ID USN-4627-1 Type ubuntu Reporter Ubuntu Modified 2020-11-11T00:00:00
Description
Moritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine
Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running
Average Power Limit (RAPL) driver in the Linux kernel did not properly
restrict access to power data. A local attacker could possibly use this to
expose sensitive information.
{"cve": [{"lastseen": "2020-12-20T03:55:47", "description": "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.", "edition": 4, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-12T18:15:00", "title": "CVE-2020-8694", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8694"], "modified": "2020-12-18T14:15:00", "cpe": ["cpe:/o:intel:pentium_gold_g5500_firmware:-", "cpe:/o:intel:core_i7-8565u_firmware:-", "cpe:/o:intel:core_i3-7120_firmware:-", "cpe:/o:intel:core_i5-8259u_firmware:-", "cpe:/o:intel:core_i3-7120t_firmware:-", "cpe:/o:intel:core_i5-8400_firmware:-", "cpe:/o:intel:core_i7-8500y_firmware:-", "cpe:/o:intel:core_i3-8300t_firmware:-", "cpe:/o:intel:pentium_4415u_firmware:-", "cpe:/o:intel:core_i3-7340_firmware:-", "cpe:/o:intel:xeon_e3-1275_firmware:-", "cpe:/o:intel:core_i5-8200y_firmware:-", "cpe:/o:intel:core_i7-8550u_firmware:-", "cpe:/o:intel:core_i3-6100e_firmware:-", "cpe:/o:intel:celeron_g3900te_firmware:-", "cpe:/o:intel:core_i7-6822eq_firmware:-", "cpe:/o:intel:core_i7-10710u_firmware:-", "cpe:/o:intel:core_i5-6400_firmware:-", "cpe:/o:intel:xeon_e-2144g_firmware:-", "cpe:/o:intel:core_i3-6100h_firmware:-", "cpe:/o:intel:celeron_g3940_firmware:-", "cpe:/o:intel:xeon_e3-1565l_firmware:-", "cpe:/o:intel:core_i5-8400h_firmware:-", "cpe:/o:intel:xeon_e3-1270_firmware:-", "cpe:/o:intel:core_i3-6300t_firmware:-", "cpe:/o:intel:xeon_e3-1260l_firmware:-", "cpe:/o:intel:core_i3-6100te_firmware:-", "cpe:/o:intel:pentium_g4500_firmware:-", "cpe:/o:intel:xeon_e-2136_firmware:-", "cpe:/o:intel:core_i7-7740x_firmware:-", "cpe:/o:intel:core_i7-8700t_firmware:-", "cpe:/o:intel:xeon_e3-1225_firmware:-", "cpe:/o:intel:celeron_g3900_firmware:-", "cpe:/o:intel:core_i5-8500t_firmware:-", "cpe:/o:intel:core_i7-6650u_firmware:-", "cpe:/o:intel:core_m3-6y30_firmware:-", "cpe:/o:intel:core_i7-7920hq_firmware:-", "cpe:/o:intel:xeon_e-2124g_firmware:-", "cpe:/o:intel:core_i7-7560u_firmware:-", "cpe:/o:intel:core_i3-7101te_firmware:-", "cpe:/o:intel:pentium_gold_g5600_firmware:-", "cpe:/o:intel:pentium_g4520_firmware:-", "cpe:/o:intel:celeron_3865u_firmware:-", "cpe:/o:intel:pentium_g4540_firmware:-", "cpe:/o:intel:core_i5-7200u_firmware:-", "cpe:/o:intel:xeon_e-2486g_firmware:-", "cpe:/o:intel:core_i3-7320t_firmware:-", "cpe:/o:intel:core_m3-8100y_firmware:-", "cpe:/o:intel:core_i7-8700_firmware:-", "cpe:/o:intel:core_i7-8510y_firmware:-", "cpe:/o:intel:core_i7-6700k_firmware:-", "cpe:/o:intel:core_i5-9400f_firmware:-", "cpe:/o:intel:xeon_e-2288g_firmware:-", "cpe:/o:intel:core_i5-8250u_firmware:-", "cpe:/o:intel:xeon_e3-1240_firmware:-", "cpe:/o:intel:core_i7-7600u_firmware:-", "cpe:/o:intel:core_i5-1035g7_firmware:-", "cpe:/o:intel:core_i5-8305g_firmware:-", "cpe:/o:intel:core_i5-6500t_firmware:-", "cpe:/o:intel:core_i3-8145u_firmware:-", "cpe:/o:intel:xeon_e3-1578l_firmware:-", "cpe:/o:intel:core_i9-9900kf_firmware:-", "cpe:/o:intel:core_i7-8850h_firmware:-", "cpe:/o:intel:core_i5-8600t_firmware:-", "cpe:/o:intel:core_i5-8269u_firmware:-", "cpe:/o:intel:core_i3-7102e_firmware:-", "cpe:/o:intel:pentium_g4500t_firmware:-", "cpe:/o:intel:celeron_j4025_firmware:-", "cpe:/o:intel:core_i5-8650_firmware:-", "cpe:/o:intel:core_i3-8120_firmware:-", "cpe:/o:intel:xeon_e-2174g_firmware:-", "cpe:/o:intel:xeon_e-2186g_firmware:-", "cpe:/o:intel:core_i7-7820hq_firmware:-", "cpe:/o:intel:core_i7-6567u_firmware:-", "cpe:/o:intel:core_i7-8750h_firmware:-", "cpe:/o:intel:core_i5-8550_firmware:-", "cpe:/o:intel:core_i3-7007u_firmware:-", "cpe:/o:intel:core_i3-10100f_firmware:-", "cpe:/o:intel:celeron_g4920_firmware:-", "cpe:/o:intel:celeron_g4900_firmware:-", "cpe:/o:intel:core_i3-1005g1_firmware:-", "cpe:/o:intel:core_i3-8000_firmware:-", "cpe:/o:intel:core_i5-6600t_firmware:-", "cpe:/o:intel:xeon_e-2176g_firmware:-", "cpe:/o:intel:core_i5-6600k_firmware:-", "cpe:/o:intel:xeon_e3-1245_firmware:-", "cpe:/o:intel:core_i7-7700k_firmware:-", "cpe:/o:intel:core_i3-6102e_firmware:-", "cpe:/o:intel:core_i5-6440eq_firmware:-", "cpe:/o:intel:core_i5-8600k_firmware:-", "cpe:/o:intel:core_i7-7820hk_firmware:-", "cpe:/o:intel:core_i5-1035g4_firmware:-", "cpe:/o:intel:pentium_silver_n5030_firmware:-", "cpe:/o:intel:core_i5-6600_firmware:-", "cpe:/o:intel:core_i5-7442eq_firmware:-", "cpe:/o:intel:core_i3-7110u_firmware:-", "cpe:/o:intel:xeon_e-2134_firmware:-", "cpe:/o:intel:core_4205u_firmware:-", "cpe:/o:intel:celeron_g3930te_firmware:-", "cpe:/o:intel:pentium_gold_g5500t_firmware:-", "cpe:/o:intel:core_i7-6660u_firmware:-", "cpe:/o:intel:core_i5-7y57_firmware:-", "cpe:/o:intel:celeron_n4000_firmware:-", "cpe:/o:intel:celeron_3965u_firmware:-", "cpe:/o:intel:core_i8130u_firmware:-", "cpe:/o:intel:core_i5-1030g4_firmware:-", "cpe:/o:intel:core_i5-6442eq_firmware:-", "cpe:/o:intel:core_i5-6400t_firmware:-", "cpe:/o:intel:core_i7-8670_firmware:-", "cpe:/o:intel:core_i7-6510u_firmware:-", "cpe:/o:intel:core_i7-7y75_firmware:-", "cpe:/o:intel:core_i5-7600t_firmware:-", "cpe:/o:intel:xeon_e-2124_firmware:-", "cpe:/o:intel:core_m5-6y57_firmware:-", "cpe:/o:intel:celeron_g3900t_firmware:-", "cpe:/o:intel:pentium_4405y_firmware:-", "cpe:/o:intel:core_i7-7567u_firmware:-", "cpe:/o:intel:celeron_n4120_firmware:-", "cpe:/o:intel:core_i5-6200u_firmware:-", "cpe:/o:intel:core_i7-7700hq_firmware:-", "cpe:/o:intel:xeon_e3-1280_firmware:-", "cpe:/o:intel:celeron_n4100_firmware:-", "cpe:/o:intel:core_i5-8365u_firmware:-", "cpe:/o:intel:core_i5-7300hq_firmware:-", "cpe:/o:intel:core_i5-7260u_firmware:-", "cpe:/o:intel:core_i5-6287u_firmware:-", "cpe:/o:intel:core_i7-8665u_firmware:-", "cpe:/o:intel:xeon_e-2176m_firmware:-", "cpe:/o:intel:core_m7-6y75_firmware:-", "cpe:/o:intel:core_i5-7400_firmware:-", "cpe:/o:intel:core_i3-8300_firmware:-", "cpe:/o:intel:core_i5-7600k_firmware:-", "cpe:/o:intel:xeon_e3-1505l_firmware:-", "cpe:/o:intel:core_i5-7500u_firmware:-", "cpe:/o:intel:core_i5-7y54_firmware:-", "cpe:/o:intel:xeon_e3-1240l_firmware:-", "cpe:/o:intel:core_i5-9400_firmware:-", "cpe:/o:intel:core_i3-6120t_firmware:-", "cpe:/o:intel:core_i3-8000t_firmware:-", "cpe:/o:intel:core_i5-1030g7_firmware:-", "cpe:/o:intel:xeon_e-2146g_firmware:-", "cpe:/o:intel:pentium_silver_n5000_firmware:-", "cpe:/o:intel:core_i5-6260u_firmware:-", "cpe:/o:intel:pentium_gold_g5400t_firmware:-", "cpe:/o:intel:core_i9-9880h_firmware:-", "cpe:/o:intel:core_i3-7367u_firmware:-", "cpe:/o:intel:pentium_4410y_firmware:-", "cpe:/o:intel:core_i9-10900_firmware:-", "cpe:/o:intel:core_i3-6120_firmware:-", "cpe:/o:intel:xeon_e-2278g_firmware:-", "cpe:/o:intel:core_i3-7101e_firmware:-", "cpe:/o:intel:core_i5-8265u_firmware:-", "cpe:/o:intel:core_i7-8559u_firmware:-", "cpe:/o:intel:core_i7-6700_firmware:-", "cpe:/o:intel:core_i5-8400t_firmware:-", "cpe:/o:intel:celeron_3965y_firmware:-", "cpe:/o:intel:core_i5-6267u_firmware:-", "cpe:/o:intel:core_i5-9300h_firmware:-", "cpe:/o:intel:core_i3-8100_firmware:-", "cpe:/o:intel:core_i7-10610u_firmware:-", "cpe:/o:intel:core_i3-1000g1_firmware:-", "cpe:/o:intel:core_i5-8210y_firmware:-", "cpe:/o:intel:core_i5-6350hq_firmware:-", "cpe:/o:intel:core_i5-7300u_firmware:-", "cpe:/o:intel:celeron_n4020_firmware:-", "cpe:/o:intel:celeron_3855u_firmware:-", "cpe:/o:intel:core_i5-7500t_firmware:-", "cpe:/o:intel:xeon_e-2126g_firmware:-", "cpe:/o:intel:core_5405u_firmware:-", "cpe:/o:intel:pentium_g4400_firmware:-", "cpe:/o:intel:pentium_gold_g5420_firmware:-", "cpe:/o:intel:core_m3-7y30_firmware:-", "cpe:/o:intel:core_i7-7820eq_firmware:-", "cpe:/o:intel:core_i7-6970hq_firmware:-", "cpe:/o:intel:core_i3-7100u_firmware:-", "cpe:/o:intel:core_m5-6y54_firmware:-", "cpe:/o:intel:xeon_e3-1515m_firmware:-", "cpe:/o:intel:core_i7-6600u_firmware:-", "cpe:/o:intel:core_i5-7440eq_firmware:-", "cpe:/o:intel:xeon_e3-1558l_firmware:-", "cpe:/o:intel:core_i5-8420t_firmware:-", "cpe:/o:intel:core_i3-7100e_firmware:-", "cpe:/o:intel:core_i7-8650u_firmware:-", "cpe:/o:intel:celeron_j4125_firmware:-", "cpe:/o:intel:core_i7-6820eq_firmware:-", "cpe:/o:intel:core_i7-8705g_firmware:-", "cpe:/o:intel:xeon_e3-1501l_firmware:-", "cpe:/o:intel:core_i5-7210u_firmware:-", "cpe:/o:intel:pentium_silver_j5005_firmware:-", "cpe:/o:intel:core_i7-1060g7_firmware:-", "cpe:/o:intel:core_i5-6360u_firmware:-", "cpe:/o:intel:xeon_e3-1268l_firmware:-", "cpe:/o:intel:celeron_g3930e_firmware:-", "cpe:/o:intel:core_i5-8400b_firmware:-", "cpe:/o:intel:core_i5-7500_firmware:-", "cpe:/o:intel:core_i5-8420_firmware:-", "cpe:/o:intel:core_i7-6920hq_firmware:-", "cpe:/o:intel:pentium_g4400t_firmware:-", "cpe:/o:intel:core_i7-6770hq_firmware:-", "cpe:/o:intel:core_i3-6100t_firmware:-", "cpe:/o:intel:core_i5-6300u_firmware:-", "cpe:/o:intel:core_i3-7130u_firmware:-", "cpe:/o:intel:core_i7-6820hq_firmware:-", "cpe:/o:intel:core_i7-8670t_firmware:-", "cpe:/o:intel:pentium_g4400te_firmware:-", "cpe:/o:intel:core_i3-1000g4_firmware:-", "cpe:/o:intel:core_i7-6500u_firmware:-", "cpe:/o:intel:core_i5-7267u_firmware:-", "cpe:/o:intel:celeron_g3902e_firmware:-", "cpe:/o:intel:pentium_4405u_firmware:-", "cpe:/o:intel:core_i7-6870hq_firmware:-", "cpe:/o:intel:core_i5-6440hq_firmware:-", "cpe:/o:intel:core_i8350k_firmware:-", "cpe:/o:intel:core_i3-8100h_firmware:-", "cpe:/o:intel:core_i7-8700k_firmware:-", "cpe:/o:intel:core_i7-6700te_firmware:-", "cpe:/o:intel:core_i3-6100_firmware:-", "cpe:/o:intel:xeon_e3-1230_firmware:-", "cpe:/o:intel:core_i3-8100t_firmware:-", "cpe:/o:intel:core_i5-1035g1_firmware:-", "cpe:/o:intel:pentium_gold_g5400_firmware:-", "cpe:/o:intel:core_i7-7660u_firmware:-", "cpe:/o:intel:core_i7-9850h_firmware:-", "cpe:/o:intel:core_i3-6167u_firmware:-", "cpe:/o:intel:core_i5-8650k_firmware:-", "cpe:/o:intel:core_i9-8950hk_firmware:-", "cpe:/o:intel:celeron_j4005_firmware:-", "cpe:/o:intel:core_i7-8809g_firmware:-", "cpe:/o:intel:core_i3-6110u_firmware:-", "cpe:/o:intel:pentium_gold_g5420t_firmware:-", "cpe:/o:intel:core_i3-6300_firmware:-", "cpe:/o:intel:core_i5-6210u_firmware:-", "cpe:/o:intel:celeron_g3900e_firmware:-", "cpe:/o:intel:core_i7-8709g_firmware:-", "cpe:/o:intel:pentium_silver_j5040_firmware:-", "cpe:/o:intel:core_i3-8020_firmware:-", "cpe:/o:intel:xeon_e3-1535m_firmware:-", "cpe:/o:intel:core_i5-9400h_firmware:-", "cpe:/o:intel:xeon_e3-1235l_firmware:-", "cpe:/o:intel:xeon_e-2286m_firmware:-", "cpe:/o:intel:core_i5-8600_firmware:-", "cpe:/o:intel:core_i7-7510u_firmware:-", "cpe:/o:intel:core_i3-6100u_firmware:-", "cpe:/o:intel:celeron_g4900t_firmware:-", "cpe:/o:intel:xeon_e3-1220_firmware:-", "cpe:/o:intel:core_i7-9700k_firmware:-", "cpe:/o:intel:celeron_g3920_firmware:-", "cpe:/o:intel:xeon_e-2278gel_firmware:-", "cpe:/o:intel:core_i5-8500b_firmware:-", "cpe:/o:intel:core_i7-6700hq_firmware:-", "cpe:/o:intel:core_i5-7440hq_firmware:-", "cpe:/o:intel:core_i5-7360u_firmware:-", "cpe:/o:intel:xeon_e3-1585l_firmware:-", "cpe:/o:intel:celeron_j4105_firmware:-", "cpe:/o:intel:core_i5-9600k_firmware:-", "cpe:/o:intel:core_i7-7700t_firmware:-", "cpe:/o:intel:core_i5-6300hq_firmware:-", "cpe:/o:intel:core_i5-8350u_firmware:-", "cpe:/o:intel:core_i5-8500_firmware:-", "cpe:/o:intel:xeon_e3-1545m_firmware:-", "cpe:/o:intel:core_i3-6320t_firmware:-", "cpe:/o:intel:core_i5-9600kf_firmware:-", "cpe:/o:intel:xeon_e3-1585_firmware:-", "cpe:/o:intel:core_i3-8109u_firmware:-", "cpe:/o:intel:core_i5-8310y_firmware:-", "cpe:/o:intel:core_i7-8706g_firmware:-", "cpe:/o:intel:core_i3-7100h_firmware:-", "cpe:/o:intel:core_i9-9980hk_firmware:-", "cpe:/o:intel:pentium_g4420t_firmware:-", "cpe:/o:intel:core_i5-8300h_firmware:-", "cpe:/o:intel:core_i7-8700b_firmware:-", "cpe:/o:intel:xeon_e3-1501m_firmware:-", "cpe:/o:intel:xeon_e3-1505m_firmware:-", "cpe:/o:intel:core_i7-6700t_firmware:-", "cpe:/o:intel:xeon_e3-1575m_firmware:-", "cpe:/o:intel:core_i7-10750h_firmware:-", "cpe:/o:intel:pentium_g4420_firmware:-", "cpe:/o:intel:core_i7-9700kf_firmware:-", "cpe:/o:intel:core_i5-7640x_firmware:-", "cpe:/o:intel:core_i5-7400t_firmware:-", "cpe:/o:intel:core_i7-6560u_firmware:-", "cpe:/o:intel:core_i5-6500_firmware:-", "cpe:/o:intel:celeron_g3920t_firmware:-", "cpe:/o:intel:core_i5-6310u_firmware:-", "cpe:/o:intel:core_i3-6320_firmware:-", "cpe:/o:intel:core_i7-1065g7_firmware:-", "cpe:/o:intel:pentium_4415y_firmware:-", "cpe:/o:intel:core_i5-7600_firmware:-", "cpe:/o:intel:core_i5-6500te_firmware:-", "cpe:/o:intel:core_i3-7020u_firmware:-", "cpe:/o:intel:pentium_g4520t_firmware:-", "cpe:/o:intel:core_i7-6820hk_firmware:-", "cpe:/o:intel:core_i7-7700_firmware:-", "cpe:/o:intel:core_i5-7287u_firmware:-", "cpe:/o:intel:celeron_3955u_firmware:-", "cpe:/o:intel:core_i7-9750hf_firmware:-", "cpe:/o:intel:xeon_e-2278ge_firmware:-", "cpe:/o:intel:core_i9-9900k_firmware:-", "cpe:/o:intel:core_i7-7500u_firmware:-"], "id": "CVE-2020-8694", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8694", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:o:intel:celeron_n4020_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_4405u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6260u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6500te_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7567u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8120_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8350u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g4900t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6320_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6300hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8000t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-10710u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_m3-8100y_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8300_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g3920t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8600_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6510u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1260l_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_m5-6y54_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_gold_g5400t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8305g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6100t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6567u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7820hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8210y_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6650u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_4410y_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7442eq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1240l_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6700hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7267u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8200y_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_gold_g5500t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2278g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7100e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g3930e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_4205u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7102e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_m7-6y75_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1558l_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8750h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7740x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-1030g4_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7440eq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8650u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_3955u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8500b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6300t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6700te_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8700b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-1035g1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i9-9900k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7287u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7600_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_g4400_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g3900_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-9600k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_silver_n5030_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_gold_g5600_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8600t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_j4125_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8809g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_3965y_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8500y_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_j4105_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2278ge_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6920hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6600k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_g4520t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-1060g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7300u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-10610u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8700k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g3900te_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8670_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6102e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8400b_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6600_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7320t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6820eq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8565u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8850h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_j4005_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6822eq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6100te_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7400_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6200u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8420t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2176g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1575m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6440eq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-9300h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6310u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6700_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8400t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6120_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g3902e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-9600kf_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7210u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8709g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_g4400t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7120t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6400_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2124g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7007u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-1030g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6820hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7101te_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8100t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6100h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7020u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8310y_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_3965u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-1005g1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1270_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1240_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7500u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g4920_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7700_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8145u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2136_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_n4000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2124_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6120t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_m3-7y30_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8705g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_4415y_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7200u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-9700kf_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-10750h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2134_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1230_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_5405u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1505l_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_4415u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-9400f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7y54_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7700hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6442eq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_m3-6y30_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7y57_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7y75_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_g4500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-1035g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i8130u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_gold_g5420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7640x_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6287u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6300u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i9-8950hk_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7400t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6210u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_g4420_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7500u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1585l_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_gold_g5500_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6440hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g3920_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6600u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7260u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1585_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1245_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8365u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_g4540_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7100u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7367u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1535m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6500t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8269u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_g4400te_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7820hk_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7101e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8650k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8300t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7660u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6360u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1505m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7360u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6770hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_m5-6y57_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i9-9980hk_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6110u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7820eq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6700t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7560u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g3940_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i9-9880h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6560u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_g4520_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7700t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-9750hf_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_silver_n5000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_g4500t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8650_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2144g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7510u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8700_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g3900t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7340_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8700t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-1000g4_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6267u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-10100f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1268l_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-1000g1_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1545m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_g4420t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_gold_g5400_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8300h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i9-9900kf_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6167u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1275_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8510y_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-1065g7_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8000_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2288g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7110u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2174g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6350hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8109u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2186g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7600k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7700k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_silver_j5040_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6700k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7120_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8250u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1578l_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2486g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_3855u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i8350k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8100h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7600u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1501l_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8670t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7300hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1280_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2286m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-7920hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1225_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_n4120_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_4405y_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8400h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8400_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_gold_g5420t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8665u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_j4025_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_3865u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g4900_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7600t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6100e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2176m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-9400h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2278gel_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6320t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1501m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6500u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8706g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g3930te_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8259u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6400t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2146g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8550u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7100h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-1035g4_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1515m_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e-2126g_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-9850h_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_g3900e_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1565l_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6660u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-6600t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7500t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1220_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6970hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6300_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i9-10900_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:pentium_silver_j5005_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:xeon_e3-1235l_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-7130u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-6100u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-8559u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-9700k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:celeron_n4100_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6820hk_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8550_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8600k_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i3-8020_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-9400_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8500t_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i7-6870hq_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-8265u_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:intel:core_i5-7440hq_firmware:-:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2020-11-25T15:14:40", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as\nreferenced in the USN-4627-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.", "edition": 2, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-11T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Linux kernel vulnerability (USN-4627-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8694"], "modified": "2020-11-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1087-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-saucy", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1073-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1058-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1029-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-quantal", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1039-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-69-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-194-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-69-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-raring", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-194-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-53-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-183-generic-lpae", "cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-183-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1101-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-saucy", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.3", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-server", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-53-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-123-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-123-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-183-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-194-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-53-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-123-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1071-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-highbank", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-pae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1029-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-4627-1.NASL", "href": "https://www.tenable.com/plugins/nessus/142721", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4627-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142721);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\"CVE-2020-8694\");\n script_xref(name:\"USN\", value:\"4627-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Linux kernel vulnerability (USN-4627-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as\nreferenced in the USN-4627-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4627-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8694\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-183-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-183-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13.0-183-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1058-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1073-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1087-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1101-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-123-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-123-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-123-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-194-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-194-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-194-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.0.0-1071-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-1039-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-69-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.3.0-69-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1029-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1029-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-53-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-53-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-53-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-saucy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-quantal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-raring\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-saucy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-trusty\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-highbank\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-utopic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-vivid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-wily\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-lts-xenial\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-8694');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4627-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1058-oracle', 'pkgver': '4.15.0-1058.64~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-1087-gcp', 'pkgver': '4.15.0-1087.100~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-123-generic', 'pkgver': '4.15.0-123.126~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-123-generic-lpae', 'pkgver': '4.15.0-123.126~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.15.0-123-lowlatency', 'pkgver': '4.15.0-123.126~16.04.1'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-194-generic', 'pkgver': '4.4.0-194.226'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-194-generic-lpae', 'pkgver': '4.4.0-194.226'},\n {'osver': '16.04', 'pkgname': 'linux-image-4.4.0-194-lowlatency', 'pkgver': '4.4.0-194.226'},\n {'osver': '16.04', 'pkgname': 'linux-image-gcp', 'pkgver': '4.15.0.1087.88'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.123.123'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.123.123'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.123.123'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.123.123'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-utopic', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-vivid', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-wily', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lpae-lts-xenial', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-utopic', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-vivid', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-wily', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-generic-lts-xenial', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-gke', 'pkgver': '4.15.0.1087.88'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.123.123'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.123.123'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-utopic', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-vivid', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-wily', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-lowlatency-lts-xenial', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-oem', 'pkgver': '4.15.0.123.123'},\n {'osver': '16.04', 'pkgname': 'linux-image-oracle', 'pkgver': '4.15.0.1058.47'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.123.123'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.123.123'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-utopic', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-vivid', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-wily', 'pkgver': '4.4.0.194.200'},\n {'osver': '16.04', 'pkgname': 'linux-image-virtual-lts-xenial', 'pkgver': '4.4.0.194.200'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1058-oracle', 'pkgver': '4.15.0-1058.64'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1073-gke', 'pkgver': '4.15.0-1073.78'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1087-gcp', 'pkgver': '4.15.0-1087.100'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-1101-oem', 'pkgver': '4.15.0-1101.112'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-123-generic', 'pkgver': '4.15.0-123.126'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-123-generic-lpae', 'pkgver': '4.15.0-123.126'},\n {'osver': '18.04', 'pkgname': 'linux-image-4.15.0-123-lowlatency', 'pkgver': '4.15.0-123.126'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.0.0-1071-oem-osp1', 'pkgver': '5.0.0-1071.77'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.3.0-1039-gke', 'pkgver': '5.3.0-1039.42'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.3.0-69-generic', 'pkgver': '5.3.0-69.65'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.3.0-69-lowlatency', 'pkgver': '5.3.0-69.65'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1029-gcp', 'pkgver': '5.4.0-1029.31~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1029-oracle', 'pkgver': '5.4.0-1029.31~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-53-generic', 'pkgver': '5.4.0-53.59~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-53-generic-lpae', 'pkgver': '5.4.0-53.59~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-53-lowlatency', 'pkgver': '5.4.0-53.59~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1029.17'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1029.17'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-lts-18.04', 'pkgver': '4.15.0.1087.105'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-16.04-edge', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.53.59~18.04.47'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.53.59~18.04.47'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-16.04-edge', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.53.59~18.04.47'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.53.59~18.04.47'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke', 'pkgver': '4.15.0.1073.77'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-4.15', 'pkgver': '4.15.0.1073.77'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.3', 'pkgver': '5.3.0.1039.22'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.3', 'pkgver': '5.3.0.69.126'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-16.04-edge', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.53.59~18.04.47'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.53.59~18.04.47'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '4.15.0.1101.105'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.0.0.1071.69'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1029.13'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1029.13'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-lts-18.04', 'pkgver': '4.15.0.1058.68'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.53.59~18.04.47'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.53.59~18.04.47'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-16.04-edge', 'pkgver': '4.15.0.123.110'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.53.59~18.04.47'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.53.59~18.04.47'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1029-gcp', 'pkgver': '5.4.0-1029.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1029-oracle', 'pkgver': '5.4.0-1029.31'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-53-generic', 'pkgver': '5.4.0-53.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-53-generic-lpae', 'pkgver': '5.4.0-53.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-53-lowlatency', 'pkgver': '5.4.0-53.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1029.37'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke', 'pkgver': '5.4.0.1029.37'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1029.26'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.53.56'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.4.0.53.56'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-4.15.0-1058-oracle / linux-image-4.15.0-1073-gke / etc');\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-14T06:30:28", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-12-09T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3273-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25656", "CVE-2020-8694"], "modified": "2020-12-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-base", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-obs-build"], "id": "SUSE_SU-2020-3273-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143629", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3273-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143629);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2020-25656\", \"CVE-2020-8694\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:3273-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bug fixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-25656: Fixed a concurrency use-after-free in\nvt_do_kdgkb_ioctl (bnc#1177766).\n\nCVE-2020-8694: Restricted energy meter to root access (bsc#1170415).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163592\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170415\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175749\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177801\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178173\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178176\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178395\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25656/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8694/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203273-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?24bc19d5\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2020-3273=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2020-3273=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2020-3273=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2020-3273=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2020-3273=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2020-3273=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.37.1.9.13.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.37.1.9.13.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.37.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.37.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-25T15:14:40", "description": "The remote Ubuntu 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nUSN-4626-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c\n mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. (CVE-2020-27194)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-11T00:00:00", "title": "Ubuntu 20.10 : Linux kernel vulnerabilities (USN-4626-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27194", "CVE-2020-8694"], "modified": "2020-11-11T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-28-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-28-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1010-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-28-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1007-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1013-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-28-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1011-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:20.10", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1007-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1012-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1009-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke"], "id": "UBUNTU_USN-4626-1.NASL", "href": "https://www.tenable.com/plugins/nessus/142727", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4626-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142727);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/24\");\n\n script_cve_id(\"CVE-2020-8694\", \"CVE-2020-27194\");\n script_xref(name:\"USN\", value:\"4626-1\");\n\n script_name(english:\"Ubuntu 20.10 : Linux kernel vulnerabilities (USN-4626-1)\");\n script_summary(english:\"Checks the dpkg output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nUSN-4626-1 advisory.\n\n - An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c\n mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. (CVE-2020-27194)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4626-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8694\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1007-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1007-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1009-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1010-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1011-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1012-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-1013-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-28-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-28-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-28-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-28-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nrelease = chomp(release);\nif (! preg(pattern:\"^(20\\.10)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.10', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-8694', 'CVE-2020-27194');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4626-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1007-raspi', 'pkgver': '5.8.0-1007.10'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1007-raspi-nolpae', 'pkgver': '5.8.0-1007.10'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1009-kvm', 'pkgver': '5.8.0-1009.10'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1010-oracle', 'pkgver': '5.8.0-1010.10'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1011-gcp', 'pkgver': '5.8.0-1011.11'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1012-azure', 'pkgver': '5.8.0-1012.13'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-1013-aws', 'pkgver': '5.8.0-1013.14'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-28-generic', 'pkgver': '5.8.0-28.30'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-28-generic-64k', 'pkgver': '5.8.0-28.30'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-28-generic-lpae', 'pkgver': '5.8.0-28.30'},\n {'osver': '20.10', 'pkgname': 'linux-image-5.8.0-28-lowlatency', 'pkgver': '5.8.0-28.30'},\n {'osver': '20.10', 'pkgname': 'linux-image-aws', 'pkgver': '5.8.0.1013.15'},\n {'osver': '20.10', 'pkgname': 'linux-image-azure', 'pkgver': '5.8.0.1012.12'},\n {'osver': '20.10', 'pkgname': 'linux-image-gcp', 'pkgver': '5.8.0.1011.11'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-gke', 'pkgver': '5.8.0.1011.11'},\n {'osver': '20.10', 'pkgname': 'linux-image-kvm', 'pkgver': '5.8.0.1009.10'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-oracle', 'pkgver': '5.8.0.1010.10'},\n {'osver': '20.10', 'pkgname': 'linux-image-raspi', 'pkgver': '5.8.0.1007.10'},\n {'osver': '20.10', 'pkgname': 'linux-image-raspi-nolpae', 'pkgver': '5.8.0.1007.10'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.8.0.28.33'},\n {'osver': '20.10', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.8.0.28.33'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n osver = NULL;\n pkgname = NULL;\n pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-image-5.8.0-1007-raspi / linux-image-5.8.0-1007-raspi-nolpae / etc');\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-26T12:59:22", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - powercap: restrict energy meter to root access (Kanth\n Ghatraju) [Orabug: 32040806] (CVE-2020-8694)\n (CVE-2020-8695)", "edition": 4, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-13T00:00:00", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0049)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8695", "CVE-2020-8694"], "modified": "2020-11-13T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware"], "id": "ORACLEVM_OVMSA-2020-0049.NASL", "href": "https://www.tenable.com/plugins/nessus/142884", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2020-0049.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(142884);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/25\");\n\n script_cve_id(\"CVE-2020-8694\", \"CVE-2020-8695\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0049)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - powercap: restrict energy meter to root access (Kanth\n Ghatraju) [Orabug: 32040806] (CVE-2020-8694)\n (CVE-2020-8695)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2020-November/001003.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?25bc2ed7\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8694\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.44.4.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.44.4.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-02T13:09:14", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-5924 advisory.\n\n - Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to\n potentially enable information disclosure via local access. (CVE-2020-8695)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-12T00:00:00", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2020-5924)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8695", "CVE-2020-8694"], "modified": "2020-11-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-container", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-5924.NASL", "href": "https://www.tenable.com/plugins/nessus/142869", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5924.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142869);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/01\");\n\n script_cve_id(\"CVE-2020-8694\", \"CVE-2020-8695\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2020-5924)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-5924 advisory.\n\n - Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to\n potentially enable information disclosure via local access. (CVE-2020-8695)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5924.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-8694', 'CVE-2020-8695');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5924');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-container-4.14.35-2025.402.2.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-container-4.14.35'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-02T13:09:14", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-5923 advisory.\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\n - Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to\n potentially enable information disclosure via local access. (CVE-2020-8695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-12T00:00:00", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2020-5923)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8695", "CVE-2020-8694"], "modified": "2020-11-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-container", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2020-5923.NASL", "href": "https://www.tenable.com/plugins/nessus/142868", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5923.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142868);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/01\");\n\n script_cve_id(\"CVE-2020-8694\", \"CVE-2020-8695\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2020-5923)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-5923 advisory.\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\n - Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to\n potentially enable information disclosure via local access. (CVE-2020-8695)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5923.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-8694', 'CVE-2020-8695');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5923');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-container-4.14.35-2025.402.2.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-container-4.14.35'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-02T13:09:15", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5926 advisory.\n\n - Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to\n potentially enable information disclosure via local access. (CVE-2020-8695)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-12T00:00:00", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5926)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8695", "CVE-2020-8694"], "modified": "2020-11-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2020-5926.NASL", "href": "https://www.tenable.com/plugins/nessus/142867", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5926.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142867);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/01\");\n\n script_cve_id(\"CVE-2020-8694\", \"CVE-2020-8695\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5926)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2020-5926 advisory.\n\n - Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to\n potentially enable information disclosure via local access. (CVE-2020-8695)\n\n - Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2020-8694)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5926.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8695\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-8694', 'CVE-2020-8695');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5926');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-4.1.12-124.45.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.45.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.45.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.45.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.45.2.el7uek', 'release':'7', 'rpm_prefix':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.45.2.el7uek', 'release':'7', 'rpm_prefix':'kernel-uek-firmware-4.1.12'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-21T21:00:13", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5914 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.", "edition": 2, "cvss3": {}, "published": "2020-11-10T00:00:00", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5914)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8695", "CVE-2020-8694"], "modified": "2020-11-10T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-tools", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2020-5914.NASL", "href": "https://www.tenable.com/plugins/nessus/142676", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5914.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142676);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/10\");\n\n script_cve_id(\"CVE-2020-8694\", \"CVE-2020-8695\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2020-5914)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2020-5914 advisory. Note that Nessus has not tested for this issue but has instead relied only on the\napplication's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5914.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-8694', 'CVE-2020-8695');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5914');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-5.4.17-2036.100.6.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.100.6.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.100.6.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.100.6.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.100.6.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.100.6.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.100.6.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.100.6.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.100.6.1.el7uek', 'release':'7', 'rpm_prefix':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.100.6.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.100.6.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2036.100.6.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_prefix':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2036.100.6.1.el7uek', 'cpu':'aarch64', 'release':'7'},\n {'reference':'python-perf-5.4.17-2036.100.6.1.el7uek', 'cpu':'aarch64', 'release':'7'},\n {'reference':'kernel-uek-5.4.17-2036.100.6.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.100.6.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.100.6.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.100.6.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.100.6.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.100.6.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.100.6.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.100.6.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.100.6.1.el8uek', 'release':'8', 'rpm_prefix':'kernel-uek-doc-5.4.17'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T09:07:08", "description": "According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - There is a memory leak in\n perf_event_parse_addr_filter.(CVE-2020-25704)\n\n - Insufficient access control in the Linux kernel driver\n for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via\n local access.(CVE-2020-8694)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 3, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-12-01T00:00:00", "title": "EulerOS : kernel (EulerOS-SA-2020-2498)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25656", "CVE-2020-8694", "CVE-2020-25704"], "modified": "2020-12-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:python3-perf", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "cpe:/o:huawei:euleros:"], "id": "EULEROS_SA-2020-2498.NASL", "href": "https://www.tenable.com/plugins/nessus/143411", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143411);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-25656\",\n \"CVE-2020-25704\",\n \"CVE-2020-8694\"\n );\n\n script_name(english:\"EulerOS : kernel (EulerOS-SA-2020-2498)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - There is a memory leak in\n perf_event_parse_addr_filter.(CVE-2020-25704)\n\n - Insufficient access control in the Linux kernel driver\n for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via\n local access.(CVE-2020-8694)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2498\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e222d0ac\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release (\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS \");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.0.h269.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.0.h269.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.0.h269.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.0.h269.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-16T09:08:38", "description": "An update of the linux package has been released.", "edition": 3, "cvss3": {"score": 8.5, "vector": "AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2020-11-19T00:00:00", "title": "Photon OS 1.0: Linux PHSA-2020-1.0-0338", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25645", "CVE-2020-25668", "CVE-2020-8694"], "modified": "2020-11-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2020-1_0-0338_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/143065", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-1.0-0338. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143065);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/15\");\n\n script_cve_id(\"CVE-2020-8694\", \"CVE-2020-25645\", \"CVE-2020-25668\");\n\n script_name(english:\"Photon OS 1.0: Linux PHSA-2020-1.0-0338\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-338.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25668\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-4.4.243-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'linux-api-headers-4.4.243-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-dev-4.4.243-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-docs-4.4.243-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.4.243-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-4.4.243-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-devel-4.4.243-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-esx-docs-4.4.243-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-oprofile-4.4.243-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-sound-4.4.243-1.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'linux-tools-4.4.243-1.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2020-12-12T03:35:15", "bulletinFamily": "software", "cvelist": ["CVE-2020-8694"], "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 14.04\n * Canonical Ubuntu 16.04\n\n## Description\n\nMoritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine Easdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running Average Power Limit (RAPL) driver in the Linux kernel did not properly restrict access to power data. A local attacker could possibly use this to expose sensitive information.\n\nCVEs contained in this USN include: CVE-2020-8694.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Xenial Stemcells \n * 315.x versions prior to 315.202\n * 456.x versions prior to 456.129\n * 621.x versions prior to 621.93\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 315.x versions to 315.202 or greater\n * Upgrade 456.x versions to 456.129 or greater\n * Upgrade 621.x versions to 621.93 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4627-1/>)\n * [CVE-2020-8694](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-8694>)\n\n## History\n\n2020-12-11: Initial vulnerability report published.\n", "edition": 1, "modified": "2020-12-11T00:00:00", "published": "2020-12-11T00:00:00", "id": "CFOUNDRY:0CE68D437CE297B310E92D41E3305821", "href": "https://www.cloudfoundry.org/blog/usn-4627-1/", "title": "USN-4627-1: Linux kernel vulnerability | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "archlinux": [{"lastseen": "2020-12-08T11:40:50", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25704", "CVE-2020-8694"], "description": "Arch Linux Security Advisory ASA-202011-10\n==========================================\n\nSeverity: Medium\nDate : 2020-11-10\nCVE-ID : CVE-2020-8694 CVE-2020-25704\nPackage : linux-hardened\nType : multiple issues\nRemote : No\nLink : https://security.archlinux.org/AVG-1269\n\nSummary\n=======\n\nThe package linux-hardened before version 5.9.8.a-1 is vulnerable to\nmultiple issues including denial of service and information disclosure.\n\nResolution\n==========\n\nUpgrade to 5.9.8.a-1.\n\n# pacman -Syu \"linux-hardened>=5.9.8.a-1\"\n\nThe problems have been fixed upstream in version 5.9.8.a.\n\nWorkaround\n==========\n\n- CVE-2020-8694\n\nA temporary measure would be to remove the ability for non-root users\nto read the current RAPL energy reporting metrics.\nThis can be done with the command:\n\n# sudo chmod 400 /sys/class/powercap/intel_rapl/*/energy_uj\n\nThis mitigation will only work on the current boot and will need to be\nreapplied at each system boot to remain in effect.\n\nDescription\n===========\n\n- CVE-2020-8694 (information disclosure)\n\nAn information disclosure flaw was found in the Linux kernel's Intel\nRunning Average Power Limit (RAPL) implementation. A local non-\nprivileged attacker could infer secrets by measuring power usage and\nalso infer private data by observing the power usage of calculations\nperformed on the data.\n\n- CVE-2020-25704 (denial of service)\n\nA memory leak has been found in the perf_event_parse_addr_filter\nfunction of Linux before 5.9.7, leading to a denial of service.\n\nImpact\n======\n\nA local attacker might be able to exhaust the memory available on the\nsystem, causing a denial of service, or access sensitive information by\nobserving the power usage.\n\nReferences\n==========\n\nhttps://www.openwall.com/lists/oss-security/2020/11/09/1\nhttps://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=7bdb157cdebbf95a1cd94ed2e01b338714075d00\nhttps://www.openwall.com/lists/oss-security/2020/11/10/5\nhttps://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=949dd0104c496fa7c14991a23c03c62e44637e71\nhttps://platypusattack.com/\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html\nhttps://github.com/anthraxx/linux-hardened/commit/b72aaa9506b38e68f3476a642d0e42b3071f82bb\nhttps://security.archlinux.org/CVE-2020-8694\nhttps://security.archlinux.org/CVE-2020-25704", "modified": "2020-11-10T00:00:00", "published": "2020-11-10T00:00:00", "id": "ASA-202011-10", "href": "https://security.archlinux.org/ASA-202011-10", "type": "archlinux", "title": "[ASA-202011-10] linux-hardened: multiple issues", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "lenovo": [{"lastseen": "2021-01-13T07:27:23", "bulletinFamily": "info", "cvelist": ["CVE-2020-8695", "CVE-2020-8694"], "description": "**Lenovo Security Advisory: **LEN-41208\n\n**Potential Impact: **Information disclosure\n\n**Severity: **Medium\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: **CVE-2020-8694, CVE-2020-8695\n\n**Summary Description:**\n\nIntel reported potential security vulnerabilities in the Intel\u00ae Running Average Power Limit (RAPL) Interface that may allow information disclosure.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nIntel is releasing a Linux driver and microcode update to mitigate these potential vulnerabilities.\n\nIntel recommends updating to the firmware version indicated for your model in the Product Impact section in [LEN-49266](<https://support.lenovo.com/us/en/product_security/LEN-49266>).\n\nIntel recommends updating to the version for your model in the Product Impact section below.\n", "edition": 9, "modified": "2021-01-13T03:36:30", "published": "2020-11-04T15:35:53", "id": "LENOVO:PS500365-INTEL-RAPL-INTERFACE-ADVISORY-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500365-intel-rapl-interface-advisory", "title": "Intel RAPL Interface Advisory - Lenovo Support US", "type": "lenovo", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-11T01:20:59", "bulletinFamily": "info", "cvelist": ["CVE-2020-8695", "CVE-2020-8694"], "description": "**Lenovo Security Advisory: **LEN-41208\n\n**Potential Impact: **Information disclosure\n\n**Severity: **Medium\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: **CVE-2020-8694, CVE-2020-8695\n\n**Summary Description:**\n\nIntel reported potential security vulnerabilities in the Intel\u00ae Running Average Power Limit (RAPL) Interface that may allow information disclosure.\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nIntel is releasing a Linux driver and microcode update to mitigate these potential vulnerabilities.\n\nIntel recommends updating to the firmware version indicated for your model in the Product Impact section in [LEN-49266](<https://alirt2.lenovo.com/browse/LEN-49266> \"BIOS Rollup \\(10\\)- November 10, 2020\" ).\n\nIntel recommends updating to the version for your model in the Product Impact section below.\n", "edition": 1, "modified": "2020-11-10T18:33:37", "published": "2020-11-04T15:35:53", "id": "LENOVO:INTEL-RAPL-INTERFACE-ADVISORY-NOSID", "href": "https://support.lenovo.com/us/en/product_security/intel-rapl-interface-advisory", "title": "Intel RAPL Interface Advisory - Lenovo Support US", "type": "lenovo", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-01-14T07:27:28", "bulletinFamily": "info", "cvelist": ["CVE-2020-8695", "CVE-2020-0587", "CVE-2020-12890", "CVE-2020-0588", "CVE-2020-29633", "CVE-2020-8696", "CVE-2020-0592", "CVE-2020-8698", "CVE-2020-1292", "CVE-2020-1025", "CVE-2020-0591", "CVE-2020-8354", "CVE-2020-12926", "CVE-2020-8352", "CVE-2020-0593", "CVE-2020-1289", "CVE-2020-8694", "CVE-2020-2963", "CVE-2020-0590"], "description": "**Lenovo Security Advisory: **LEN-49266\n\n**Potential Impact: **Information disclosure, privilege escalation, denial of service\n\n**Severity: **High\n\n**Scope of Impact: **Industry-wide\n\n**CVE Identifier: **CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-0591, CVE-2020-0592, CVE-2020-0593, CVE-2020-1025, CVE-2020-1289, CVE-2020-1292, CVE-2020-2963, CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698, CVE-2020-8352, CVE-2020-8354\n\n**Summary Description:**\n\nWhen possible, Lenovo consolidates multiple BIOS security fixes and enhancements into as few updates as possible. The following list of vulnerabilities were reported by suppliers and researchers or were found during our regular internal testing. Not all products listed in the Product Impact section of this advisory were affected by every CVE summarized here.\n\nAMD reported a potential vulnerability that may impact AMD\u2019s TPM implementation of non-orderly shutdown-failedTries with the USE_DA_USED build flag. CVE-2020-12926 (AMD), CVE-2020-29633 (TCG)\n\nAMD reported a potential vulnerability in some AMD notebook or embedded processors that may allow privilege escalation. CVE-2020-12890\n\nAMI has released AMI Aptio V BIOS security enhancements. No CVEs available\n\nIntel reported potential security vulnerabilities in the BIOS firmware for some Intel\u00ae Processors that may allow escalation of privilege or denial of service. INTEL-SA-00358: CVE-2020-0587, CVE-2020-0588, CVE-2020-0590, CVE-2020-0591, CVE-2020-0592, CVE-2020-0593\n\nIntel reported potential security vulnerabilities in some Intel\u00ae Processors that may allow information disclosure. INTEL-SA-00381: CVE-2020-8696, CVE-2020-8698\n\nIntel reported potential security vulnerabilities in the Intel\u00ae Running Average Power Limit (RAPL) Interface that may allow information disclosure. INTEL-SA-00389: CVE-2020-8694, CVE-2020-8695\n\nA potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. CVE-2020-8354\n\nIn some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA configuration changes. CVE-2020-8352\n\nPhoenix has released security enhancements for Phoenix BIOS. No CVEs available\n\n**Mitigation Strategy for Customers (what you should do to protect yourself):**\n\nUpdate system firmware to the version (or newer) indicated for your model in the Product Impact section.\n", "edition": 19, "modified": "2021-01-13T03:23:04", "published": "2020-11-04T15:47:25", "id": "LENOVO:PS500368-MULTI-VENDOR-BIOS-SECURITY-VULNERABILITIES-NOVEMBER-2020-NOSID", "href": "https://support.lenovo.com/us/en/product_security/ps500368-multi-vendor-bios-security-vulnerabilities-november-2020", "title": "Multi-vendor BIOS Security Vulnerabilities (November 2020) - Lenovo Support US", "type": "lenovo", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2020-11-11T06:51:37", "bulletinFamily": "unix", "cvelist": ["CVE-2020-27194", "CVE-2020-8694"], "description": "Simon Scannell discovered that the bpf verifier in the Linux kernel did not \nproperly calculate register bounds for certain operations. A local attacker \ncould use this to expose sensitive information (kernel memory) or gain \nadministrative privileges. (CVE-2020-27194)\n\nMoritz Lipp, Michael Schwarz, Andreas Kogler, David Oswald, Catherine \nEasdon, Claudio Canella, and Daniel Gruss discovered that the Intel Running \nAverage Power Limit (RAPL) driver in the Linux kernel did not properly \nrestrict access to power data. A local attacker could possibly use this to \nexpose sensitive information. (CVE-2020-8694)", "edition": 1, "modified": "2020-11-11T00:00:00", "published": "2020-11-11T00:00:00", "id": "USN-4626-1", "href": "https://ubuntu.com/security/notices/USN-4626-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2020-11-21T13:24:40", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-8694"], "description": "[4.1.12-124.44.4.1]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040806] {CVE-2020-8694} {CVE-2020-8695}", "edition": 2, "modified": "2020-11-10T00:00:00", "published": "2020-11-10T00:00:00", "id": "ELSA-2020-5917", "href": "http://linux.oracle.com/errata/ELSA-2020-5917.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-21T13:28:26", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-8696", "CVE-2020-8698", "CVE-2020-8694"], "description": "[4:20200609-2.20201027.1.0.1]\n- add support for UEK6 kernels\n- remove no longer appropriate caveats for 06-2d-07 and 06-55-04\n[4:20200609-2.20201027.1]\n- Update Intel CPU microcode to microcode-20201027 release, addresses\n CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698\n (#1893265, #1893253, #1893233):\n - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n 0xe0;\n - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n to 0x2006a08;\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n to 0xde;\n - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n to 0xde;\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n to 0xe0;\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n to 0xde;\n - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n revision 0xd6 up to 0xde;\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n to 0xde;\n - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n from revision 0x43 up to 0x44;\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n up to 0x1000159;\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n up to 0x4003003;\n - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n 0x5002f01 up to 0x5003003;\n - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n to 0x40;\n - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n to 0x1e;\n - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n to 0x18;\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n up to 0xa0;\n - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n up to 0xe0.\n[4:20200609-2.20200609.3]\n- Add README file to the documentation directory.\n- Add publicly-sourced codenames list to supply to gen_provides.sh; update\n the latter to handle the somewhat different format.\n- Add SUMMARY.intel-ucode file containing metadata information from\n the microcode file headers.", "edition": 2, "modified": "2020-11-17T00:00:00", "published": "2020-11-17T00:00:00", "id": "ELSA-2020-5085", "href": "http://linux.oracle.com/errata/ELSA-2020-5085.html", "title": "microcode_ctl security, bug fix and enhancement update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-21T13:29:00", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-8696", "CVE-2020-8698", "CVE-2020-8694"], "description": "[3:1.17-33.31.0.1]\n- recognize the 'force-intel' file path available on EL7+ [orabug 31655792]\n- disable live load during %post due to UEK4 rendezvous timeouts [orabug 31655792]\n- merge Oracle changes for early load via dracut\n- remove no longer appropriate caveats for 06-2d-07 and 06-55-04\n- remove other caveat support to be compatible with early load logic\n- enable late load on install for UEK4 kernels marked safe (except BDW-79)\n- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737]\n[2:1.17-33.31]\n- Update Intel CPU microcode to microcode-20201027 release, addresses\n CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698\n (#1893243, #1893238):\n - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode (in microcode.dat)\n at revision 0x700001e;\n - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in\n microcode.dat) at revision 0x68;\n - Addition of 06-a5-02/0x20 (CML-H R1) microcode (in microcode.dat)\n at revision 0xe0;\n - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode (in microcode.dat)\n at revision 0xe0;\n - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode (in microcode.dat)\n at revision 0xe0;\n - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode (in\n microcode.dat) at revision 0xe0;\n - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n microcode-06-4e-03.dat) from revision 0xdc up to 0xe2;\n - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n microcode-06-55-04.dat) from revision 0x2006906 up to 0x2006a08;\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n microcode-06-5e-03.dat) from revision 0xdc up to 0xe2;\n - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n (in microcode.dat) from revision 0x43 up to 0x44;\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode (in microcode.dat)\n from revision 0x1000157 up to 0x1000159;\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode (in microcode.dat)\n from revision 0x4002f01 up to 0x4003003;\n - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode (in\n microcode.dat) from revision 0x5002f01 up to 0x5003003;\n - Update of 06-5c-09/0x03 (APL D0) microcode (in microcode.dat) from\n revision 0x38 up to 0x40;\n - Update of 06-5c-0a/0x03 (APL B1/F1) microcode (in microcode.dat)\n from revision 0x16 up to 0x1e;\n - Update of 06-7a-08/0x01 (GLK-R R0) microcode (in microcode.dat)\n from revision 0x16 up to 0x18;\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode (in microcode.dat)\n from revision 0x78 up to 0xa0;\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in microcode.dat)\n from revision 0xd6 up to 0xde;\n - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n microcode.dat) from revision 0xd6 up to 0xde;\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n microcode.dat) from revision 0xd6 up to 0xe0;\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in microcode.dat)\n from revision 0xd6 up to 0xde;\n - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n microcode (in microcode.dat) from revision 0xd6 up to 0xde;\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n microcode.dat) from revision 0xd6 up to 0xde;\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n microcode.dat) from revision 0xd6 up to 0xde;\n - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in microcode.dat)\n from revision 0xd6 up to 0xde;\n - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n microcode.dat) from revision 0xd6 up to 0xde;\n - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n microcode.dat) from revision 0xd6 up to 0xde;\n - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode (in microcode.dat)\n from revision 0xca up to 0xe0.\n[2:1.17-33.30]\n- Add README file to the documentation directory.\n- Add publicly-sourced codenames list to supply to gen_provides.sh; update\n the latter to handle the somewhat different format.\n- Add SUMMARY.intel-ucode file containing metadata information from\n the microcode file headers.", "edition": 2, "modified": "2020-11-17T00:00:00", "published": "2020-11-17T00:00:00", "id": "ELSA-2020-5084", "href": "http://linux.oracle.com/errata/ELSA-2020-5084.html", "title": "microcode_ctl security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-21T13:29:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-8696", "CVE-2020-8698", "CVE-2020-8694"], "description": "[2:2.1-73.2.0.1]\n- for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727]\n- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736]\n- ensure late loading fixes are present on 4.1.12-* and 4.14.35-*\n- enable early and late load for 5.4.17-*\n- enable early loading for 06-4f-01 caveat\n- remove 06-55-04 caveat\n[2:2.1-73.2]\n- Update Intel CPU microcode to microcode-20201027 release, addresses\n CVE-2020-8694, CVE-2020-8695, CVE-2020-8696, CVE-2020-8698\n (#1893261, #1893249, #1893229):\n - Addition of 06-55-0b/0xbf (CPX-SP A1) microcode at revision 0x700001e;\n - Addition of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode at revision 0x68;\n - Addition of 06-a5-02/0x20 (CML-H R1) microcode at revision 0xe0;\n - Addition of 06-a5-03/0x22 (CML-S 6+2 G1) microcode at revision 0xe0;\n - Addition of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode at revision 0xe0;\n - Addition of 06-a6-01/0x80 (CML-U 6+2 v2 K0) microcode at revision\n 0xe0;\n - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xdc up to 0xe2;\n - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006906 up\n to 0x2006a08;\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xdc up to 0xe2;\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n to 0xde;\n - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xd6 up\n to 0xde;\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xd6 up\n to 0xe0;\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xd6 up\n to 0xde;\n - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n revision 0xd6 up to 0xde;\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xd6 up\n to 0xde;\n - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xd6 up\n to 0xde;\n - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n from revision 0x43 up to 0x44;\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x1000157\n up to 0x1000159;\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4002f01\n up to 0x4003003;\n - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n 0x5002f01 up to 0x5003003;\n - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x38 up\n to 0x40;\n - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x16 up\n to 0x1e;\n - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x16 up\n to 0x18;\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0x78\n up to 0xa0;\n - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xca\n up to 0xe0.\n[2:2.1-73.1]\n- Add README file to the documentation directory.\n- Add publicly-sourced codenames list to supply to gen_provides.sh; update\n the latter to handle the somewhat different format.\n- Add SUMMARY.intel-ucode file containing metadata information from\n the microcode file headers.", "edition": 2, "modified": "2020-11-17T00:00:00", "published": "2020-11-17T00:00:00", "id": "ELSA-2020-5083", "href": "http://linux.oracle.com/errata/ELSA-2020-5083.html", "title": "microcode_ctl security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-13T03:27:09", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2016-7917", "CVE-2020-25643", "CVE-2016-7913", "CVE-2020-8694"], "description": "[4.1.12-124.45.2]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32137965] {CVE-2020-8694} {CVE-2020-8695}\n[4.1.12-124.45.1]\n- Revert 'x86/efi: Initialize and display UEFI secure boot state a bit later during init' (Eric Snowberg) [Orabug: 31887248] \n- xfs: fix xfs_inode use after free (Wengang Wang) [Orabug: 31932452] \n- SUNRPC: ECONNREFUSED should cause a rebind. (NeilBrown) [Orabug: 32070175] \n- netfilter: nfnetlink: correctly validate length of batch messages (Phil Turnbull) [Orabug: 30658635] {CVE-2016-7917}\n- xc2028: Fix use-after-free bug properly (Takashi Iwai) [Orabug: 30658659] {CVE-2016-7913}\n- [media] xc2028: avoid use after free (Mauro Carvalho Chehab) [Orabug: 30658659] {CVE-2016-7913}\n- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 30821411] \n- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989190] {CVE-2020-25643}\n- tracing: Reverse the order of trace_types_lock and event_mutex (Alan Maguire) [Orabug: 32002706] \n- ocfs2/dlm: move lock to the tail of grant queue while doing in-place convert (xuejiufei) [Orabug: 32071234]", "edition": 1, "modified": "2020-11-12T00:00:00", "published": "2020-11-12T00:00:00", "id": "ELSA-2020-5926", "href": "http://linux.oracle.com/errata/ELSA-2020-5926.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-15T03:23:58", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2019-19816", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-25668", "CVE-2020-12352", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "[4.14.35-2025.403.3]\n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005117] \n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005117] \n- lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32005117] \n- lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32005117] \n- lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32005117] \n- uek-rpm: Don't build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176889] \n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187748] {CVE-2020-28974}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32201999] \n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}\n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177548]\n[4.14.35-2025.403.2]\n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122729] {CVE-2020-25668}\n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656} {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656}\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131175] {CVE-2020-25704}\n- perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131175] {CVE-2020-25704}\n- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136898] \n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136898] \n- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136898] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136898] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136898] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136898] \n- xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139244]\n[4.14.35-2025.403.1]\n- lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131561] \n- Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 32136519] \n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138016] \n- Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152249] \n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152144] \n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152144]\n[4.14.35-2025.403.0]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32138487] {CVE-2020-8694} {CVE-2020-8695}\n- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864726] \n- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864726] \n- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864726] {CVE-2019-19816}\n- x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 31975320] \n- hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32132413] \n- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113843] \n- perf symbols: Check if we read regular file in dso__load() (Jiri Olsa) [Orabug: 30696035] \n- rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 31990095] \n- rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32003081] \n- dm cache: remove all obsolete writethrough-specific code (Mike Snitzer) [Orabug: 32010352] \n- dm cache: pass cache structure to mode functions (Mike Snitzer) [Orabug: 32010352] \n- dm rq: don't call blk_mq_queue_stopped() in dm_stop_queue() (Ming Lei) [Orabug: 32010352] \n- bcache: allocate meta data pages as compound pages (Coly Li) [Orabug: 32010352] \n- md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (ChangSyun Peng) [Orabug: 32010352] \n- bcache: fix super block seq numbers comparision in register_cache_set() (Coly Li) [Orabug: 32010352] \n- md-cluster: fix wild pointer of unlock_all_bitmaps() (Zhao Heming) [Orabug: 32010352] \n- dm: use noio when sending kobject event (Mikulas Patocka) [Orabug: 32010352] \n- dm zoned: assign max_io_len correctly (Hou Tao) [Orabug: 32010352] \n- md: add feature flag MD_FEATURE_RAID0_LAYOUT (NeilBrown) [Orabug: 32010352] \n- dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (Hannes Reinecke) [Orabug: 32010352] \n- dm mpath: switch paths in dm_blk_ioctl() code path (Martin Wilck) [Orabug: 32010352] \n- dm crypt: avoid truncating the logical block size (Eric Biggers) [Orabug: 32010352] \n- md: don't flush workqueue unconditionally in md_open (Guoqing Jiang) [Orabug: 32010352] \n- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32010658] \n- x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32010658] \n- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32010658] \n- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32010658] \n- x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32010658] \n- jiffies: add utility function to calculate delta in ms (Matteo Croce) [Orabug: 32010658] \n- rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809] \n- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021288] {CVE-2020-12352}\n- x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021855] \n- arm64: Corrects warning: ISO C90 forbids mixed declarations and code (John Donnelly) [Orabug: 32040061] \n- hwrng: cavium: Corrects warning: unused variable 'dev_id' (John Donnelly) [Orabug: 32040066] \n- Lock down /proc/kcore (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127] \n- lockdown: Lock down perf when in confidentiality mode (David Howells) [Orabug: 32053127] \n- Lock down kprobes (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127] \n- debugfs: whitelist spectre mitigation when locked down (Eric Snowberg) [Orabug: 32053127] \n- debugfs: Return -EPERM when locked down (Eric Snowberg) [Orabug: 32053127] \n- debugfs: Restrict debugfs when the kernel is locked down (David Howells) [Orabug: 32053127] \n- lockdown: Add __kernel_is_confidentiality_mode to figure out whether .. (Konrad Rzeszutek Wilk) [Orabug: 32053127] \n- dtrace: Restrict access when the kernel is locked down in confidentiality mode (Konrad Rzeszutek Wilk) [Orabug: 32053127] \n- bpf: Restrict bpf when kernel lockdown is in confidentiality mode (David Howells) [Orabug: 32053127] \n- security: Add a static lockdown policy LSM [diet-version] (Matthew Garrett) [Orabug: 32053127] \n- net/rds: Check for NULL rid_dev_rem_complete (Ka-Cheong Poon) [Orabug: 32058618] \n- scsi: Corrects warning: passing argument 1 of 'wwn_to_u64' mismatch (John Donnelly) [Orabug: 32059622] \n- ipvlan: Corrects warning: label 'unregister_netdev' defined but not used (John Donnelly) [Orabug: 32059740] \n- mm, compaction: raise compaction priority after it withdrawns (Vlastimil Babka) [Orabug: 32065218] \n- mm, reclaim: cleanup should_continue_reclaim() (Vlastimil Babka) [Orabug: 32065218] \n- mm, reclaim: make should_continue_reclaim perform dryrun detection (Hillf Danton) [Orabug: 32065218] \n- KVM: Drop 'const' attribute from old memslot in commit_memory_region() (Sean Christopherson) [Orabug: 32068898] \n- octeontx2-pf: Return proper RSS indirection table size always (Sunil Goutham) [Orabug: 32095651] \n- octeontx2-af: Free RVU REE irq properly (Smadar Fuks) [Orabug: 32095651] \n- octeontx2-af: Free RVU NIX IRQs properly. (Rakesh Babu) [Orabug: 32095651] \n- octeontx2-af: Fix the BPID mask (Subbaraya Sundeep) [Orabug: 32095651] \n- octeontx2-pf: Fix receive buffer size calculation (Sunil Goutham) [Orabug: 32095651] \n- octeontx2-af: Fix updating wrong multicast list index in NIX_RX_ACTION (Naveen Mamindlapalli) [Orabug: 32095651] \n- octeontx2-af: Ratelimit prints from AF error interrupt handlers (Naveen Mamindlapalli) [Orabug: 32095651] \n- octeontx2-pf: Avoid null pointer dereference (Subbaraya Sundeep) [Orabug: 32095651] \n- octeontx2-af: Check the msix offset return value (Subbaraya Sundeep) [Orabug: 32095651] \n- octeontx2-af: make tx nibble fixup is always apply (Stanislaw Kardach) [Orabug: 32095651] \n- octeontx2-af: Stop kpu parsing at layer3 for ipv6 fragmented packets. (Abhijit Ayarekar) [Orabug: 32095651] \n- octeontx2-pf: Call mbox_reset before incrementing ack (Hariprasad Kelam) [Orabug: 32095651] \n- octeontx2-af: Simplify otx2_mbox_reset call (Hariprasad Kelam) [Orabug: 32095651] \n- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095768] \n- net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095962] \n- rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113532]\n[4.14.35-2025.402.2]\n- ocfs2: fix remounting needed after setfacl command (Gang He) \n- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] \n- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] \n- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] \n- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] \n- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] \n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] \n- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]\n- ipv6: fix possible use-after-free in ip6_xmit() (Eric Dumazet) ", "edition": 2, "modified": "2020-12-14T00:00:00", "published": "2020-12-14T00:00:00", "id": "ELSA-2020-5995", "href": "http://linux.oracle.com/errata/ELSA-2020-5995.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-16T19:29:32", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-28915", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-25668", "CVE-2020-12352", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "[5.4.17-2036.101.2uek]\n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187738] {CVE-2020-28974}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177966] \n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}\n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159053] \n- net/rds: rds_ib_remove_one() accesses freed memory (Ka-Cheong Poon) [Orabug: 32213896] \n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159973] \n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159973] \n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005752] \n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005752] \n- arm64:uek/config: Enable ZONE_DMA config (Vijay Kumar) [Orabug: 31970521] \n- Revert 'arm64/dts: Serial console fix for RPi4' (Vijay Kumar) [Orabug: 31970521] \n- uek-rpm: aarch64: enable CONFIG_ACPI_APEI_EINJ (Dave Kleikamp) [Orabug: 32182237] \n- NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (Dai Ngo) [Orabug: 32177992] \n- NFSD: Fix use-after-free warning when doing inter-server copy (Dai Ngo) [Orabug: 32177992] \n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}\n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177543]\n[5.4.17-2036.101.1uek]\n- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32161425] \n- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32161425] \n- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32161425] \n- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32161425] \n- IB/mlx4: Convert rej_tmout radix-tree to XArray (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136895] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136895] \n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131172] {CVE-2020-25704}\n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656} {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656}\n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122725] {CVE-2020-25668}\n- NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy (Dai Ngo) [Orabug: 31879682]\n[5.4.17-2036.101.0uek]\n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152142] \n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152142] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakex (Ankur Arora) [Orabug: 32143850] \n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32143850] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32143850] \n- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32143850] \n- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32143850] \n- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32143850] \n- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32143850] \n- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32143850] \n- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32143850] \n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32137996] \n- cifs: handle empty list of targets in cifs_reconnect() (Paulo Alcantara) [Orabug: 32124750] \n- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (Paulo Alcantara) [Orabug: 32124750] \n- rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113472] \n- net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095959] \n- uek-rpm: aarch64: increase CONFIG_NODES_SHIFT from 3 to 6 (Dave Kleikamp) [Orabug: 32075923] \n- rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 32072247] \n- rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32072245] \n- rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- Revert 'UEK6 compiler warning for /net/rds/send.c' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228] \n- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32048971] \n- x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32048971] \n- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32048971] \n- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32048971] \n- x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32048971] \n- ocfs2: fix remounting needed after setfacl command (Gang He) [Orabug: 32042684] \n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042517] \n- net/rds: Refactor sendmsg ancillary data processing (Ka-Cheong Poon) [Orabug: 32027845] \n- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021285] {CVE-2020-12352}\n- ima: Use ima_hash_algo for collision detection in the measurement list (Roberto Sassu) [Orabug: 31973040] \n- ima: Calculate and extend PCR with digests in ima_template_entry (Roberto Sassu) [Orabug: 31973040] \n- ima: Allocate and initialize tfm for each PCR bank (Roberto Sassu) [Orabug: 31973040] \n- ima: Switch to dynamically allocated buffer for template digests (Roberto Sassu) [Orabug: 31973040] \n- ima: Store template digest directly in ima_template_entry (Roberto Sassu) [Orabug: 31973040] \n- scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (James Smart) [Orabug: 31598148] \n- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113840] \n- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095766] \n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}", "edition": 3, "modified": "2020-12-15T00:00:00", "published": "2020-12-15T00:00:00", "id": "ELSA-2020-5996", "href": "http://linux.oracle.com/errata/ELSA-2020-5996.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.1, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-11-11T01:29:15", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2020-25645", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-27152", "CVE-2020-25211", "CVE-2020-14390", "CVE-2020-8694", "CVE-2019-16089", "CVE-2020-26541"], "description": "[5.4.17-2036.100.6.1.el8uek]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}\n- KVM: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [Orabug: 32066585] {CVE-2020-27152} {CVE-2020-27152}\n- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999339] \n- x86/jump_label: Patch one site at a time (Boris Ostrovsky) [Orabug: 31999339]\n[5.4.17-2036.100.5.el8uek]\n- uek-rpm: Fix integer test for 4k page size module signing (Dave Kleikamp) [Orabug: 32021114] \n- uek-rpm/kernel-uek.spec: Sign modules for 4k kernel (Vijay Kumar) [Orabug: 32021114] \n- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989185] {CVE-2020-25643}\n- dm crypt: add flags to optionally bypass kcryptd workqueues (Ignat Korchagin) [Orabug: 31998688] \n- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010302] \n- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32013938] {CVE-2020-25645}\n- nvmet: Disable keep-alive timer when kato is cleared to 0h (Amit Engel) [Orabug: 31997181] \n- KVM: nVMX: stop abusing need_vmcs12_to_shadow_sync for eVMCS mapping (Vitaly Kuznetsov) [Orabug: 31986433] \n- cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 31985221] \n- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979626] \n- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961115] \n- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961115] \n- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961115] \n- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961115] {CVE-2020-26541}\n- bcache: stop setting ->queuedata (Christoph Hellwig) [Orabug: 30210051] \n- bcache: pr_info() format clean up in bcache_device_init() (Coly Li) [Orabug: 30210051] \n- bcache: use delayed kworker fo asynchronous devices registration (Coly Li) [Orabug: 30210051] \n- bcache: check and adjust logical block size for backing devices (Mauricio Faria de Oliveira) [Orabug: 30210051] \n- bcache: configure the asynchronous registertion to be experimental (Coly Li) [Orabug: 30210051] \n- bcache: asynchronous devices registration (Coly Li) [Orabug: 30210051] \nuses to a more typical style (Joe Perches) [Orabug: 30210051] \n- bcache: remove redundant variables i and n (Colin Ian King) [Orabug: 30210051] \n- bcache: remove a duplicate ->make_request_fn assignment (Christoph Hellwig) [Orabug: 30210051] \n- bcache: pass the make_request methods to blk_queue_make_request (Christoph Hellwig) [Orabug: 30210051] \n- bcache: remove dupplicated declaration from btree.h (Coly Li) [Orabug: 30210051] \n- bcache: optimize barrier usage for atomic operations (Coly Li) [Orabug: 30210051] \n- bcache: optimize barrier usage for Rmw atomic bitops (Davidlohr Bueso) [Orabug: 30210051] \n- bcache: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 30210051] \n- bcache: make bch_sectors_dirty_init() to be multithreaded (Coly Li) [Orabug: 30210051] \n- bcache: make bch_btree_check() to be multithreaded (Coly Li) [Orabug: 30210051] \n- bcache: add bcache_ prefix to btree_root() and btree() macros (Coly Li) [Orabug: 30210051] \n- bcache: move macro btree() and btree_root() into btree.h (Coly Li) [Orabug: 30210051] \n- bcache: remove macro nr_to_fifo_front() (Coly Li) [Orabug: 30210051] \n- bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (Coly Li) [Orabug: 30210051] \n- bcache: check return value of prio_read() (Coly Li) [Orabug: 30210051] \n- bcache: reap from tail of c->btree_cache in bch_mca_scan() (Coly Li) [Orabug: 30210051] \n- bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (Coly Li) [Orabug: 30210051] \n- bcache: remove member accessed from struct btree (Coly Li) [Orabug: 30210051] \n- bcache: add code comments for state->pool in __btree_sort() (Coly Li) [Orabug: 30210051] \n- bcache: use read_cache_page_gfp to read the superblock (Christoph Hellwig) [Orabug: 30210051] \n- bcache: store a pointer to the on-disk sb in the cache and cached_dev structures (Christoph Hellwig) [Orabug: 30210051] \n- bcache: return a pointer to the on-disk sb from read_super (Christoph Hellwig) [Orabug: 30210051] \n- bcache: transfer the sb_page reference to register_{bdev,cache} (Christoph Hellwig) [Orabug: 30210051] \n- bcache: use a separate data structure for the on-disk super block (Christoph Hellwig) [Orabug: 30210051] \n- bcache: don't export symbols (Christoph Hellwig) [Orabug: 30210051] \n- bcache: remove the extra cflags for request.o (Christoph Hellwig) [Orabug: 30210051] \n- bcache: add idle_max_writeback_rate sysfs interface (Coly Li) [Orabug: 30210051] \n- bcache: add code comments in bch_btree_leaf_dirty() (Coly Li) [Orabug: 30210051] \n- bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (Coly Li) [Orabug: 30210051] \n- bcache: deleted code comments for dead code in bch_data_insert_keys() (Coly Li) [Orabug: 30210051] \n- bcache: add more accurate error messages in read_super() (Coly Li) [Orabug: 30210051] \n- bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (Guoju Fang) [Orabug: 30210051] \n- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31965669] \n- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31933715] \n- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 31916337] \n- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31972480] {CVE-2019-16089}\n- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}\n- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}\n- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Shung-Hsi Yu) [Orabug: 31907969] \n- PCI: pciehp: Reduce noisiness on hot removal (Lukas Wunner) [Orabug: 30512596] \n- kdump: update Documentation about crashkernel (Chen Zhou) [Orabug: 31554906] \n- arm64: kdump: add memory for devices by DT property linux, usable-memory-range (Chen Zhou) [Orabug: 31554906] \n- kdump: add threshold for the required memory (Chen Zhou) [Orabug: 31554906] \n- arm64: kdump: reimplement crashkernel=X (Chen Zhou) [Orabug: 31554906] \n- arm64: kdump: introduce some macroes for crash kernel reservation (Chen Zhou) [Orabug: 31554906] \n- x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Chen Zhou) [Orabug: 31554906] \n- x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel[_low]() (Chen Zhou) [Orabug: 31554906] \n- x86: kdump: make the lower bound of crash kernel reservation consistent (Chen Zhou) [Orabug: 31554906] \n- x86: kdump: move CRASH_ALIGN to 2M (Chen Zhou) [Orabug: 31554906] \n- block: allow 'chunk_sectors' to be non-power-of-2 (Mike Snitzer) [Orabug: 31827023] \n- block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [Orabug: 31827023] \n- dm: fix comment in dm_process_bio() (Mike Snitzer) [Orabug: 31827023] \n- dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [Orabug: 31827023] \n- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955136] {CVE-2020-25641}\n[5.4.17-2036.100.4.el8uek]\n- xfs: force writes to delalloc regions to unwritten (Darrick J. Wong) [Orabug: 30787888] \n- xfs: properly serialise fallocate against AIO+DIO (Dave Chinner) [Orabug: 31366104] \n- perf/x86/rapl: Add Ice Lake RAPL support (Thomas Tai) [Orabug: 31766610] \n- xfs: attach dquots and reserve quota blocks during unwritten conversion (Darrick J. Wong) [Orabug: 31785972] \n- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872853] {CVE-2020-25211}\n- net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880140] \n- uek-rpm: streamline 4konly build (Dave Kleikamp) [Orabug: 31891770] \n- bnxt: correct warning: unused variable: 'rc' (John Donnelly) [Orabug: 31907548] \n- i40e: Correct warning: 'aq_ret' may be used uninitialized, (John Donnelly) [Orabug: 31907631] \n- uek-rpm: Add ovmapi.ko to uek6 nano_modules (Joe Jin) [Orabug: 31908852] \n- uek-rpm: config: Enable OVM API (Joe Jin) [Orabug: 31908852] \n- uek-rpm: Fix kernel-ueknano depmod warnings vhost_iotlb regmap-i2c (Vijayendra Suman) [Orabug: 31916879] \n- kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (Muchun Song) [Orabug: 31920526] \n- scsi: page warning: 'page' may be used uninitialized. (John Donnelly) [Orabug: 31920671] \n- x86/speculation/taa: Add TAA_MITIGATION_IDLE mode (Patrick Colp) [Orabug: 31921884] \n- oracleasm: Access d_bdev before dropping inode (Stephen Brennan) [Orabug: 31927355] \n- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931368] \n- iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931368] \n- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931368]", "edition": 3, "modified": "2020-11-10T00:00:00", "published": "2020-11-10T00:00:00", "id": "ELSA-2020-5914", "href": "http://linux.oracle.com/errata/ELSA-2020-5914.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2020-11-11T01:28:16", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2019-19448", "CVE-2020-25645", "CVE-2020-25641", "CVE-2020-25643", "CVE-2019-12380", "CVE-2020-25211", "CVE-2020-14356", "CVE-2019-19377", "CVE-2020-14390", "CVE-2020-8694", "CVE-2019-16089", "CVE-2020-14385", "CVE-2020-26541"], "description": "[4.14.35-2025.402.2.1]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695}\n[4.14.35-2025.402.2]\n- ocfs2: fix remounting needed after setfacl command (Gang He) \n- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770] \n- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349] \n- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050] \n- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757] \n- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763] \n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520] \n- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]\n[4.14.35-2025.402.1]\n- configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427] \n- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798] \n- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643}\n- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303] \n- SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341] \n- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645}\n- nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898] \n- xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343] \n- nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357] \n- nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357] \n- uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273] \n- arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273] \n- ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790] \n- rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320] \n- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003] \n- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118] \n- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118] \n- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118] \n- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541}\n- Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205] \n- btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377} {CVE-2019-19377} {CVE-2019-19377}\n- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448} {CVE-2019-19448}\n- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385}\n- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603] \n- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603] \n- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603] \n- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603] \n- ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830] \n- ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830] \n- blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284] \n- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336]\n[4.14.35-2025.402.0]\n- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089}\n- efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380}\n- RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865] \n- rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865] \n- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372] \n- EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136] \n- EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136] \n- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346] \n- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765] \n- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765] \n- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765] \n- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765] \n- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356}\n- bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453] \n- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211}\n- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}\n- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}\n- KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096] \n- Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628] \n- uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869] \n- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641}\n- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628]", "edition": 2, "modified": "2020-11-10T00:00:00", "published": "2020-11-10T00:00:00", "id": "ELSA-2020-5913", "href": "http://linux.oracle.com/errata/ELSA-2020-5913.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2020-11-12T23:26:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8695", "CVE-2019-19448", "CVE-2020-25645", "CVE-2020-25641", "CVE-2020-25643", "CVE-2019-12380", "CVE-2020-25211", "CVE-2020-14356", "CVE-2019-19377", "CVE-2020-14390", "CVE-2020-8694", "CVE-2019-16089", "CVE-2020-14385", "CVE-2020-26541"], "description": "[4.14.35-2025.402.2.1.el7]\n- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug:\n 32040805] {CVE-2020-8694} {CVE-2020-8695}\n[4.14.35-2025.402.2.el7]\n- ocfs2: fix remounting needed after setfacl command (Gang He) \n- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770]\n- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349]\n- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050]\n- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757]\n- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763]\n- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520]\n- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]\n[4.14.35-2025.402.1.el7]\n- configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427]\n- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798]\n- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643}\n- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303]\n- SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341]\n- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645}\n- nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898]\n- xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343]\n- nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357]\n- nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357]\n- uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273]\n- arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273]\n- ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790]\n- rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320]\n- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003]\n- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118]\n- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118]\n- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118]\n- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541}\n- Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205]\n- btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377}\n- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448}\n- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385}\n- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603]\n- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603]\n- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603]\n- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603]\n- ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830]\n- ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830]\n- blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284]\n- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336]\n[4.14.35-2025.402.0.el7]\n- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089}\n- efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380}\n- RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865]\n- rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865]\n- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372]\n- EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136]\n- EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136]\n- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346]\n- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765]\n- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765]\n- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765]\n- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765]\n- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356}\n- bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453]\n- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211}\n- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}\n- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}\n- KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096]\n- Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628]\n- uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869]\n- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641}\n- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628]", "edition": 1, "modified": "2020-11-12T00:00:00", "published": "2020-11-12T00:00:00", "id": "ELSA-2020-5924", "href": "http://linux.oracle.com/errata/ELSA-2020-5924.html", "title": "Unbreakable Enterprise kernel-container security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}], "threatpost": [{"lastseen": "2020-11-11T23:42:17", "bulletinFamily": "info", "cvelist": ["CVE-2020-5977", "CVE-2020-8694", "CVE-2020-8695"], "description": "Nvidia is red-flagging a high-severity flaw in its GeForce NOW application software for Windows. An attacker on a local network can exploit the flaw in order to execute code or gain escalated privileges on affected devices.\n\nGeForce NOW is the brand used by Nvidia for its cloud-based gaming service, which enables real-time gameplay on desktops, laptops, Macs and Android devices. [With an estimated user base](<https://gamedaily.biz/article/1850/nvidias-geforce-now-cloud-gaming-service-launches-on-chromebook>) of 4 million, the service is wildly popular in the gaming community.\n\nIn a Tuesday security advisory, Nvidia revealed a flaw in the popular service (CVE\u20112020\u20115992) that has a CVSS score of 7.3.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe bug stems from an \u201copen-source software dependency\u201d having to do with the OpenSSL library, which is a software library for applications that secure communications over computer networks against eavesdropping or which need to identify the party at the other end.\n\nIn this situation, OpenSSL library is vulnerable to binary planting attacks, according to [Nvidia in its security advisory](<https://nvidia.custhelp.com/app/answers/detail/a_id/5096>). Binary planting is a type of attack where the attacker \u201cplants\u201d a binary file that contains malicious code inside a (in this case local) file system, in order for a vulnerable application to load and execute it.\n\nAll versions prior to 2.0.25.119 are affected; users are urged to update to version 2.0.25.119.\n\n\u201cTo protect your system, open the GeForce NOW application to automatically download the update and follow the instructions for applying it,\u201d according to Nvidia.\n\nNvidia has recently faced various security issues in its gaming-friendly products. That includes two recent flaws in the Windows version of its [GeForce Experience software](<https://threatpost.com/nvidia-gamers-geforce-experience-flaws/160487/>). The most severe flaw of the two (CVE-2020-5977) can lead to a slew of malicious attacks on affected systems \u2013 including code execution, denial of service, escalation of privileges and information disclosure.\n\nIn October, [Nvidia also released a patch](<https://threatpost.com/nvidia-critical-bug-hpc/160762/>) for a critical bug in its high-performance line of DGX servers that could open the door for a remote attacker to take control of and access sensitive data on systems typically operated by governments and Fortune-100 companies.\n\n## **Other Processor Security Issues**\n\nChip manufacturers have deployed a slew of security updates this past week. A massive Intel security update on Tuesday, for instance, [addressed flaws across a myriad of products](<https://threatpost.com/intel-update-critical-privilege-escalation-bugs/161087/>) \u2013 most notably, critical bugs that can be exploited by unauthenticated cybercriminals in order to gain escalated privileges. These critical flaws exist in products related to Wireless Bluetooth \u2013 including various Intel Wi-Fi modules and wireless network adapters \u2013 as well as in its remote out-of-band management tool, Active Management Technology (AMT).\n\nAlso this week, researchers unveiled a new way to steal cryptographic keys from Intel chips through a new side-channel attack, [which they call PLATYPUS.](<https://platypusattack.com>)\n\nThe attack stems from the ability to exploit the Intel Running Average Power Limit (RAPL) interface. RAPL allows monitoring and controlling the power consumption of the CPU and DRAM in software. By launching a side-channel attack against RAPL, researchers were able to not only distinguish different keys, but also reconstruct entire cryptographic keys.\n\nIntel [for its part said that](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html>) the flaws (CVE-2020-8694 and CVE-2020-8695) are medium-severity. That\u2019s in part due to the fact that in order to launch an attack, a bad actor would need to have local access to a device, and would need to be authenticated or privileged.\n\nThe chip-maker recommended that users of affected Intel CPUs update to the latest firmware version provided by the system manufacturer (a full list of affected Intel chips and updates [can be found here](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html>)).\n\n\u201cIntel recommends that users of affected Intel Processors install the updates provided by their software vendors,\u201d according to Intel\u2019s advisory. \u201cIn Linux, for the change to be effective it will require a reboot. If a reboot is not possible, Intel recommends changing the permissions of the affected sysfs attributes so that only privileged users can access them.\u201d\n\n[](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART-Bottom-Image&utm_campaign=Nov_webinar>)\n\n**Hackers Put Bullseye on Healthcare: **[**On Nov. 18 at 2 p.m. EDT**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** find out why hospitals are getting hammered by ransomware attacks in 2020. **[**Save your spot for this FREE webinar**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)** on healthcare cybersecurity priorities and hear from leading security voices on how data security, ransomware and patching need to be a priority for every sector, and why. Join us Wed., Nov. 18, 2-3 p.m. EDT for this **[**LIVE**](<https://threatpost.com/webinars/2020-healthcare-cybersecurity-priorities-data-security-ransomware-and-patching/?utm_source=ART&utm_medium=ART&utm_campaign=Nov_webinar>)**, limited-engagement webinar.**\n", "modified": "2020-11-11T19:03:15", "published": "2020-11-11T19:03:15", "id": "THREATPOST:91D5C98B376371D3671A448EB5B3A2BF", "href": "https://threatpost.com/nvidia-windows-gamers-geforce-now-flaw/161132/", "type": "threatpost", "title": "Nvidia Warns Windows Gamers of GeForce NOW Flaw", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-12-19T01:26:28", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25645", "CVE-2020-25705", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-0427", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2494-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nDecember 18, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux\nVersion : 4.9.246-2\nCVE ID : CVE-2020-0427 CVE-2020-8694 CVE-2020-14351 CVE-2020-25645 \n CVE-2020-25656 CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 \n CVE-2020-25705 CVE-2020-27673 CVE-2020-27675 CVE-2020-28974\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2020-0427\n\n Elena Petrova reported a bug in the pinctrl subsystem that can\n lead to a use-after-free after a device is renamed. The security\n impact of this is unclear.\n\nCVE-2020-8694\n\n Multiple researchers discovered that the powercap subsystem\n allowed all users to read CPU energy meters, by default. On\n systems using Intel CPUs, this provided a side channel that could\n leak sensitive information between user processes, or from the\n kernel to user processes. The energy meters are now readable only\n by root, by default.\n\n This issue can be mitigated by running:\n\n chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj\n\n This needs to be repeated each time the system is booted with\n an unfixed kernel version.\n\nCVE-2020-14351\n\n A race condition was discovered in the performance events\n subsystem, which could lead to a use-after-free. A local user\n permitted to access performance events could use this to cause a\n denial of service (crash or memory corruption) or possibly for\n privilege escalation.\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25645\n\n A flaw was discovered in the interface driver for GENEVE\n encapsulated traffic when combined with IPsec. If IPsec is\n configured to encrypt traffic for the specific UDP port used by the\n GENEVE tunnel, tunneled data isn't correctly routed over the\n encrypted link and sent unencrypted instead.\n\nCVE-2020-25656\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with the CAP_SYS_TTY_CONFIG capability could use this\n to cause a denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n\nCVE-2020-25668\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with access to a virtual terminal, or with the\n CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n\nCVE-2020-25669\n\n Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)\n that could lead to a use-after-free. On a system using this\n driver, a local user could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25704\n\n kiyin(\u5c39\u4eae) discovered a potential memory leak in the performance\n events subsystem. A local user permitted to access performance\n events could use this to cause a denial of service (memory\n exhaustion).\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25705\n\n Keyu Man reported that strict rate-limiting of ICMP packet\n transmission provided a side-channel that could help networked\n attackers to carry out packet spoofing. In particular, this made\n it practical for off-path networked attackers to "poison" DNS\n caches with spoofed responses ("SAD DNS" attack).\n\n This issue has been mitigated by randomising whether packets are\n counted against the rate limit.\n\nCVE-2020-27673 / XSA-332\n\n Julien Grall from Arm discovered a bug in the Xen event handling\n code. Where Linux was used in a Xen dom0, unprivileged (domU)\n guests could cause a denial of service (excessive CPU usage or\n hang) in dom0.\n\nCVE-2020-27675 / XSA-331\n\n Jinoh Kang of Theori discovered a race condition in the Xen event\n handling code. Where Linux was used in a Xen dom0, unprivileged\n (domU) guests could cause a denial of service (crash) in dom0.\n\nCVE-2020-28974\n\n Yuan Ming discovered a bug in the virtual terminal (vt) driver\n that could lead to an out-of-bounds read. A local user with\n access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG\n capability, could possibly use this to obtain sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\n The specific ioctl operation affected by this bug\n (KD_FONT_OP_COPY) has been disabled, as it is not believed that\n any programs depended on it.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.246-2.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 1, "modified": "2020-12-18T12:14:21", "published": "2020-12-18T12:14:21", "id": "DEBIAN:DLA-2494-1:12C95", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00027.html", "title": "[SECURITY] [DLA 2494-1] linux security update", "type": "debian", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-11T01:25:11", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25705", "CVE-2019-19770", "CVE-2020-27675", "CVE-2019-19816", "CVE-2019-19039", "CVE-2020-25669", "CVE-2020-28941", "CVE-2019-19377", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-0423", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2483-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nDecember 05, 2020 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux-4.19\nVersion : 4.19.160-2~deb9u1\nCVE ID : CVE-2019-19039 CVE-2019-19377 CVE-2019-19770 CVE-2019-19816\n CVE-2020-0423 CVE-2020-8694 CVE-2020-14351 CVE-2020-25656\n CVE-2020-25668 CVE-2020-25669 CVE-2020-25704 CVE-2020-25705\n CVE-2020-27673 CVE-2020-27675 CVE-2020-28941 CVE-2020-28974\nDebian Bug : 949863 968623 971058\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service or information leaks.\n\nCVE-2019-19039\n\n "Team bobfuzzer" reported a bug in Btrfs that could lead to an\n assertion failure (WARN). A user permitted to mount and access\n arbitrary filesystems could use this to cause a denial of service\n (crash) if the panic_on_warn kernel parameter is set.\n\nCVE-2019-19377\n\n "Team bobfuzzer" reported a bug in Btrfs that could lead to a\n use-after-free. A user permitted to mount and access arbitrary\n filesystems could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2019-19770\n\n The syzbot tool discovered a race condition in the block I/O\n tracer (blktrace) that could lead to a system crash. Since\n blktrace can only be controlled by privileged users, the security\n impact of this is unclear.\n\nCVE-2019-19816\n\n "Team bobfuzzer" reported a bug in Btrfs that could lead to an\n out-of-bounds write. A user permitted to mount and access\n arbitrary filesystems could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-0423\n\n A race condition was discovered in the Android binder driver, that\n could result in a use-after-free. On systems using this driver, a\n local user could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2020-8694\n\n Multiple researchers discovered that the powercap subsystem\n allowed all users to read CPU energy meters, by default. On\n systems using Intel CPUs, this provided a side channel that could\n leak sensitive information between user processes, or from the\n kernel to user processes. The energy meters are now readable only\n by root, by default.\n\n This issue can be mitigated by running:\n\n chmod go-r /sys/devices/virtual/powercap/*/*/energy_uj\n\n This needs to be repeated each time the system is booted with\n an unfixed kernel version.\n\nCVE-2020-14351\n\n A race condition was discovered in the performance events\n subsystem, which could lead to a use-after-free. A local user\n permitted to access performance events could use this to cause a\n denial of service (crash or memory corruption) or possibly for\n privilege escalation.\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25656\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with the CAP_SYS_TTY_CONFIG capability could use this\n to cause a denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n\nCVE-2020-25668\n\n Yuan Ming and Bodong Zhao discovered a race condition in the\n virtual terminal (vt) driver that could lead to a use-after-free.\n A local user with access to a virtual terminal, or with the\n CAP_SYS_TTY_CONFIG capability, could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n\nCVE-2020-25669\n\n Bodong Zhao discovered a bug in the Sun keyboard driver (sunkbd)\n that could lead to a use-after-free. On a system using this\n driver, a local user could use this to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-25704\n\n kiyin(\u5c39\u4eae) discovered a potential memory leak in the performance\n events subsystem. A local user permitted to access performance\n events could use this to cause a denial of service (memory\n exhaustion).\n\n Debian's kernel configuration does not allow unprivileged users to\n access peformance events by default, which fully mitigates this\n issue.\n\nCVE-2020-25705\n\n Keyu Man reported that strict rate-limiting of ICMP packet\n transmission provided a side-channel that could help networked\n attackers to carry out packet spoofing. In particular, this made\n it practical for off-path networked attackers to "poison" DNS\n caches with spoofed responses ("SAD DNS" attack).\n\n This issue has been mitigated by randomising whether packets are\n counted against the rate limit.\n\nCVE-2020-27673 / XSA-332\n\n Julien Grall from Arm discovered a bug in the Xen event handling\n code. Where Linux was used in a Xen dom0, unprivileged (domU)\n guests could cause a denial of service (excessive CPU usage or\n hang) in dom0.\n\nCVE-2020-27675 / XSA-331\n\n Jinoh Kang of Theori discovered a race condition in the Xen event\n handling code. Where Linux was used in a Xen dom0, unprivileged\n (domU) guests could cause a denial of service (crash) in dom0.\n\nCVE-2020-28941\n\n Shisong Qin and Bodong Zhao discovered a bug in the Speakup screen\n reader subsystem. Speakup assumed that it would only be bound to\n one terminal (tty) device at a time, but did not enforce this. A\n local user could exploit this bug to cause a denial of service\n (crash or memory exhaustion).\n\nCVE-2020-28974\n\n Yuan Ming discovered a bug in the virtual terminal (vt) driver\n that could lead to an out-of-bounds read. A local user with\n access to a virtual terminal, or with the CAP_SYS_TTY_CONFIG\n capability, could possibly use this to obtain sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\n The specific ioctl operation affected by this bug\n (KD_FONT_OP_COPY) has been disabled, as it is not believed that\n any programs depended on it.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.160-2~deb9u1.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\n", "edition": 1, "modified": "2020-12-10T11:55:59", "published": "2020-12-10T11:55:59", "id": "DEBIAN:DLA-2483-1:37DA1", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202012/msg00015.html", "title": "[SECURITY] [DLA 2483-1] linux-4.19 security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-12-19T03:32:38", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability. ([CVE-2019-19770 __](<https://access.redhat.com/security/cve/CVE-2019-19770>))\n\nA flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-14351 __](<https://access.redhat.com/security/cve/CVE-2020-14351>))\n\nA flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. ([CVE-2020-25656 __](<https://access.redhat.com/security/cve/CVE-2020-25656>))\n\nA flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. ([CVE-2020-25668 __](<https://access.redhat.com/security/cve/CVE-2020-25668>))\n\nThe function sunkbd_reinit having been scheduled by sunkbd_interrupt before the struct sunkbd being freed. Though the dangling pointer is set to NULL in sunkbd_disconnect, there is still an alias in sunkbd_reinit thus causing UAF. ([CVE-2020-25669 __](<https://access.redhat.com/security/cve/CVE-2020-25669>))\n\nA flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. ([CVE-2020-25704 __](<https://access.redhat.com/security/cve/CVE-2020-25704>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. ([CVE-2020-27673 __](<https://access.redhat.com/security/cve/CVE-2020-27673>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. ([CVE-2020-27675 __](<https://access.redhat.com/security/cve/CVE-2020-27675>))\n\nThe Linux kernel for powerpc has an issue with the Run-Time Abstraction Services (RTAS) interface, allowing root (or CAP_SYS_ADMIN users) in a VM to overwrite some parts of memory, including kernel memory. ([CVE-2020-27777 __](<https://access.redhat.com/security/cve/CVE-2020-27777>))\n\nAn issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. ([CVE-2020-28941 __](<https://access.redhat.com/security/cve/CVE-2020-28941>))\n\nAn out-of-bounds (OOB) SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. The highest threat from this vulnerability is to system availability. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data. ([CVE-2020-8694 __](<https://access.redhat.com/security/cve/CVE-2020-8694>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-common-i686-4.14.209-117.337.amzn1.i686 \n kernel-tools-devel-4.14.209-117.337.amzn1.i686 \n kernel-headers-4.14.209-117.337.amzn1.i686 \n kernel-tools-4.14.209-117.337.amzn1.i686 \n perf-4.14.209-117.337.amzn1.i686 \n kernel-devel-4.14.209-117.337.amzn1.i686 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-debuginfo-4.14.209-117.337.amzn1.i686 \n perf-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-4.14.209-117.337.amzn1.i686 \n \n src: \n kernel-4.14.209-117.337.amzn1.src \n \n x86_64: \n kernel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-4.14.209-117.337.amzn1.x86_64 \n kernel-headers-4.14.209-117.337.amzn1.x86_64 \n perf-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.x86_64 \n perf-4.14.209-117.337.amzn1.x86_64 \n \n \n", "edition": 1, "modified": "2020-12-16T20:31:00", "published": "2020-12-16T20:31:00", "id": "ALAS-2020-1462", "href": "https://alas.aws.amazon.com/ALAS-2020-1462.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2020-12-23T15:22:29", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability. ([CVE-2019-19770 __](<https://access.redhat.com/security/cve/CVE-2019-19770>))\n\nA flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-14351 __](<https://access.redhat.com/security/cve/CVE-2020-14351>))\n\nA flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. ([CVE-2020-25656 __](<https://access.redhat.com/security/cve/CVE-2020-25656>))\n\nA flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. ([CVE-2020-25668 __](<https://access.redhat.com/security/cve/CVE-2020-25668>))\n\nThe function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. \nThough the dangling pointer is set to NULL in sunkbd_disconnect, there is still a alias in sunkbd_reinit so that causing Use After Free. ([CVE-2020-25669 __](<https://access.redhat.com/security/cve/CVE-2020-25669>))\n\nA flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. ([CVE-2020-25704 __](<https://access.redhat.com/security/cve/CVE-2020-25704>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. ([CVE-2020-27673 __](<https://access.redhat.com/security/cve/CVE-2020-27673>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. ([CVE-2020-27675 __](<https://access.redhat.com/security/cve/CVE-2020-27675>))\n\nThe Linux kernel for powerpc has an issue with the Run-Time Abstraction Services (RTAS) interface, allowing root (or CAP_SYS_ADMIN users) in a VM to overwrite some parts of memory, including kernel memory. \nThis issue impacts guests running on top of PowerVM or KVM hypervisors (pseries platform), and does *not* impact bare-metal machines (powernv platform). ([CVE-2020-27777 __](<https://access.redhat.com/security/cve/CVE-2020-27777>))\n\nAn issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. ([CVE-2020-28941 __](<https://access.redhat.com/security/cve/CVE-2020-28941>))\n\nA slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data. ([CVE-2020-8694 __](<https://access.redhat.com/security/cve/CVE-2020-8694>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n kernel-4.14.209-160.335.amzn2.aarch64 \n kernel-headers-4.14.209-160.335.amzn2.aarch64 \n kernel-debuginfo-common-aarch64-4.14.209-160.335.amzn2.aarch64 \n perf-4.14.209-160.335.amzn2.aarch64 \n perf-debuginfo-4.14.209-160.335.amzn2.aarch64 \n python-perf-4.14.209-160.335.amzn2.aarch64 \n python-perf-debuginfo-4.14.209-160.335.amzn2.aarch64 \n kernel-tools-4.14.209-160.335.amzn2.aarch64 \n kernel-tools-devel-4.14.209-160.335.amzn2.aarch64 \n kernel-tools-debuginfo-4.14.209-160.335.amzn2.aarch64 \n kernel-devel-4.14.209-160.335.amzn2.aarch64 \n kernel-debuginfo-4.14.209-160.335.amzn2.aarch64 \n \n i686: \n kernel-headers-4.14.209-160.335.amzn2.i686 \n \n src: \n kernel-4.14.209-160.335.amzn2.src \n \n x86_64: \n kernel-4.14.209-160.335.amzn2.x86_64 \n kernel-headers-4.14.209-160.335.amzn2.x86_64 \n kernel-debuginfo-common-x86_64-4.14.209-160.335.amzn2.x86_64 \n perf-4.14.209-160.335.amzn2.x86_64 \n perf-debuginfo-4.14.209-160.335.amzn2.x86_64 \n python-perf-4.14.209-160.335.amzn2.x86_64 \n python-perf-debuginfo-4.14.209-160.335.amzn2.x86_64 \n kernel-tools-4.14.209-160.335.amzn2.x86_64 \n kernel-tools-devel-4.14.209-160.335.amzn2.x86_64 \n kernel-tools-debuginfo-4.14.209-160.335.amzn2.x86_64 \n kernel-devel-4.14.209-160.335.amzn2.x86_64 \n kernel-debuginfo-4.14.209-160.335.amzn2.x86_64 \n kernel-livepatch-4.14.209-160.335-1.0-0.amzn2.x86_64 \n \n \n", "edition": 2, "modified": "2020-12-08T20:55:00", "published": "2020-12-08T20:55:00", "id": "ALAS2-2020-1566", "href": "https://alas.aws.amazon.com/AL2/ALAS-2020-1566.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-15T01:28:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19770", "CVE-2020-27675", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-28941", "CVE-2020-25656", "CVE-2020-27673", "CVE-2020-14351", "CVE-2020-25668", "CVE-2020-28974", "CVE-2020-8694", "CVE-2020-25704"], "description": "**Issue Overview:**\n\nA use-after-free flaw was found in the debugfs_remove function in the Linux kernel. The flaw could allow a local attacker with special user (or root) privilege to crash the system at the time of file or directory removal. This vulnerability can lead to a kernel information leak. The highest threat from this vulnerability is to system availability. ([CVE-2019-19770 __](<https://access.redhat.com/security/cve/CVE-2019-19770>))\n\nA flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2020-14351 __](<https://access.redhat.com/security/cve/CVE-2020-14351>))\n\nA flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. ([CVE-2020-25656 __](<https://access.redhat.com/security/cve/CVE-2020-25656>))\n\nA flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. ([CVE-2020-25668 __](<https://access.redhat.com/security/cve/CVE-2020-25668>))\n\nThe function sunkbd_reinit having been scheduled by sunkbd_interrupt before sunkbd being freed. \nThough the dangling pointer is set to NULL in sunkbd_disconnect, there is still a alias in sunkbd_reinit so that causing Use After Free. ([CVE-2020-25669 __](<https://access.redhat.com/security/cve/CVE-2020-25669>))\n\nA flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. ([CVE-2020-25704 __](<https://access.redhat.com/security/cve/CVE-2020-25704>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271. ([CVE-2020-27673 __](<https://access.redhat.com/security/cve/CVE-2020-27673>))\n\nAn issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5. ([CVE-2020-27675 __](<https://access.redhat.com/security/cve/CVE-2020-27675>))\n\nA flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. ([CVE-2020-27777 __](<https://access.redhat.com/security/cve/CVE-2020-27777>))\n\nAn issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9. Local attackers on systems with the speakup driver could cause a local denial of service attack, aka CID-d41227544427. This occurs because of an invalid free when the line discipline is used more than once. ([CVE-2020-28941 __](<https://access.redhat.com/security/cve/CVE-2020-28941>))\n\nAn out-of-bounds (OOB) SLAB memory access flaw was found in the Linux kernel's fbcon driver module. A bounds check failure allows a local attacker with special user privileges to gain access to out-of-bounds memory, leading to a system crash or leaking of internal kernel information. The highest threat from this vulnerability is to system availability. ([CVE-2020-28974 __](<https://access.redhat.com/security/cve/CVE-2020-28974>))\n\nA flaw was found in the Linux kernel's implementation of Intel's Running Average Power Limit (RAPL) implementation. A local attacker could infer secrets by measuring power usage and also infer private data by observing the power usage of calculations performed on the data. ([CVE-2020-8694 __](<https://access.redhat.com/security/cve/CVE-2020-8694>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-debuginfo-common-i686-4.14.209-117.337.amzn1.i686 \n kernel-tools-devel-4.14.209-117.337.amzn1.i686 \n kernel-headers-4.14.209-117.337.amzn1.i686 \n kernel-tools-4.14.209-117.337.amzn1.i686 \n perf-4.14.209-117.337.amzn1.i686 \n kernel-devel-4.14.209-117.337.amzn1.i686 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-debuginfo-4.14.209-117.337.amzn1.i686 \n perf-debuginfo-4.14.209-117.337.amzn1.i686 \n kernel-4.14.209-117.337.amzn1.i686 \n \n src: \n kernel-4.14.209-117.337.amzn1.src \n \n x86_64: \n kernel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.14.209-117.337.amzn1.x86_64 \n kernel-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-4.14.209-117.337.amzn1.x86_64 \n kernel-headers-4.14.209-117.337.amzn1.x86_64 \n perf-debuginfo-4.14.209-117.337.amzn1.x86_64 \n kernel-devel-4.14.209-117.337.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.209-117.337.amzn1.x86_64 \n perf-4.14.209-117.337.amzn1.x86_64 \n \n \n", "edition": 1, "modified": "2021-01-12T22:51:00", "published": "2021-01-12T22:51:00", "id": "ALAS-2021-1461", "href": "https://alas.aws.amazon.com/ALAS-2021-1461.html", "title": "Medium: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "hp": [{"lastseen": "2021-01-16T07:30:00", "bulletinFamily": "software", "cvelist": ["CVE-2020-8695", "CVE-2020-0587", "CVE-2020-8740", "CVE-2020-8739", "CVE-2020-8764", "CVE-2020-0588", "CVE-2020-8696", "CVE-2020-0599", "CVE-2020-0592", "CVE-2020-8698", "CVE-2020-0591", "CVE-2020-0593", "CVE-2020-8738", "CVE-2020-8694", "CVE-2020-0590", "CVE-2020-6929"], "description": "## Potential Security Impact\nEscalation of Privilege, Denial of Service, Information Disclosure \n\n**Source:** HP, HP Product Security Response Team (PSRT) \n\n**Reported by:** HP, Intel \n\n## VULNERABILITY SUMMARY\nIntel\u00ae has informed HP of potential security vulnerabilities identified in Intel\u00ae Processors, BIOS firmware for some Intel\u00ae Processors, Intel\u00ae Running Average Power Limit (RAPL) Interface, and Intel BIOS platform sample code for some Intel\u00ae Processors which may allow escalation of privilege, denial of service, and/or information disclosure. \n\nHP has identified a potential vulnerability with certain versions of HP BIOS which may allow escalation of firmware privilege.\n\n## RESOLUTION\nIntel and HP have released firmware updates to mitigate the potential vulnerabilities. HP has identified the affected platforms and the corresponding SoftPaq updated versions. See the affected platforms listed below.\n\nNewer versions may become available and the minimum versions listed below may become obsolete. If a SoftPaq Link becomes invalid, check the HP Customer Support - Software and Driver Downloads site to obtain the latest update for your product model. \n", "edition": 9, "modified": "2021-01-15T00:00:00", "published": "2020-11-09T00:00:00", "id": "HP:C06962236", "href": "https://support.hp.com/us-en/document/c06962236", "title": "HPSBHF03705 rev. 4 - BIOS November 2020 Security Updates", "type": "hp", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}]}
