was discovered that the KVM subsystem in the Linux kernel did not\nproperly keep track of nested levels in guest page tables. A local\nattacker in a guest VM could use this to cause a denial of service\n(host OS crash) or possibly execute arbitrary code in the host OS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-21T00:00:00", "title": "Ubuntu 17.04 : linux, linux-raspi2 vulnerability (USN-3484-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:17.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic"], "id": "UBUNTU_USN-3484-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104714", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3484-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104714);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-12188\");\n script_xref(name:\"USN\", value:\"3484-1\");\n\n script_name(english:\"Ubuntu 17.04 : linux, linux-raspi2 vulnerability (USN-3484-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the KVM subsystem in the Linux kernel did not\nproperly keep track of nested levels in guest page tables. A local\nattacker in a guest VM could use this to cause a denial of service\n(host OS crash) or possibly execute arbitrary code in the host OS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3484-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:17.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(17\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 17.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-12188\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3484-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-1021-raspi2\", pkgver:\"4.10.0-1021.24\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-40-generic\", pkgver:\"4.10.0-40.44\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-40-generic-lpae\", pkgver:\"4.10.0-40.44\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-4.10.0-40-lowlatency\", pkgver:\"4.10.0-40.44\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic\", pkgver:\"4.10.0.40.40\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.10.0.40.40\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.10.0.40.40\")) flag++;\nif (ubuntu_check(osver:\"17.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.10.0.1021.22\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-generic / linux-image-4.10-generic-lpae / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:33:40", "description": "It was discovered that the KVM subsystem in the Linux kernel did not\nproperly keep track of nested levels in guest page tables. A local\nattacker in a guest VM could use this to cause a denial of service\n(host OS crash) or possibly execute arbitrary code in the host OS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-22T00:00:00", "title": "Ubuntu 16.04 LTS : linux-azure vulnerability (USN-3488-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.11-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure"], "id": "UBUNTU_USN-3488-1.NASL", "href": "https://www.tenable.com/plugins/nessus/104738", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3488-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104738);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-12188\");\n script_xref(name:\"USN\", value:\"3488-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-azure vulnerability (USN-3488-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the KVM subsystem in the Linux kernel did not\nproperly keep track of nested levels in guest page tables. A local\nattacker in a guest VM could use this to cause a denial of service\n(host OS crash) or possibly execute arbitrary code in the host OS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3488-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.11-azure and / or linux-image-azure\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.11-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-12188\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3488-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.11.0-1015-azure\", pkgver:\"4.11.0-1015.15\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.11.0.1015.15\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.11-azure / linux-image-azure\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T07:33:39", "description": "It was discovered that the KVM subsystem in the Linux kernel did not\nproperly keep track of nested levels in guest page tables. A local\nattacker in a guest VM could use this to cause a denial of service\n(host OS crash) or possibly execute arbitrary code in the host OS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 27, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2017-11-22T00:00:00", "title": "Ubuntu 16.04 LTS : linux-gcp vulnerability (USN-3484-3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3484-3.NASL", "href": "https://www.tenable.com/plugins/nessus/104734", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3484-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(104734);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/18 12:31:47\");\n\n script_cve_id(\"CVE-2017-12188\");\n script_xref(name:\"USN\", value:\"3484-3\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-gcp vulnerability (USN-3484-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that the KVM subsystem in the Linux kernel did not\nproperly keep track of nested levels in guest page tables. A local\nattacker in a guest VM could use this to cause a denial of service\n(host OS crash) or possibly execute arbitrary code in the host OS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3484-3/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.10-gcp and / or linux-image-gcp\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.10-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-12188\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3484-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.10.0-1009-gcp\", pkgver:\"4.10.0-1009.9\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.10.0.1009.11\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.10-gcp / linux-image-gcp\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-18T02:48:18", "description": "Security Fix(es) :\n\n - Kernel: KVM: MMU potential stack buffer overrun during\n page walks (CVE-2017-12188, Important)\n\n - Kernel: KVM: debug exception via syscall emulation\n (CVE-2017-7518, Moderate)", "edition": 12, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-08T00:00:00", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20180306)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188", "CVE-2017-7518"], "modified": "2018-03-08T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs"], "id": "SL_20180306_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/107210", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107210);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2017-12188\", \"CVE-2017-7518\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20180306)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Kernel: KVM: MMU potential stack buffer overrun during\n page walks (CVE-2017-12188, Important)\n\n - Kernel: KVM: debug exception via syscall emulation\n (CVE-2017-7518, Moderate)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1803&L=scientific-linux-errata&F=&S=&P=1085\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84c84036\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T01:35:30", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes, some of which you can see below. Space precludes\ndocumenting all of these bug fixes in this advisory. To see the\ncomplete list of bug fixes, users are directed to the related\nKnowledge Article: https://access.redhat.com/articles/3368501.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks\n(CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,\nModerate)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-12T00:00:00", "title": "CentOS 7 : kernel (CESA-2018:0395)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188", "CVE-2017-7518"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "p-cpe:/a:centos:centos:kernel-doc", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug-devel"], "id": "CENTOS_RHSA-2018-0395.NASL", "href": "https://www.tenable.com/plugins/nessus/107271", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0395 and \n# CentOS Errata and Security Advisory 2018:0395 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107271);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2017-12188\", \"CVE-2017-7518\");\n script_xref(name:\"RHSA\", value:\"2018:0395\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2018:0395)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes, some of which you can see below. Space precludes\ndocumenting all of these bug fixes in this advisory. To see the\ncomplete list of bug fixes, users are directed to the related\nKnowledge Article: https://access.redhat.com/articles/3368501.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks\n(CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,\nModerate)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2018-March/022768.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?56379f33\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-12188\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-693.21.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T05:42:25", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes, some of which you can see below. Space precludes\ndocumenting all of these bug fixes in this advisory. To see the\ncomplete list of bug fixes, users are directed to the related\nKnowledge Article: https://access.redhat.com/articles/3368501.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks\n(CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,\nModerate)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 26, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-07T00:00:00", "title": "RHEL 7 : kernel (RHSA-2018:0395)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188", "CVE-2017-7518"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "cpe:/o:redhat:enterprise_linux:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "cpe:/o:redhat:enterprise_linux:7.7", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "cpe:/o:redhat:enterprise_linux:7.5", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel", "cpe:/o:redhat:enterprise_linux:7.6", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc"], "id": "REDHAT-RHSA-2018-0395.NASL", "href": "https://www.tenable.com/plugins/nessus/107186", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0395. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107186);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-12188\", \"CVE-2017-7518\");\n script_xref(name:\"RHSA\", value:\"2018:0395\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2018:0395)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes, some of which you can see below. Space precludes\ndocumenting all of these bug fixes in this advisory. To see the\ncomplete list of bug fixes, users are directed to the related\nKnowledge Article: https://access.redhat.com/articles/3368501.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks\n(CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,\nModerate)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/articles/3368501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12188\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-12188\", \"CVE-2017-7518\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0395\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0395\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-693.21.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T05:09:25", "description": "From Red Hat Security Advisory 2018:0395 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes, some of which you can see below. Space precludes\ndocumenting all of these bug fixes in this advisory. To see the\ncomplete list of bug fixes, users are directed to the related\nKnowledge Article: https://access.redhat.com/articles/3368501.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks\n(CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,\nModerate)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.", "edition": 23, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-08T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2018-0395)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188", "CVE-2017-7518"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2018-0395.NASL", "href": "https://www.tenable.com/plugins/nessus/107203", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0395 and \n# Oracle Linux Security Advisory ELSA-2018-0395 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107203);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/27 13:00:38\");\n\n script_cve_id(\"CVE-2017-12188\", \"CVE-2017-7518\");\n script_xref(name:\"RHSA\", value:\"2018:0395\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2018-0395)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:0395 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nThese updated kernel packages include several security issues and\nnumerous bug fixes, some of which you can see below. Space precludes\ndocumenting all of these bug fixes in this advisory. To see the\ncomplete list of bug fixes, users are directed to the related\nKnowledge Article: https://access.redhat.com/articles/3368501.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks\n(CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,\nModerate)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-March/007562.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-12188\", \"CVE-2017-7518\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2018-0395\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.10\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-abi-whitelists-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-debug-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-doc-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-headers-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-tools-libs-devel-3.10.0\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-693.21.1.el7\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-693.21.1.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:13:16", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Linux kernel built with the KVM virtualisation support\n (CONFIG_KVM), with nested virtualisation (nVMX) feature\n enabled (nested=1), is vulnerable to a stack buffer\n overflow issue. It could occur while traversing guest\n pagetable entries to resolve guest virtual address. A\n guest system could use this flaw to crash the host\n kernel resulting in DoS, or potentially execute\n arbitrary code on the host.\n\n - A flaw was found in the Linux networking subsystem\n where a local attacker with CAP_NET_ADMIN capabilities\n could cause an out-of-bounds memory access by creating\n a smaller-than-expected ICMP header and sending to its\n destination via sendto().\n\n - It was found that in the Linux kernel through\n v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in\n 'block/bio.c' do unbalanced pages refcounting if IO\n vector has small consecutive buffers belonging to the\n same page. bio_add_pc_page() merges them into one, but\n the page reference is never dropped, causing a memory\n leak and possible system lockup due to out-of-memory\n condition.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 33, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2017-10-25T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-098)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188", "CVE-2016-8399", "CVE-2017-12190"], "modified": "2017-10-25T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "id": "VIRTUOZZO_VZA-2017-098.NASL", "href": "https://www.tenable.com/plugins/nessus/104132", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104132);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-8399\",\n \"CVE-2017-12188\",\n \"CVE-2017-12190\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-098)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Linux kernel built with the KVM virtualisation support\n (CONFIG_KVM), with nested virtualisation (nVMX) feature\n enabled (nested=1), is vulnerable to a stack buffer\n overflow issue. It could occur while traversing guest\n pagetable entries to resolve guest virtual address. A\n guest system could use this flaw to crash the host\n kernel resulting in DoS, or potentially execute\n arbitrary code on the host.\n\n - A flaw was found in the Linux networking subsystem\n where a local attacker with CAP_NET_ADMIN capabilities\n could cause an out-of-bounds memory access by creating\n a smaller-than-expected ICMP header and sending to its\n destination via sendto().\n\n - It was found that in the Linux kernel through\n v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in\n 'block/bio.c' do unbalanced pages refcounting if IO\n vector has small consecutive buffers belonging to the\n same page. bio_add_pc_page() merges them into one, but\n the page reference is never dropped, causing a memory\n leak and possible system lockup due to out-of-memory\n condition.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2892758\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-35.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2636ca46\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-35.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ce2ff292\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-35.2-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3ffa1df3\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.10\",\n \"patch\",\"readykernel-patch-30.10-35.2-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.15\",\n \"patch\",\"readykernel-patch-30.15-35.2-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.26.1.vz7.33.22\",\n \"patch\",\"readykernel-patch-33.22-35.2-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-01T05:42:25", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks\n(CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,\nModerate)\n\nBug Fix(es) :\n\n* The kernel-rt packages have been upgraded to the 3.10.0-693.21.1\nsource tree, which provides a number of bug fixes over the previous\nversion. (BZ# 1537671)", "edition": 25, "cvss3": {"score": 7.8, "vector": "AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-03-07T00:00:00", "title": "RHEL 7 : kernel-rt (RHSA-2018:0412)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-12188", "CVE-2017-7518", "CVE-2017-18270"], "modified": "2021-03-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo"], "id": "REDHAT-RHSA-2018-0412.NASL", "href": "https://www.tenable.com/plugins/nessus/107189", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0412. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107189);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-12188\", \"CVE-2017-18270\", \"CVE-2017-7518\");\n script_xref(name:\"RHSA\", value:\"2018:0412\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2018:0412)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks\n(CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518,\nModerate)\n\nBug Fix(es) :\n\n* The kernel-rt packages have been upgraded to the 3.10.0-693.21.1\nsource tree, which provides a number of bug fixes over the previous\nversion. (BZ# 1537671)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-12188\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-18270\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-12188\", \"CVE-2017-18270\", \"CVE-2017-7518\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0412\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0412\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:38:25", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12188", "CVE-2017-7518"], "description": "**CentOS Errata and Security Advisory** CESA-2018:0395\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes, some of which you can see below. Space precludes documenting\nall of these bug fixes in this advisory. To see the complete list of bug\nfixes, users are directed to the related Knowledge Article:\nhttps://access.redhat.com/articles/3368501.\n\nSecurity Fix(es):\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-March/034806.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 4, "modified": "2018-03-09T23:54:41", "published": "2018-03-09T23:54:41", "href": "http://lists.centos.org/pipermail/centos-announce/2018-March/034806.html", "id": "CESA-2018:0395", "type": "centos", "title": "kernel, perf, python security update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:32", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12188", "CVE-2017-7518"], "description": "- [3.10.0-693.21.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-693.21.1]\n- [x86] platform/uv: Mark tsc_check_sync as an init function (Frank Ramsay) [1547870 1526066]\n- [x86] platform/uv: Add check of TSC state set by UV BIOS (Frank Ramsay) [1547870 1526066]\n- [x86] tsc: Provide a means to disable TSC ART (Frank Ramsay) [1547870 1526066]\n- [x86] tsc: Drastically reduce the number of firmware bug warnings (Frank Ramsay) [1547870 1526066]\n- [x86] tsc: Skip TSC test and error messages if already unstable (Frank Ramsay) [1547870 1526066]\n- [x86] tsc: Add option that TSC on Socket 0 being non-zero is valid (Frank Ramsay) [1547870 1526066]\n- [x86] tsc: Remove the TSC_ADJUST clamp (Frank Ramsay) [1547870 1526066]\n[3.10.0-693.20.1]\n- [x86] locking/qspinlock: Fix kabi problem in a non-KVM/XEN VM (Waiman Long) [1539797 1533529]\n[3.10.0-693.19.1]\n- [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c (Josh Poimboeuf) [1539649 1535644]\n- [kernel] x86/spec_ctrl: cleanup __ptrace_may_access (Josh Poimboeuf) [1539649 1535644]\n- [x86] bugs: Drop one 'mitigation' from dmesg (Josh Poimboeuf) [1539649 1535644]\n- [x86] kvm: vmx: Make indirect call speculation safe (Josh Poimboeuf) [1539649 1535644]\n- [x86] kvm: x86: Make indirect calls in emulator speculation safe (Josh Poimboeuf) [1539649 1535644]\n- [x86] retpoline: Optimize inline assembler for vmexit_fill_RSB (Josh Poimboeuf) [1539649 1535644]\n- [x86] mce: Make machine check speculation protected (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: fix ptrace IBPB optimization (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Josh Poimboeuf) [1539649 1535644]\n- [x86] spectre/meltdown: avoid the vulnerability directory to weaken kernel security (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: Document retpolines and ibrs_enabled=3 (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: upgrade GCC retpoline warning to an error (Josh Poimboeuf) [1539649 1535644]\n- [x86] Use IBRS for firmware update path (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: enforce sane combinations of IBRS and retpoline (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: use upstream RSB stuffing function (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Josh Poimboeuf) [1539649 1535644]\n- [kernel] x86/jump_label: warn on failed jump label patch (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: detect unretpolined modules (Josh Poimboeuf) [1539649 1535644]\n- [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Josh Poimboeuf) [1539649 1535644]\n- [x86] retpoline: Fill return stack buffer on vmexit (Josh Poimboeuf) [1539649 1535644]\n- [x86] retpoline/xen: Convert Xen hypercall indirect jumps (Josh Poimboeuf) [1539649 1535644]\n- [x86] retpoline/hyperv: Convert assembler indirect jumps (Josh Poimboeuf) [1539649 1535644]\n- [x86] retpoline/ftrace: Convert ftrace assembler indirect jumps (Josh Poimboeuf) [1539649 1535644]\n- [x86] retpoline/entry: Convert entry assembler indirect jumps (Josh Poimboeuf) [1539649 1535644]\n- [x86] retpoline/crypto: Convert crypto assembler indirect jumps (Josh Poimboeuf) [1539649 1535644]\n- [x86] retpoline: Add initial retpoline support (Josh Poimboeuf) [1539649 1535644]\n- [x86] jump_label: add asm support for static keys (Josh Poimboeuf) [1539649 1535644]\n- [x86] asm: Make asm/alternative.h safe from assembly (Josh Poimboeuf) [1539649 1535644]\n- [tools] objtool: Support new GCC 6 switch jump table pattern (Josh Poimboeuf) [1539649 1535644]\n- [tools] objtool: Detect jumps to retpoline thunks (Josh Poimboeuf) [1539649 1535644]\n- [x86] spectre: Add boot time option to select Spectre v2 mitigation (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: print features changed by microcode loading (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: refactor the init and microcode loading paths (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: remove ibrs_enabled variable (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: add ibp_disabled variable (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: remove performance measurements from documentation (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: make ipbp_enabled read-only (Josh Poimboeuf) [1539649 1535644]\n- [x86] spec_ctrl: remove ibpb_enabled=2 mode (Josh Poimboeuf) [1539649 1535644]\n- [x86] cpu: Implement CPU vulnerabilites sysfs functions (Josh Poimboeuf) [1539649 1535644]\n- [base] sysfs/cpu: Add vulnerability folder (Josh Poimboeuf) [1539649 1535644]\n- [x86] cpu: Merge bugs.c and bugs_64.c (Josh Poimboeuf) [1539649 1535644]\n- [x86] syscall: int80 must not clobber r12-15 (Josh Poimboeuf) [1539649 1535644]\n- [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Josh Poimboeuf) [1539649 1535644]\n- [x86] boot: Add early cmdline parsing for options with arguments (Josh Poimboeuf) [1539649 1535644]\n- [x86] boot: Pass in size to early cmdline parsing (Josh Poimboeuf) [1539649 1535644]\n- [x86] boot: Simplify early command line parsing (Josh Poimboeuf) [1539649 1535644]\n- [x86] boot: Fix early command-line parsing when partial word matches (Josh Poimboeuf) [1539649 1535644]\n- [x86] boot: Fix early command-line parsing when matching at end (Josh Poimboeuf) [1539649 1535644]\n- [scsi] storvsc: Fix scsi_cmd error assignments in storvsc_handle_error (Cathy Avery) [1536978 1502601]\n- [fs] nfs: RPC_MAX_AUTH_SIZE is in bytes ('J. Bruce Fields') [1533378 1495321]\n- [fs] nfsd: give out fewer session slots as limit approaches (Dave Wysochanski) [1533377 1492234]\n- [fs] nfsd: increase DRC cache limit (Dave Wysochanski) [1533377 1492234]\n- [x86] kvm: x86: fix RSM when PCID is non-zero (Paolo Bonzini) [1531662 1530711]\n- [x86] iommu/amd: Reduce delay waiting for command buffer space (Suravee Suthikulpanit) [1531456 1508644]\n- [x86] iommu/amd: Reduce amount of MMIO when submitting commands (Suravee Suthikulpanit) [1531456 1508644]\n- [x86] amd: Remove cmd_buf_size and evt_buf_size from struct amd_iommu (Suravee Suthikulpanit) [1531456 1508644]\n- [x86] amd: Fix the left value check of cmd buffer (Suravee Suthikulpanit) [1531456 1508644]\n- [x86] amd: Don't put completion-wait semaphore on stack (Suravee Suthikulpanit) [1531456 1508644]\n- [x86] kvm: svm: obey guest PAT (Suravee Suthikulpanit) [1530976 1478185]\n- [tty] serial: 8250_pci: Add Amazon PCI serial device ID (Vitaly Kuznetsov) [1530137 1527545]\n- [ata] libata: sata_down_spd_limit should return if driver has not recorded sstatus speed (David Milburn) [1530136 1457140]\n- [fs] nfs: fix a deadlock in nfs client initialization (Scott Mayhew) [1530135 1506382]\n- [fs] nfsv4.0: Fix a lock leak in nfs40_walk_client_list (Scott Mayhew) [1530135 1506382]\n- [fs] nfs: Create a common nfs4_match_client() function (Scott Mayhew) [1530135 1506382]\n- [fs] autofs - revert: take more care to not update last_used on path walk (Ian Kent) [1525994 1489542]\n- [vhost] vhost_net: correctly check tx avail during rx busy polling (Jason Wang) [1523784 1487551]\n- [crypto] shash - Fix has_key setting (Herbert Xu) [1522932 1505817]\n- [block] Fix a race between blk_cleanup_queue() and timeout handling (Ming Lei) [1522698 1513725]\n- [x86] tsc: Force TSC_ADJUST register to value >= zero (Prarit Bhargava) [1519850 1497055]\n- [x86] tsc: Validate cpumask pointer before accessing it (Prarit Bhargava) [1519850 1497055]\n- [x86] tsc: Try to adjust TSC if sync test fails (Prarit Bhargava) [1519850 1497055]\n- [x86] tsc: Prepare warp test for TSC adjustment (Prarit Bhargava) [1519850 1497055]\n- [x86] tsc: Move sync cleanup to a safe place (Prarit Bhargava) [1519850 1497055]\n- [x86] tsc: Sync test only for the first cpu in a package (Prarit Bhargava) [1519850 1497055]\n- [x86] tsc: Verify TSC_ADJUST from idle (Prarit Bhargava) [1519850 1497055]\n- [x86] tsc: Store and check TSC ADJUST MSR (Prarit Bhargava) [1519850 1497055]\n- [x86] tsc: Detect random warps (Prarit Bhargava) [1519850 1497055]\n- [x86] kvm: mmu: always terminate page walks at level 1 (Paolo Bonzini) [1500382 1500381] {CVE-2017-12188}\n- [x86] kvm: nVMX: update last_nonleaf_level when initializing nested EPT (Denys Vlasenko) [1500382 1500381] {CVE-2017-12188}\n- [x86] kvm: fix singlestepping over syscall (Paolo Bonzini) [1464480 1464481] {CVE-2017-7518}\n[3.10.0-693.18.1]\n- [md] raid5: fix a race condition in stripe batch (Nigel Croxon) [1535883 1496836]\n- [security] selinux: fix double free in selinux_parse_opts_str() (Paul Moore) [1532288 1456843]\n- [fs] nfs: revert 'nfs: Move the flock open mode check into nfs_flock()' (Benjamin Coddington) [1531095 1497225]", "edition": 4, "modified": "2018-03-07T00:00:00", "published": "2018-03-07T00:00:00", "id": "ELSA-2018-0395", "href": "http://linux.oracle.com/errata/ELSA-2018-0395.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12188", "CVE-2017-7518"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous\nbug fixes, some of which you can see below. Space precludes documenting\nall of these bug fixes in this advisory. To see the complete list of bug\nfixes, users are directed to the related Knowledge Article:\nhttps://access.redhat.com/articles/3368501.\n\nSecurity Fix(es):\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-04-12T03:32:38", "published": "2018-03-06T23:36:56", "id": "RHSA-2018:0395", "href": "https://access.redhat.com/errata/RHSA-2018:0395", "type": "redhat", "title": "(RHSA-2018:0395) Important: kernel security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-11T13:32:41", "bulletinFamily": "unix", "cvelist": ["CVE-2017-12188", "CVE-2017-18270", "CVE-2017-7518"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* Kernel: KVM: MMU potential stack buffer overrun during page walks (CVE-2017-12188, Important)\n\n* Kernel: KVM: debug exception via syscall emulation (CVE-2017-7518, Moderate)\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to the 3.10.0-693.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1537671)", "modified": "2018-05-24T10:40:53", "published": "2018-03-06T23:36:53", "id": "RHSA-2018:0412", "href": "https://access.redhat.com/errata/RHSA-2018:0412", "type": "redhat", "title": "(RHSA-2018:0412) Important: kernel-rt security and bug fix update", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}]}