ID USN-4883-1 Type ubuntu Reporter Ubuntu Modified 2021-03-29T00:00:00
Description
Adam Nichols discovered that heap overflows existed in the iSCSI subsystem
in the Linux kernel. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2021-27365)
Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did
not properly restrict access to iSCSI transport handles. A local attacker
could use this to cause a denial of service or expose sensitive information
(kernel pointer addresses). (CVE-2021-27363)
Adam Nichols discovered that an out-of-bounds read existed in the iSCSI
subsystem in the Linux kernel. A local attacker could use this to cause a
denial of service (system crash) or expose sensitive information (kernel
memory). (CVE-2021-27364)
{"cve": [{"lastseen": "2021-04-10T19:36:30", "description": "An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "NONE", "baseScore": 4.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 2.5}, "published": "2021-03-07T04:15:00", "title": "CVE-2021-27363", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27363"], "modified": "2021-04-09T09:15:00", "cpe": ["cpe:/o:linux:linux_kernel:5.11.3", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2021-27363", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27363", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.11.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-10T19:36:30", "description": "An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2021-03-07T05:15:00", "title": "CVE-2021-27364", "type": "cve", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27364"], "modified": "2021-04-09T09:15:00", "cpe": ["cpe:/o:linux:linux_kernel:5.11.3", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2021-27364", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27364", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.11.3:*:*:*:*:*:*:*"]}, {"lastseen": "2021-04-10T19:36:30", "description": "An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-07T05:15:00", "title": "CVE-2021-27365", "type": "cve", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27365"], "modified": "2021-04-09T09:15:00", "cpe": ["cpe:/o:linux:linux_kernel:5.11.3", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2021-27365", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27365", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.11.3:*:*:*:*:*:*:*"]}], "virtuozzo": [{"lastseen": "2021-04-05T17:18:29", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to all supported kernels of Virtuozzo Hybrid Server 7, Virtuozzo Infrastructure Platform, and Virtuozzo Hybrid Infrastructure. NOTE: No more ReadyKernel updates are planned for the kernel 3.10.0-957.12.2.vz7.96.21, support for which ends with this update.\n**Vulnerability id:** CVE-2021-27365\n[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Heap buffer overflow in the iSCSI subsystem. It was discovered that the kernel did not check the size of certain iSCSI-related data structures when presenting them in sysfs. A local unprivileged attacker could exploit this (by sending a specially crafted netlink message) to cause a denial of service (system crash) or possibly execute arbitrary code.\n\n**Vulnerability id:** CVE-2021-27364\n[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Out-of-bounds read in the iSCSI subsystem. It was discovered that a local unprivileged attacker could use specially crafted netlink messages to trigger an out-of-bounds read in 'scsi_transport_iscsi' module. The kernel could crash as a result.\n\n**Vulnerability id:** CVE-2021-27363\n[3.10.0-957.12.2.vz7.96.21 to 3.10.0-1127.18.2.vz7.163.46] Unrestricted access to sessions and handles in the iSCSI subsystem. It was discovered that the kernel did not properly restrict access to iSCSI sessions and transport handles. A local unprivileged attacker could use this to end arbitrary iSCSI sessions (potentially causing a denial of service) or to expose locations of certain kernel structures.\n\n", "edition": 1, "modified": "2021-04-05T00:00:00", "published": "2021-04-05T00:00:00", "id": "VZA-2021-017", "href": "https://help.virtuozzo.com/s/article/VZA-2021-017", "title": "[Important] [Security] Virtuozzo ReadyKernel patch 125.0 for Virtuozzo Hybrid Server 7.0, 7.5, Virtuozzo Infrastructure Platform 3.0, and Virtuozzo Hybrid Infrastructure 3.5, 4.0", "type": "virtuozzo", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-03-17T17:34:17", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "[4.1.12-124.48.6]\n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603382] \n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603382] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603382] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603382] \n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603382] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}", "edition": 1, "modified": "2021-03-17T00:00:00", "published": "2021-03-17T00:00:00", "id": "ELSA-2021-9113", "href": "http://linux.oracle.com/errata/ELSA-2021-9113.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-17T09:37:47", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "[5.4.17-2036.104.5]\n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603379] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603379] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603379] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603379] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603379] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}", "edition": 2, "modified": "2021-03-17T00:00:00", "published": "2021-03-17T00:00:00", "id": "ELSA-2021-9114", "href": "http://linux.oracle.com/errata/ELSA-2021-9114.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-17T21:30:54", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "[4.14.35-2047.501.2]\n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}", "edition": 2, "modified": "2021-03-17T00:00:00", "published": "2021-03-17T00:00:00", "id": "ELSA-2021-9112", "href": "http://linux.oracle.com/errata/ELSA-2021-9112.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-17T09:46:10", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "[5.4.17-2036.104.5.el7]\n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603379] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603379] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603379] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603379] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603379] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}", "edition": 2, "modified": "2021-03-17T00:00:00", "published": "2021-03-17T00:00:00", "id": "ELSA-2021-9115", "href": "http://linux.oracle.com/errata/ELSA-2021-9115.html", "title": "Unbreakable Enterprise kernel-container security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-18T23:33:23", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "[4.14.35-2047.501.2.el7]\n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32634994] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}", "edition": 2, "modified": "2021-03-18T00:00:00", "published": "2021-03-18T00:00:00", "id": "ELSA-2021-9116", "href": "http://linux.oracle.com/errata/ELSA-2021-9116.html", "title": "Unbreakable Enterprise kernel-container security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-07T04:34:59", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "[3.10.0-1160.24.1.OL7]\n- Update Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9\n- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)\n[3.10.0-1160.24.1]\n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [1930826] {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [1930849] {CVE-2021-27363}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Chris Leech) [1930807] {CVE-2021-27364}\n- redhat: add CI file for kernel-private (Bruno Meneguele)\n[3.10.0-1160.23.1]\n- tcm_loop: add WQ_MEM_RECLAIM and flush_work (Maurizio Lombardi) [1925652]\n- net/mlx4_en: Handle TX error CQE (Alaa Hleihel) [1925691]\n- net/mlx4_en: Avoid scheduling restart task if it is already running (Alaa Hleihel) [1925691]\n[3.10.0-1160.22.1]\n- mm: do not stall register_shrinker() (Rafael Aquini) [1926043]\n- sched/rt: Fix PI handling vs. sched_setscheduler() (Phil Auld) [1928082]\n- sched/rt: Simplify pull_rt_task() logic and remove .leaf_rt_rq_list (Phil Auld) [1928082]\n- sched: Queue RT tasks to head when prio drops (Phil Auld) [1928082]\n- sched/core: Use READ_ONCE()/WRITE_ONCE() in move_queued_task()/task_rq_lock() (Phil Auld) [1928082]\n- mmc: block: handle complete_work on separate workqueue (Ming Lei) [1918916]\n- tcp: fix to update snd_wl1 in bulk receiver fast path (Vladis Dronov) [1929804]", "edition": 1, "modified": "2021-04-07T00:00:00", "published": "2021-04-07T00:00:00", "id": "ELSA-2021-1071", "href": "http://linux.oracle.com/errata/ELSA-2021-1071.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-12T18:29:09", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363", "CVE-2021-28038"], "description": "[4.14.35-2047.502.4]\n- Revert 'rds: ib: Remove two ib_modify_qp() calls' (Sharath Srinivasan) [Orabug: 32715567] \n- uek-rpm: Update SecureBoot Digicert 2021 certificates (Somasundaram Krishnasamy) [Orabug: 32532514]\n[4.14.35-2047.502.3]\n- video: hyperv_fb: Fix the mmap() regression for v5.4.y and older (Dexuan Cui) [Orabug: 32620797] \n- video: hyperv_fb: Fix the cache type when mapping the VRAM (Dexuan Cui) [Orabug: 32620797] \n- RDMA/core: Fix corrupted SL on passive side (Hakon Bugge) [Orabug: 32644356]\n[4.14.35-2047.502.2]\n- EDAC: skx_common: downgrade message importance on missing PCI device (Aristeu Rozanski) [Orabug: 32651294] \n- Xen/gnttab: handle p2m update errors on a per-slot basis (Jan Beulich) [Orabug: 32651477] {CVE-2021-28038}\n- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (Wanpeng Li) [Orabug: 32633928] \n- xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32640132]\n[4.14.35-2047.502.1]\n- mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang) [Orabug: 32619973] \n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- uek-rpm: add opbmc to nano-kernel (Eric Snowberg) [Orabug: 32555678] \n- ovl: restore creds in all return paths of ovl_iterate (Somasundaram Krishnasamy) [Orabug: 32608965]\n[4.14.35-2047.502.0]\n- rds: rds_drop_egress events should be enabled as part of RDS_RTD_SND (Alan Maguire) [Orabug: 32586918] \n- rds: use dedicated rds_send_lock_contention tracepoint instead of drop (Alan Maguire) [Orabug: 32586918] \n- rds: ensure saddr/daddr for tracepoints is not NULL (Alan Maguire) [Orabug: 32580944] \n- hsr: use netdev_err() instead of WARN_ONCE() (Taehee Yoo) [Orabug: 32576073] \n- vhost: do not try to access device IOTLB when not initialized (Jason Wang) [Orabug: 31906788] \n- uek-rpm: config-aarch-embedded2 update for Feb 2021 Elba patches (Dave Kleikamp) [Orabug: 32544715] \n- huge page support for device memory (Neel Patel) [Orabug: 32544715] \n- mmc: sdhci-cadence-elba.c: Remove SDHCI_QUIRK_BROKEN_TIMEOUT_VAL (David Clear) [Orabug: 32544715] \n- KVM: nVMX: use correct clean fields when copying from eVMCS (Vitaly Kuznetsov) [Orabug: 32544092] \n- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32492971] \n- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32492971] \n- PCI: hotplug: Add module parameter to allow user control of LEDs (James Puthukattukaran) [Orabug: 32527186] \n- net/rds: Reject error code change (Ka-Cheong Poon) [Orabug: 32565543] \n- rds: ib: Remove two ib_modify_qp() calls (Hakon Bugge) [Orabug: 32519917] \n- arm64: kexec: add support for kexec with spin-table (Henry Willard) [Orabug: 32546040] \n- x86/kvm/hyper-v: move VMX controls sanitization out of nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 32543800] \n- x86/kvm/hyper-v: remove stale evmcs_already_enabled check from nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 32543800] \n- net/rds: Need to check shutdown progress in rds_conn_path_destroy() (Ka-Cheong Poon) [Orabug: 32536002] \n- A/A Bonding: In rdmaip synchronize access to ip_config[].rdmaip_dev (Sharath Srinivasan) [Orabug: 32050122] \n- net/rds: In rds_send_xmit() use sg_next() to get the next sg entry (Sharath Srinivasan) [Orabug: 32125836] \n- net/rds: increase 1MB MR pool size for RDS (Manjunath Patil) [Orabug: 32551377]", "edition": 1, "modified": "2021-04-12T00:00:00", "published": "2021-04-12T00:00:00", "id": "ELSA-2021-9172", "href": "http://linux.oracle.com/errata/ELSA-2021-9172.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-04-09T02:29:10", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363", "CVE-2020-0444"], "description": "[4.1.12-124.49.3.1]\n- SecureBoot Digicert 2021 certificates update (Brian Maly) [Orabug: 32532671]\n[4.1.12-124.49.3]\n- xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32485156] \n- audit: fix error handling in audit_data_to_entry() (Paul Moore) [Orabug: 32608451] {CVE-2020-0444}\n[4.1.12-124.49.2]\n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32640641] \n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32640641] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32640641] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32640641] \n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32640641] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n[4.1.12-124.49.1]\n- hsr: use netdev_err() instead of WARN_ONCE() (Taehee Yoo) [Orabug: 32576074]", "edition": 2, "modified": "2021-04-08T00:00:00", "published": "2021-04-08T00:00:00", "id": "ELSA-2021-9164", "href": "http://linux.oracle.com/errata/ELSA-2021-9164.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-13T04:35:22", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363", "CVE-2021-28038"], "description": "[4.14.35-2047.502.4.el7]\n- Revert 'rds: ib: Remove two ib_modify_qp() calls' (Sharath Srinivasan) [Orabug: 32715567]\n- uek-rpm: Update SecureBoot Digicert 2021 certificates (Somasundaram Krishnasamy) [Orabug: 32532514]\n[4.14.35-2047.502.3.el7]\n- video: hyperv_fb: Fix the mmap() regression for v5.4.y and older (Dexuan Cui) [Orabug: 32620797]\n- video: hyperv_fb: Fix the cache type when mapping the VRAM (Dexuan Cui) [Orabug: 32620797]\n- RDMA/core: Fix corrupted SL on passive side (Hakon Bugge) [Orabug: 32644356]\n[4.14.35-2047.502.2.el7]\n- EDAC: skx_common: downgrade message importance on missing PCI device (Aristeu Rozanski) [Orabug: 32651294]\n- Xen/gnttab: handle p2m update errors on a per-slot basis (Jan Beulich) [Orabug: 32651477] {CVE-2021-28038}\n- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (Wanpeng Li) [Orabug: 32633928]\n- xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32640132]", "edition": 1, "modified": "2021-04-13T00:00:00", "published": "2021-04-13T00:00:00", "id": "ELSA-2021-9175", "href": "http://linux.oracle.com/errata/ELSA-2021-9175.html", "title": "Unbreakable Enterprise kernel-container security update", "type": "oraclelinux", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-04-07T14:27:46", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-3347", "CVE-2021-27364", "CVE-2020-27152", "CVE-2021-26708", "CVE-2021-27363", "CVE-2020-0466", "CVE-2020-28374"], "description": "[4.18.0-240.22.1_3.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n[4.18.0-240.22.1_3]\n- futex: Handle faults correctly for PI futexes (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- futex: Simplify fixup_pi_state_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- futex: Use pi_state_update_owner() in put_pi_state() (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- futex: Provide and use pi_state_update_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- futex: Replace pointless printk in fixup_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- futex: Ensure the correct return value from futex_lock_pi() (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- futex: Don't enable IRQs unconditionally in put_pi_state() (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- futex: Fix incorrect should_fail_futex() handling (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- futex: Consistently use fshared as boolean (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- futex: Remove needless goto's (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- futex: Remove put_futex_key() (Waiman Long) [1924633 1924635] {CVE-2021-3347}\n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [1930832 1930833] {CVE-2021-27364}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [1930855 1930856] {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Chris Leech) [1940423 1930809] {CVE-2021-27363}\n[4.18.0-240.21.1_3]\n- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (Paolo Bonzini) [1939013 1912448]\n- gfs2: Fix deadlock between gfs2_{create_inode, inode_lookup} and delete_work_func (Andreas Gruenbacher) [1937109 1903190]\n- gfs2: Don't call cancel_delayed_work_sync from within delete work function (Andreas Gruenbacher) [1937109 1903190]\n- gfs2: Only access gl_delete for iopen glocks (Andreas Gruenbacher) [1937109 1903190]\n- gfs2: Don't sleep during glock hash walk (Andreas Gruenbacher) [1937109 1903190]\n- [netdrv] net/mlx5e: Add missing set of destination vport flags in termtbl create (Alaa Hleihel) [1924689 1851700]\n- [tools] tools arch x86: Sync asm/cpufeatures.h with the kernel sources (David Arcari) [1929740 1916478]\n- [x86] x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (David Arcari) [1929740 1916478]\n[4.18.0-240.20.1_3]\n- fix regression in 'epoll: Keep a reference on files added to the check list' (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466}\n- do_epoll_ctl(): clean the failure exits up a bit (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466}\n- epoll: Keep a reference on files added to the check list (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466}\n- [kernel] sched/features: Distinguish between NORMAL and DEADLINE hrtick (Juri Lelli) [1930735 1912118]\n- [kernel] sched/features: Fix hrtick reprogramming (Juri Lelli) [1930735 1912118]\n- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built (Vitaly Kuznetsov) [1932199 1887216]\n- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (Vitaly Kuznetsov) [1932199 1887216]\n- iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu (Vitaly Kuznetsov) [1932199 1887216]\n- net/vmw_vsock: fix NULL pointer dereference (Jon Maloy) [1925599 1925600] {CVE-2021-26708}\n- net/vmw_vsock: improve locking in vsock_connect_timeout() (Jon Maloy) [1925599 1925600] {CVE-2021-26708}\n- vsock: fix locking in vsock_shutdown() (Jon Maloy) [1925599 1925600] {CVE-2021-26708}\n- vsock: fix the race conditions in multi-transport support (Jon Maloy) [1925599 1925600] {CVE-2021-26708}\n- [base] mm: don't panic when links can't be created in sysfs (Baoquan He) [1930168 1890171]\n- mm: don't rely on system state to detect hot-plug operations (Baoquan He) [1930168 1890171]\n- mm: replace memmap_context by meminit_context (Baoquan He) [1930168 1890171]\n- [tools] kvm: nvmx: check for invalid hdr.vmx.flags (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: nvmx: check for required but missing VMCS12 in KVM_SET_NESTED_STATE (Paolo Bonzini) [1923281 1904128]\n- [tools] selftests: kvm: do not set guest mode flag (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: svm: Fix offset computation bug in __sev_dbg_decrypt() (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: nvmx: Sync unsync'd vmcs02 state to vmcs12 on migration (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: x86: get smi pending status correctly (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: x86: Add more protection against undefined behavior in rsvd_bits() (Paolo Bonzini) [1923281 1904128]\n- [documentation] kvm: Forbid the use of tagged userspace addresses for memslots (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest mode for VMX (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: nsvm: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: nsvm: mark vmcb as dirty when forcingly leaving the guest mode (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: nsvm: correctly restore nested_run_pending on migration (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: x86: fix shift out of bounds reported by UBSAN (Paolo Bonzini) [1923281 1904128]\n- [x86] kvm: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (Paolo Bonzini) [1923281 1904128]\n- [target] scsi: target: Fix XCOPY NAA identifier lookup (Maurizio Lombardi) [1900462 1900463] {CVE-2020-28374}\n- scsi: qla2xxx: Fix mailbox Ch erroneous error (Nilesh Javali) [1924222 1894578]\n- [net] fix iteration for sctp transport seq_files (Xin Long) [1927521 1916824]\n- [scsi] scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (Dick Kennedy) [1927921 1887549]\n- [mm] mm, oom: remove oom_lock from oom_reaper (Waiman Long) [1929738 1873759]\n[4.18.0-240.19.1_3]\n- audit: trigger accompanying records when no rules present (Richard Guy Briggs) [1907520 1896480]\n- revert: 1320a4052ea1 ('audit: trigger accompanying records when no rules present') (Richard Guy Briggs) [1907520 1896480]\n- audit: issue CWD record to accompany LSM_AUDIT_DATA_* records (Richard Guy Briggs) [1907520 1896480]\n- audit: remove unused !CONFIG_AUDITSYSCALL __audit_inode* stubs (Richard Guy Briggs) [1907520 1896480]\n- redhat: use tags from git notes for zstream to generate changelog (Frantisek Hrbata)\n[4.18.0-240.18.1_3]\n- [scsi] scsi: fnic: Do not call 'scsi_done()' for unhandled commands (Govindarajulu Varadarajan) [1925186 1870397]\n- [target] scsi: target: iscsi: Fix cmd abort fabric stop race (Maurizio Lombardi) [1918354 1908215]\n- [target] scsi: target: Modify core_tmr_abort_task() (Maurizio Lombardi) [1918363 1880395]\n- [s390] s390/crypto: add arch_get_random_long() support (Vladis Dronov) [1915816 1904274]\n[4.18.0-240.17.1_3]\n- [mm] mm/slub: fix panic in slab_alloc_node() (Oleksandr Natalenko) [1925511 1921056]\n- [s390] s390/early: improve machine detection (Claudio Imbrenda) [1925508 1896307]\n- [infiniband] RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (Kamal Heib) [1924691 1903992]\n[4.18.0-240.16.1_3]\n- [netdrv] net/mlx5e: Fix using wrong stats_grps in mlx5e_update_ndo_stats() (Alaa Hleihel) [1921060 1870593]\n- [net] tcp: Fix potential use-after-free due to double kfree() (Florian Westphal) [1915529 1915164]\n- [net] tcp: fix race condition when creating child sockets from syncookies (Florian Westphal) [1915529 1915164]\n- [x86] kvm: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [1906438 1882793]", "edition": 1, "modified": "2021-04-07T00:00:00", "published": "2021-04-07T00:00:00", "id": "ELSA-2021-1093", "href": "http://linux.oracle.com/errata/ELSA-2021-1093.html", "title": "kernel security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2021-04-10T23:43:32", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "**CentOS Errata and Security Advisory** CESA-2021:1071\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\n* kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Customer testing eMMC sees and intermittent boot problem on 7.8+, was not seen on 7.3 (BZ#1918916)\n\n* tcm loopback driver causes double-start of scsi command when work is delayed (BZ#1925652)\n\n* [Azure][RHEL-7]Mellanox Patches To Prevent Kernel Hang In MLX4 (BZ#1925691)\n\n* A patch from upstream c365c292d059 causes us to end up leaving rt_nr_boosted in an inconsistent state, which causes a hard lockup. (BZ#1928082)\n\n* [RHEL7.9.z] Add fix to update snd_wl1 in bulk receiver fast path (BZ#1929804)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2021-April/048298.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 1, "modified": "2021-04-10T17:09:38", "published": "2021-04-10T17:09:38", "id": "CESA-2021:1071", "href": "http://lists.centos.org/pipermail/centos-announce/2021-April/048298.html", "title": "bpftool, kernel, perf, python security update", "type": "centos", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2021-04-14T22:31:08", "bulletinFamily": "software", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nAdam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2021-27365)\n\nAdam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information (kernel pointer addresses). (CVE-2021-27363)\n\nAdam Nichols discovered that an out-of-bounds read existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information (kernel memory). (CVE-2021-27364)\n\nCVEs contained in this USN include: CVE-2021-27365, CVE-2021-27363, CVE-2021-27364.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Xenial Stemcells \n * 456.x versions prior to 456.152\n * 621.x versions prior to 621.115\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Xenial Stemcells \n * Upgrade 456.x versions to 456.152 or greater\n * Upgrade 621.x versions to 621.115 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://usn.ubuntu.com/4883-1/>)\n * [CVE-2021-27365](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27365>)\n * [CVE-2021-27363](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27363>)\n * [CVE-2021-27364](<https://people.canonical.com/~ubuntu-security/cve/CVE-2021-27364>)\n\n## History\n\n2021-04-14: Initial vulnerability report published.\n", "edition": 1, "modified": "2021-04-14T00:00:00", "published": "2021-04-14T00:00:00", "id": "CFOUNDRY:3888B12B09C668EB9CDF72218859827B", "href": "https://www.cloudfoundry.org/blog/usn-4883-1/", "title": "USN-4883-1: Linux kernel vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2021-03-25T07:52:19", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "description": "Adam Nichols discovered that heap overflows existed in the iSCSI subsystem \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2021-27365)\n\nAdam Nichols discovered that the iSCSI subsystem in the Linux kernel did \nnot properly restrict access to iSCSI transport handles. A local attacker \ncould use this to cause a denial of service or expose sensitive information \n(kernel pointer addresses). (CVE-2021-27363)\n\nAdam Nichols discovered that an out-of-bounds read existed in the iSCSI \nsubsystem in the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash) or expose sensitive information (kernel \nmemory). (CVE-2021-27364)", "edition": 1, "modified": "2021-03-25T00:00:00", "published": "2021-03-25T00:00:00", "id": "USN-4889-1", "href": "https://ubuntu.com/security/notices/USN-4889-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-06T09:47:39", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363", "CVE-2020-28374"], "description": "Adam Nichols discovered that heap overflows existed in the iSCSI subsystem \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2021-27365)\n\nIt was discovered that the LIO SCSI target implementation in the Linux \nkernel performed insufficient identifier checking in certain XCOPY \nrequests. An attacker with access to at least one LUN in a multiple \nbackstore environment could use this to expose sensitive information or \nmodify data. (CVE-2020-28374)\n\nAdam Nichols discovered that the iSCSI subsystem in the Linux kernel did \nnot properly restrict access to iSCSI transport handles. A local attacker \ncould use this to cause a denial of service or expose sensitive information \n(kernel pointer addresses). (CVE-2021-27363)\n\nAdam Nichols discovered that an out-of-bounds read existed in the iSCSI \nsubsystem in the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash) or expose sensitive information (kernel \nmemory). (CVE-2021-27364)", "edition": 1, "modified": "2021-04-06T00:00:00", "published": "2021-04-06T00:00:00", "id": "USN-4901-1", "href": "https://ubuntu.com/security/notices/USN-4901-1", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2021-03-24T01:39:40", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363", "CVE-2021-3444", "CVE-2020-27170", "CVE-2020-27171"], "description": "De4dCr0w of 360 Alpha Lab discovered that the BPF verifier in the Linux \nkernel did not properly handle mod32 destination register truncation when \nthe source register was known to be 0. A local attacker could use this to \nexpose sensitive information (kernel memory) or possibly execute arbitrary \ncode. (CVE-2021-3444)\n\nAdam Nichols discovered that heap overflows existed in the iSCSI subsystem \nin the Linux kernel. A local attacker could use this to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2021-27365)\n\nPiotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not \nproperly compute a speculative execution limit on pointer arithmetic in \nsome situations. A local attacker could use this to expose sensitive \ninformation (kernel memory). (CVE-2020-27171)\n\nPiotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not \nproperly apply speculative execution limits on some pointer types. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2020-27170)\n\nAdam Nichols discovered that the iSCSI subsystem in the Linux kernel did \nnot properly restrict access to iSCSI transport handles. A local attacker \ncould use this to cause a denial of service or expose sensitive information \n(kernel pointer addresses). (CVE-2021-27363)\n\nAdam Nichols discovered that an out-of-bounds read existed in the iSCSI \nsubsystem in the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash) or expose sensitive information (kernel \nmemory). (CVE-2021-27364)", "edition": 1, "modified": "2021-03-23T00:00:00", "published": "2021-03-23T00:00:00", "id": "USN-4887-1", "href": "https://ubuntu.com/security/notices/USN-4887-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2021-03-16T10:42:51", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "description": "New kernel packages are available for Slackware 14.2 to fix security issues.\n\n\nHere are the details from the Slackware 14.2 ChangeLog:\n\npatches/packages/linux-4.4.261/*: Upgraded.\n These updates fix various bugs and security issues, including the recently\n announced iSCSI vulnerabilities allowing local privilege escalation.\n Be sure to upgrade your initrd after upgrading the kernel packages.\n If you use lilo to boot your machine, be sure lilo.conf points to the correct\n kernel and initrd and run lilo as root to update the bootloader.\n If you use elilo to boot your machine, you should run eliloconfig to copy the\n kernel and initrd to the EFI System Partition.\n For more information, see:\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27363\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27364\n https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27365\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated packages for Slackware 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.261/kernel-generic-4.4.261-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.261/kernel-generic-smp-4.4.261_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.261/kernel-headers-4.4.261_smp-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.261/kernel-huge-4.4.261-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.261/kernel-huge-smp-4.4.261_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.261/kernel-modules-4.4.261-i586-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.261/kernel-modules-smp-4.4.261_smp-i686-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/linux-4.4.261/kernel-source-4.4.261_smp-noarch-1.txz\n\nUpdated packages for Slackware x86_64 14.2:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.261/kernel-generic-4.4.261-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.261/kernel-headers-4.4.261-x86-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.261/kernel-huge-4.4.261-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.261/kernel-modules-4.4.261-x86_64-1.txz\nftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/linux-4.4.261/kernel-source-4.4.261-noarch-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.2 packages:\nff9a6c47fccf6d014581f5d42d3188fc kernel-generic-4.4.261-i586-1.txz\na436346a1010bb22e19d6ca3378e1d46 kernel-generic-smp-4.4.261_smp-i686-1.txz\n75ad52f57bcce2ac867a3ed53f889a3b kernel-headers-4.4.261_smp-x86-1.txz\n03836f4982cbf694d3ed6966625d52e2 kernel-huge-4.4.261-i586-1.txz\n8c86b6d61b4d6294a063e1c3a2cf9827 kernel-huge-smp-4.4.261_smp-i686-1.txz\nf49160e776ab57cc93a6791b5ab4a50e kernel-modules-4.4.261-i586-1.txz\n53d373c6f2e4a3f88d0bb2a078cee337 kernel-modules-smp-4.4.261_smp-i686-1.txz\nf56f386ad659dfdbae8040cf438a1877 kernel-source-4.4.261_smp-noarch-1.txz\n\nSlackware x86_64 14.2 packages:\n82cf14abb50fd2260eb0cd67a59d5f0c kernel-generic-4.4.261-x86_64-1.txz\n1a59ef6c4a8c0f2164919936b345ced8 kernel-headers-4.4.261-x86-1.txz\n7ca804517bf8c0149a3eb4990c1b2c47 kernel-huge-4.4.261-x86_64-1.txz\n0aeded79bd3ab9e8fa0dcb39c41023db kernel-modules-4.4.261-x86_64-1.txz\n8c9075bd6abda8952efd5a5fd453ee9a kernel-source-4.4.261-noarch-1.txz\n\n\nInstallation instructions:\n\nUpgrade the packages as root:\n > upgradepkg kernel-*.txz\n\nIf you are using an initrd, you'll need to rebuild it.\n\nFor a 32-bit SMP machine, use this command (substitute the appropriate\nkernel version if you are not running Slackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.261-smp | bash\n\nFor a 64-bit machine, or a 32-bit uniprocessor machine, use this command\n(substitute the appropriate kernel version if you are not running\nSlackware 14.2):\n > /usr/share/mkinitrd/mkinitrd_command_generator.sh -k 4.4.261 | bash\n\nPlease note that \"uniprocessor\" has to do with the kernel you are running,\nnot with the CPU. Most systems should run the SMP kernel (if they can)\nregardless of the number of cores the CPU has. If you aren't sure which\nkernel you are running, run \"uname -a\". If you see SMP there, you are\nrunning the SMP kernel and should use the 4.4.261-smp version when running\nmkinitrd_command_generator. Note that this is only for 32-bit -- 64-bit\nsystems should always use 4.4.261 as the version.\n\nIf you are using lilo or elilo to boot the machine, you'll need to ensure\nthat the machine is properly prepared before rebooting.\n\nIf using LILO:\nBy default, lilo.conf contains an image= line that references a symlink\nthat always points to the correct kernel. No editing should be required\nunless your machine uses a custom lilo.conf. If that is the case, be sure\nthat the image= line references the correct kernel file. Either way,\nyou'll need to run \"lilo\" as root to reinstall the boot loader.\n\nIf using elilo:\nEnsure that the /boot/vmlinuz symlink is pointing to the kernel you wish\nto use, and then run eliloconfig to update the EFI System Partition.", "modified": "2021-03-14T04:08:15", "published": "2021-03-14T04:08:15", "id": "SSA-2021-072-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.657570", "type": "slackware", "title": "[slackware-security] Slackware 14.2 kernel", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-03-19T13:34:54", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9116 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-17T00:00:00", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9116)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "modified": "2021-03-17T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-container", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2021-9116.NASL", "href": "https://www.tenable.com/plugins/nessus/147864", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9116.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147864);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/18\");\n\n script_cve_id(\"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9116)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9116 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9116.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9116');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.501.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-container-4.14.35'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-19T13:34:54", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9112 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-17T00:00:00", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9112)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "modified": "2021-03-17T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-tools", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9112.NASL", "href": "https://www.tenable.com/plugins/nessus/147862", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9112.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147862);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/18\");\n\n script_cve_id(\"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9112)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9112 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9112.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9112');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-4.14.35-2047.501.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.501.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.501.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.501.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.501.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.501.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.501.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.501.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.501.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.501.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.501.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.501.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.501.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.501.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.501.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.501.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-16T03:09:27", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1070 advisory.\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-06T00:00:00", "title": "RHEL 7 : kernel-rt (RHSA-2021:1070)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "modified": "2021-04-06T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt"], "id": "REDHAT-RHSA-2021-1070.NASL", "href": "https://www.tenable.com/plugins/nessus/148329", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1070. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148329);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/15\");\n\n script_cve_id(\"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\");\n script_xref(name:\"RHSA\", value:\"2021:1070\");\n script_xref(name:\"CWE\", value:\"122\");\n script_xref(name:\"CWE\", value:\"125\");\n script_xref(name:\"CWE\", value:\"200\");\n script_xref(name:\"CWE\", value:\"250\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2021:1070)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:1070 advisory.\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/250.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:1070\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1930080\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(122, 125, 200, 250);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:1070');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:1070');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-rt-3.10.0-1160.24.1.rt56.1161.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-debug-3.10.0-1160.24.1.rt56.1161.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.24.1.rt56.1161.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.24.1.rt56.1161.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-devel-3.10.0-1160.24.1.rt56.1161.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-doc-3.10.0-1160.24.1.rt56.1161.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-kvm-3.10.0-1160.24.1.rt56.1161.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-trace-3.10.0-1160.24.1.rt56.1161.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.24.1.rt56.1161.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.24.1.rt56.1161.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-19T13:34:54", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9115 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-17T00:00:00", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9115)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "modified": "2021-03-17T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-container", "cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2021-9115.NASL", "href": "https://www.tenable.com/plugins/nessus/147839", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9115.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147839);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/18\");\n\n script_cve_id(\"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9115)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9115 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9115.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9115');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-container-5.4.17-2036.104.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.104.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2036.104.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.104.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-container-debug-5.4.17'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-07T14:18:45", "description": "An update of the linux package has been released.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-26T00:00:00", "title": "Photon OS 3.0: Linux PHSA-2021-3.0-0210", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "modified": "2021-03-26T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0210_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/148189", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0210. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148189);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/07\");\n\n script_cve_id(\"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\");\n\n script_name(english:\"Photon OS 3.0: Linux PHSA-2021-3.0-0210\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-210.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'linux-api-headers-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-devel-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-docs-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-drivers-gpu-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-hmacgen-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-oprofile-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-aws-sound-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-devel-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-docs-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-gpu-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-intel-sgx-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-drivers-sound-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-devel-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-docs-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-esx-hmacgen-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-hmacgen-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-oprofile-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-python3-perf-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-devel-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-rt-docs-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-devel-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-docs-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-hmacgen-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-secure-lkcm-4.19.182-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'linux-tools-4.19.182-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-18T01:36:23", "description": "New kernel packages are available for Slackware 14.2 to fix security\nissues.", "edition": 4, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-15T00:00:00", "title": "Slackware 14.2 : Slackware 14.2 kernel (SSA:2021-072-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "modified": "2021-03-15T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:14.2", "p-cpe:/a:slackware:slackware_linux:kernel-generic-smp", "p-cpe:/a:slackware:slackware_linux:kernel-headers", "p-cpe:/a:slackware:slackware_linux:kernel-generic", "p-cpe:/a:slackware:slackware_linux:kernel-modules-smp", "p-cpe:/a:slackware:slackware_linux:kernel-source", "p-cpe:/a:slackware:slackware_linux:kernel-huge-smp", "p-cpe:/a:slackware:slackware_linux:kernel-modules", "p-cpe:/a:slackware:slackware_linux:kernel-huge"], "id": "SLACKWARE_SSA_2021-072-01.NASL", "href": "https://www.tenable.com/plugins/nessus/147790", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2021-072-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(147790);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/17\");\n\n script_cve_id(\"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\");\n script_xref(name:\"SSA\", value:\"2021-072-01\");\n\n script_name(english:\"Slackware 14.2 : Slackware 14.2 kernel (SSA:2021-072-01)\");\n script_summary(english:\"Checks for updated packages in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"New kernel packages are available for Slackware 14.2 to fix security\nissues.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.657570\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?43ede655\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-generic-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-huge-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-modules-smp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic\", pkgver:\"4.4.261\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-generic-smp\", pkgver:\"4.4.261_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-headers\", pkgver:\"4.4.261_smp\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge\", pkgver:\"4.4.261\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-huge-smp\", pkgver:\"4.4.261_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules\", pkgver:\"4.4.261\", pkgarch:\"i586\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-modules-smp\", pkgver:\"4.4.261_smp\", pkgarch:\"i686\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", pkgname:\"kernel-source\", pkgver:\"4.4.261_smp\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-generic\", pkgver:\"4.4.261\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-headers\", pkgver:\"4.4.261\", pkgarch:\"x86\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-huge\", pkgver:\"4.4.261\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-modules\", pkgver:\"4.4.261\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"14.2\", arch:\"x86_64\", pkgname:\"kernel-source\", pkgver:\"4.4.261\", pkgarch:\"noarch\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-07T18:43:55", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-1071 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-07T00:00:00", "title": "Oracle Linux 7 : kernel (ELSA-2021-1071)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "modified": "2021-04-07T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-1071.NASL", "href": "https://www.tenable.com/plugins/nessus/148343", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-1071.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148343);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/07\");\n\n script_cve_id(\"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2021-1071)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-1071 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-1071.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-1071');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.24.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-19T13:34:54", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9114 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-17T00:00:00", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9114)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "modified": "2021-03-17T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-tools", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9114.NASL", "href": "https://www.tenable.com/plugins/nessus/147840", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9114.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147840);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/18\");\n\n script_cve_id(\"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9114)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9114 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9114.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9114');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-5.4.17-2036.104.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.104.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.104.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.104.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.104.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.104.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.104.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.104.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.104.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.104.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.104.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2036.104.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2036.104.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2036.104.5.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2036.104.5.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.104.5.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.104.5.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.104.5.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.104.5.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.104.5.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.104.5.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.104.5.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.104.5.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-doc-5.4.17'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-19T13:34:54", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9113 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-17T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9113)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "modified": "2021-03-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2021-9113.NASL", "href": "https://www.tenable.com/plugins/nessus/147865", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9113.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147865);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/18\");\n\n script_cve_id(\"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9113)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9113 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9113.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-27363', 'CVE-2021-27364', 'CVE-2021-27365');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9113');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nexpected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\npkgs = [\n {'reference':'kernel-uek-4.1.12-124.48.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.48.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.48.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.48.6.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.48.6.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.48.6.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.48.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.48.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.48.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.48.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.48.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.48.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'rpm_prefix':'kernel-uek-firmware-4.1.12'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-11T06:45:20", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1071 advisory.\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-10T00:00:00", "title": "CentOS 7 : kernel (CESA-2021:1071)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-27363"], "modified": "2021-04-10T00:00:00", "cpe": ["p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug-devel"], "id": "CENTOS_RHSA-2021-1071.NASL", "href": "https://www.tenable.com/plugins/nessus/148425", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:1071 and\n# CentOS Errata and Security Advisory 2021:1071 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148425);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/10\");\n\n script_cve_id(\"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\");\n script_xref(name:\"RHSA\", value:\"2021:1071\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2021:1071)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:1071 advisory.\n\n - kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\n - kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n - kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-April/048298.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a94c4338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/122.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/250.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(122, 125, 200, 250);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.24.1.el7', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.24.1.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-04-06T08:34:42", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\n* kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Customer testing eMMC sees and intermittent boot problem on 7.8+, was not seen on 7.3 (BZ#1918916)\n\n* tcm loopback driver causes double-start of scsi command when work is delayed (BZ#1925652)\n\n* [Azure][RHEL-7]Mellanox Patches To Prevent Kernel Hang In MLX4 (BZ#1925691)\n\n* A patch from upstream c365c292d059 causes us to end up leaving rt_nr_boosted in an inconsistent state, which causes a hard lockup. (BZ#1928082)\n\n* [RHEL7.9.z] Add fix to update snd_wl1 in bulk receiver fast path (BZ#1929804)", "modified": "2021-04-06T12:23:40", "published": "2021-04-06T11:28:22", "id": "RHSA-2021:1071", "href": "https://access.redhat.com/errata/RHSA-2021:1071", "type": "redhat", "title": "(RHSA-2021:1071) Important: kernel security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-13T12:28:28", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\n* kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Upstream Patch for Gracefully handle DMAR units with no supported address widthsx86/vt-d (BZ#1932201)\n\n* RHEL8.1 Alpha - ISST-LTE:PNV:Witherspoon-DD2.3:woo: KDUMP hang during shutdown, lpfc loses connection to disks (rootdisk:nvme) (BZ#1934306)", "modified": "2021-04-13T14:30:10", "published": "2021-04-13T13:58:53", "id": "RHSA-2021:1171", "href": "https://access.redhat.com/errata/RHSA-2021:1171", "type": "redhat", "title": "(RHSA-2021:1171) Important: kernel security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-06T08:34:03", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\n* kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* RHEL7.9 Realtime crashes due to a blocked task detection. The blocked task is stuck in unregister_shrinker() where multiple tasks have taken the shrinker_rwsem and are fighting on a dentry's d_lockref lock rt_mutex. [kernel-rt] (BZ#1935557)\n\n* kernel-rt: update to the latest RHEL7.9.z5 source tree (BZ#1939220)", "modified": "2021-04-06T11:36:20", "published": "2021-04-06T11:27:59", "id": "RHSA-2021:1070", "href": "https://access.redhat.com/errata/RHSA-2021:1070", "type": "redhat", "title": "(RHSA-2021:1070) Important: kernel-rt security and bug fix update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-06T08:35:31", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27364", "CVE-2021-27365"], "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-04-06T11:46:31", "published": "2021-04-06T11:27:25", "id": "RHSA-2021:1069", "href": "https://access.redhat.com/errata/RHSA-2021:1069", "type": "redhat", "title": "(RHSA-2021:1069) Important: kpatch-patch security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-13T12:28:06", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27364", "CVE-2021-27365"], "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2021-04-13T14:26:31", "published": "2021-04-13T14:01:55", "id": "RHSA-2021:1173", "href": "https://access.redhat.com/errata/RHSA-2021:1173", "type": "redhat", "title": "(RHSA-2021:1173) Important: kpatch-patch security update", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-04-14T00:35:53", "bulletinFamily": "unix", "cvelist": ["CVE-2020-0466", "CVE-2020-27152", "CVE-2020-28374", "CVE-2021-26708", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3347"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n\n* kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n* kernel: Use after free via PI futex state (CVE-2021-3347)\n\n* kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708)\n\n* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\n* Kernel: KVM: host stack overflow due to lazy update IOAPIC (CVE-2020-27152)\n\n* kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* race condition when creating child sockets from syncookies (BZ#1915529)\n\n* On System Z, a hash needs state randomized for entropy extraction (BZ#1915816)\n\n* scsi: target: core_tmr_abort_task() reporting multiple aborts for the same se_cmd->tag (BZ#1918354)\n\n* [mlx5] VF interface stats are not reflected in \"ip -s link show\" / \"ifconfig <vf>\" commands (BZ#1921060)\n\n* Win10 guest automatic reboot after migration in Win10 and WSL2 on Intel hosts (BZ#1923281)\n\n* [RHEL 8.3] Repeated messages - Unable to burst-read optrom segment (BZ#1924222)\n\n* Backport bug fix RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz (BZ#1924691)\n\n* [Cisco 8.3] RHEL/Cent 8.2 fNIC driver needs a patch fix that addresses crash (BZ#1925186)\n\n* RHEL8.3 - The kernel misdetects zCX with z/VM (BZ#1925508)\n\n* Backport 22e4663e91 (\"mm/slub: fix panic in slab_alloc_node()\") (BZ#1925511)\n\n* SCTP \"Address already in use\" when no active endpoints from RHEL 8.2 onwards (BZ#1927521)\n\n* lpfc: Fix initial FLOGI failure due to BBSCN not supported (BZ#1927921)\n\n* [mm] mm, oom: remove oom_lock from oom_reaper (BZ#1929738)\n\n* Unexpected thread movement with AMD Milan compared to Rome (BZ#1929740)\n\n* rpmbuild cannot build the userspace RPMs in the kernel package when the kernel itself is not built (BZ#1929910)\n\n* [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930168)\n\n* Configuring the system with non-RT kernel will hang the system (BZ#1930735)\n\n* Upstream Patch for Gracefully handle DMAR units with no supported address widthsx86/vt-d (BZ#1932199)\n\n* gfs2: Deadlock between gfs2_{create_inode,inode_lookup} and delete_work_func (BZ#1937109)\n\n* Failing on tsx-ctrl when the flag doesn't change anything (BZ#1939013)\n\nEnhancement(s):\n\n* RFE: Backport all Audit enhancements and fixes up to version 5.10-rc1 (BZ#1907520)\n\n* RHEL8.4: Update the target driver (BZ#1918363)\n\n* [Mellanox 8.4 FEAT] mlx5: Hairpin Support in Switch Mode (BZ#1924689)", "modified": "2021-04-06T17:51:12", "published": "2021-04-06T17:33:17", "id": "RHSA-2021:1093", "href": "https://access.redhat.com/errata/RHSA-2021:1093", "type": "redhat", "title": "(RHSA-2021:1093) Important: kernel security, bug fix, and enhancement update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-06T14:37:17", "bulletinFamily": "unix", "cvelist": ["CVE-2020-0466", "CVE-2020-27152", "CVE-2020-28374", "CVE-2021-26708", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3347"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: use after free in eventpoll.c may lead to escalation of privilege (CVE-2020-0466)\n\n* kernel: SCSI target (LIO) write to any block on ILO backstore (CVE-2020-28374)\n\n* kernel: Use after free via PI futex state (CVE-2021-3347)\n\n* kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c (CVE-2021-26708)\n\n* kernel: out-of-bounds read in libiscsi module (CVE-2021-27364)\n\n* kernel: heap buffer overflow in the iSCSI subsystem (CVE-2021-27365)\n\n* Kernel: KVM: host stack overflow due to lazy update IOAPIC (CVE-2020-27152)\n\n* kernel: iscsi: unrestricted access to sessions and handles (CVE-2021-27363)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt possible livelock: WARNING: CPU: 28 PID: 3109 at kernel/ptrace.c:242 ptrace_check_attach+0xdd/0x1a0 (BZ#1925308)\n\n* kernel-rt: update RT source tree to the RHEL-8.3.z3 source tree (BZ#1926369)", "modified": "2021-04-06T17:44:17", "published": "2021-04-06T17:30:32", "id": "RHSA-2021:1081", "href": "https://access.redhat.com/errata/RHSA-2021:1081", "type": "redhat", "title": "(RHSA-2021:1081) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-04-12T20:32:06", "bulletinFamily": "unix", "cvelist": ["CVE-2020-0466", "CVE-2020-14040", "CVE-2020-27152", "CVE-2020-28374", "CVE-2020-28500", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-29529", "CVE-2021-21321", "CVE-2021-21322", "CVE-2021-23337", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-26708", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3121", "CVE-2021-3347", "CVE-2021-3449", "CVE-2021-3450"], "description": "Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity Fix(es):\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21322)\n\n* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n\n* go-slug: partial protection against zip slip attacks (CVE-2020-29529)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Documentation is referencing deprecated API for Service Export - Submariner (BZ#1936528)\n\n* Importing of cluster fails due to error/typo in generated command (BZ#1936642)\n\n* RHACM 2.2.2 images (BZ#1938215)\n\n* 2.2 clusterlifecycle fails to allow provision `fips: true` clusters on aws, vsphere (BZ#1941778)", "modified": "2021-04-12T22:59:56", "published": "2021-04-12T22:59:09", "id": "RHSA-2021:1168", "href": "https://access.redhat.com/errata/RHSA-2021:1168", "type": "redhat", "title": "(RHSA-2021:1168) Important: Red Hat Advanced Cluster Management 2.2.2 security and bug fix update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2021-03-20T07:29:59", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-28038"], "description": "**Issue Overview:**\n\nAn issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. ([CVE-2021-26930](<https://nvd.nist.gov/vuln/detail/CVE%2D2021%2D26930>))\n\nAn issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. ([CVE-2021-26931](<https://nvd.nist.gov/vuln/detail/CVE%2D2021%2D26931>))\n\nAn issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. ([CVE-2021-26932](<https://nvd.nist.gov/vuln/detail/CVE%2D2021%2D26932>))\n\nA flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system. ([CVE-2021-27363 __](<https://access.redhat.com/security/cve/CVE-2021-27363>))\n\nA flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability. ([CVE-2021-27364 __](<https://access.redhat.com/security/cve/CVE-2021-27364>))\n\nA flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2021-27365 __](<https://access.redhat.com/security/cve/CVE-2021-27365>))\n\nAn issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931\\. ([CVE-2021-28038](<https://nvd.nist.gov/vuln/detail/CVE%2D2021%2D28038>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n kernel-tools-4.14.225-121.357.amzn1.i686 \n kernel-debuginfo-common-i686-4.14.225-121.357.amzn1.i686 \n kernel-debuginfo-4.14.225-121.357.amzn1.i686 \n perf-4.14.225-121.357.amzn1.i686 \n kernel-devel-4.14.225-121.357.amzn1.i686 \n kernel-4.14.225-121.357.amzn1.i686 \n kernel-tools-debuginfo-4.14.225-121.357.amzn1.i686 \n kernel-tools-devel-4.14.225-121.357.amzn1.i686 \n perf-debuginfo-4.14.225-121.357.amzn1.i686 \n kernel-headers-4.14.225-121.357.amzn1.i686 \n \n src: \n kernel-4.14.225-121.357.amzn1.src \n \n x86_64: \n perf-debuginfo-4.14.225-121.357.amzn1.x86_64 \n perf-4.14.225-121.357.amzn1.x86_64 \n kernel-devel-4.14.225-121.357.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.14.225-121.357.amzn1.x86_64 \n kernel-debuginfo-4.14.225-121.357.amzn1.x86_64 \n kernel-headers-4.14.225-121.357.amzn1.x86_64 \n kernel-tools-debuginfo-4.14.225-121.357.amzn1.x86_64 \n kernel-tools-devel-4.14.225-121.357.amzn1.x86_64 \n kernel-tools-4.14.225-121.357.amzn1.x86_64 \n kernel-4.14.225-121.357.amzn1.x86_64 \n \n \n", "edition": 1, "modified": "2021-03-18T17:29:00", "published": "2021-03-18T17:29:00", "id": "ALAS-2021-1487", "href": "https://alas.aws.amazon.com/ALAS-2021-1487.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-03-20T05:27:43", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-28038"], "description": "**Issue Overview:**\n\nAn issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. ([cve-2021-26930](<https://nvd.nist.gov/vuln/detail/CVE%2D2021%2D26930>))\n\nAn issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. ([cve-2021-26931](<https://nvd.nist.gov/vuln/detail/CVE%2D2021%2D26931>))\n\nAn issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. ([cve-2021-26932](<https://nvd.nist.gov/vuln/detail/CVE%2D2021%2D26932>))\n\nA flaw was found in the way access to sessions and handles was handled in the iSCSI driver in the Linux kernel. A local user could use this flaw to leak iSCSI transport handle kernel address or end arbitrary iSCSI connections on the system. ([CVE-2021-27363 __](<https://access.redhat.com/security/cve/CVE-2021-27363>))\n\nA flaw was found in the Linux kernel. An out-of-bounds read was discovered in the libiscsi module that could lead to reading kernel memory or a crash. The highest threat from this vulnerability is to data confidentiality as well as system availability. ([CVE-2021-27364 __](<https://access.redhat.com/security/cve/CVE-2021-27364>))\n\nA flaw was found in the Linux kernel. A heap buffer overflow in the iSCSI subsystem is triggered by setting an iSCSI string attribute to a value larger than one page and then trying to read it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. ([CVE-2021-27365 __](<https://access.redhat.com/security/cve/CVE-2021-27365>))\n\nAn issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for [cve-2021-26931](<https://nvd.nist.gov/vuln/detail/CVE%2D2021%2D26931>). ([cve-2021-28038](<https://nvd.nist.gov/vuln/detail/CVE%2D2021%2D28038>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n kernel-4.14.225-168.357.amzn2.aarch64 \n kernel-headers-4.14.225-168.357.amzn2.aarch64 \n kernel-debuginfo-common-aarch64-4.14.225-168.357.amzn2.aarch64 \n perf-4.14.225-168.357.amzn2.aarch64 \n perf-debuginfo-4.14.225-168.357.amzn2.aarch64 \n python-perf-4.14.225-168.357.amzn2.aarch64 \n python-perf-debuginfo-4.14.225-168.357.amzn2.aarch64 \n kernel-tools-4.14.225-168.357.amzn2.aarch64 \n kernel-tools-devel-4.14.225-168.357.amzn2.aarch64 \n kernel-tools-debuginfo-4.14.225-168.357.amzn2.aarch64 \n kernel-devel-4.14.225-168.357.amzn2.aarch64 \n kernel-debuginfo-4.14.225-168.357.amzn2.aarch64 \n \n i686: \n kernel-headers-4.14.225-168.357.amzn2.i686 \n \n src: \n kernel-4.14.225-168.357.amzn2.src \n \n x86_64: \n kernel-4.14.225-168.357.amzn2.x86_64 \n kernel-headers-4.14.225-168.357.amzn2.x86_64 \n kernel-debuginfo-common-x86_64-4.14.225-168.357.amzn2.x86_64 \n perf-4.14.225-168.357.amzn2.x86_64 \n perf-debuginfo-4.14.225-168.357.amzn2.x86_64 \n python-perf-4.14.225-168.357.amzn2.x86_64 \n python-perf-debuginfo-4.14.225-168.357.amzn2.x86_64 \n kernel-tools-4.14.225-168.357.amzn2.x86_64 \n kernel-tools-devel-4.14.225-168.357.amzn2.x86_64 \n kernel-tools-debuginfo-4.14.225-168.357.amzn2.x86_64 \n kernel-devel-4.14.225-168.357.amzn2.x86_64 \n kernel-debuginfo-4.14.225-168.357.amzn2.x86_64 \n kernel-livepatch-4.14.225-168.357-1.0-0.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2021-03-18T01:13:00", "published": "2021-03-18T01:13:00", "id": "ALAS2-2021-1616", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1616.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "debian": [{"lastseen": "2021-03-31T13:21:55", "bulletinFamily": "unix", "cvelist": ["CVE-2021-27365", "CVE-2021-27364", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-28660", "CVE-2020-27170", "CVE-2021-28038", "CVE-2021-3348", "CVE-2020-27171", "CVE-2021-3428"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2610-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nMarch 30, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux-4.19\nVersion : 4.19.181-1~deb9u1\nCVE ID : CVE-2020-27170 CVE-2020-27171 CVE-2021-3348 CVE-2021-3428 \n CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 CVE-2021-27363 \n CVE-2021-27364 CVE-2021-27365 CVE-2021-28038 CVE-2021-28660\nDebian Bug : 983595\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-27170, CVE-2020-27171\n\n Piotr Krysiuk discovered flaws in the BPF subsystem's checks for\n information leaks through speculative execution. A local user\n could use these to obtain sensitive information from kernel\n memory.\n\nCVE-2021-3348\n\n ADlab of venustech discovered a race condition in the nbd block\n driver that can lead to a use-after-free. A local user with\n access to an nbd block device could use this to cause a denial of\n service (crash or memory corruption) or possibly for privilege\n escalation.\n\nCVE-2021-3428\n\n Wolfgang Frisch reported a potential integer overflow in the\n ext4 filesystem driver. A user permitted to mount arbitrary\n filesystem images could use this to cause a denial of service\n (crash).\n\nCVE-2021-26930 (XSA-365)\n\n Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan\n H. Sch\u00f6nherr discovered that the Xen block backend driver\n (xen-blkback) did not handle grant mapping errors correctly. A\n malicious guest could exploit this bug to cause a denial of\n service (crash), or possibly an information leak or privilege\n escalation, within the domain running the backend, which is\n typically dom0.\n\nCVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367)\n\n Jan Beulich discovered that the Xen support code and various Xen\n backend drivers did not handle grant mapping errors correctly. A\n malicious guest could exploit these bugs to cause a denial of\n service (crash) within the domain running the backend, which is\n typically dom0.\n\nCVE-2021-27363\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n properly restrict access to transport handle attributes in sysfs.\n On a system acting as an iSCSI initiator, this is an information\n leak to local users and makes it easier to exploit CVE-2021-27364.\n\nCVE-2021-27364\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n properly restrict access to its netlink management interface. On\n a system acting as an iSCSI initiator, a local user could use\n these to cause a denial of service (disconnection of storage) or\n possibly for privilege escalation.\n\nCVE-2021-27365\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n correctly limit the lengths of parameters or "passthrough PDUs"\n sent through its netlink management interface. On a system acting\n as an iSCSI initiator, a local user could use these to leak the\n contents of kernel memory, to cause a denial of service (kernel\n memory corruption or crash), and probably for privilege\n escalation.\n\nCVE-2021-28660\n\n It was discovered that the rtl8188eu WiFi driver did not correctly\n limit the length of SSIDs copied into scan results. An attacker\n within WiFi range could use this to cause a denial of service\n (crash or memory corruption) or possibly to execute code on a\n vulnerable system.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.181-1~deb9u1. This update additionally fixes Debian bug\n#983595, and includes many more bug fixes from stable updates\n4.19.172-4.19.181 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings\n[W]e found...that it wasn't as easy to get programs right as we had\nthought. I realized that a large part of my life from then on was going\nto be spent in finding mistakes in my own programs.\n - Maurice Wilkes, 1949\n", "edition": 2, "modified": "2021-03-30T21:45:50", "published": "2021-03-30T21:45:50", "id": "DEBIAN:DLA-2610-1:A54F6", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202103/msg00035.html", "title": "[SECURITY] [DLA 2610-1] linux-4.19 security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-10T01:22:26", "bulletinFamily": "unix", "cvelist": ["CVE-2019-19318", "CVE-2021-27365", "CVE-2021-3347", "CVE-2019-19816", "CVE-2021-27364", "CVE-2021-26932", "CVE-2020-27825", "CVE-2020-27815", "CVE-2019-19813", "CVE-2021-27363", "CVE-2020-29569", "CVE-2021-26930", "CVE-2021-26931", "CVE-2020-36158", "CVE-2021-28038", "CVE-2020-29568", "CVE-2020-29661", "CVE-2020-28374", "CVE-2020-29660", "CVE-2021-3178"], "description": "-------------------------------------------------------------------------\nDebian LTS Advisory DLA-2586-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Ben Hutchings\nMarch 08, 2021 https://wiki.debian.org/LTS\n-------------------------------------------------------------------------\n\nPackage : linux\nVersion : 4.9.258-1\nCVE ID : CVE-2019-19318 CVE-2019-19813 CVE-2019-19816 CVE-2020-27815 \n CVE-2020-27825 CVE-2020-28374 CVE-2020-29568 CVE-2020-29569 \n CVE-2020-29660 CVE-2020-29661 CVE-2020-36158 CVE-2021-3178 \n CVE-2021-3347 CVE-2021-26930 CVE-2021-26931 CVE-2021-26932 \n CVE-2021-27363 CVE-2021-27364 CVE-2021-27365 CVE-2021-28038\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2019-19318, CVE-2019-19813, CVE-2019-19816\n\n "Team bobfuzzer" reported bugs in Btrfs that could lead to a\n use-after-free or heap buffer overflow, and could be triggered by\n crafted filesystem images. A user permitted to mount and access\n arbitrary filesystems could use these to cause a denial of service\n (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-27815\n\n A flaw was reported in the JFS filesystem code allowing a local\n attacker with the ability to set extended attributes to cause a\n denial of service.\n\nCVE-2020-27825\n\n Adam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace\n ring buffer resizing logic due to a race condition, which could\n result in denial of service or information leak.\n\nCVE-2020-28374\n\n David Disseldorp discovered that the LIO SCSI target implementation\n performed insufficient checking in certain XCOPY requests. An\n attacker with access to a LUN and knowledge of Unit Serial Number\n assignments can take advantage of this flaw to read and write to any\n LIO backstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\n Michael Kurth and Pawel Wieczorkiewicz reported that frontends can\n trigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\n Olivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free\n flaw which can be triggered by a block frontend in Linux blkback. A\n misbehaving guest can trigger a dom0 crash by continuously\n connecting / disconnecting a block frontend.\n\nCVE-2020-29660\n\n Jann Horn reported a locking inconsistency issue in the tty\n subsystem which may allow a local attacker to mount a\n read-after-free attack against TIOCGSID.\n\nCVE-2020-29661\n\n Jann Horn reported a locking issue in the tty subsystem which can\n result in a use-after-free. A local attacker can take advantage of\n this flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\n A buffer overflow flaw was discovered in the mwifiex WiFi driver\n which could result in denial of service or the execution of\n arbitrary code via a long SSID value.\n\nCVE-2021-3178\n\n \u5434\u5f02 reported an information leak in the NFSv3 server. When only\n a subdirectory of a filesystem volume is exported, an NFS client\n listing the exported directory would obtain a file handle to the\n parent directory, allowing it to access files that were not meant\n to be exported.\n\n Even after this update, it is still possible for NFSv3 clients to\n guess valid file handles and access files outside an exported\n subdirectory, unless the "subtree_check" export option is enabled.\n It is recommended that you do not use that option but only export\n whole filesystem volumes.\n\nCVE-2021-3347\n\n It was discovered that PI futexes have a kernel stack use-after-free\n during fault handling. An unprivileged user could use this flaw to\n crash the kernel (resulting in denial of service) or for privilege\n escalation.\n\nCVE-2021-26930 (XSA-365)\n\n Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan\n H. Sch\u00f6nherr discovered that the Xen block backend driver\n (xen-blkback) did not handle grant mapping errors correctly. A\n malicious guest could exploit this bug to cause a denial of\n service (crash), or possibly an information leak or privilege\n escalation, within the domain running the backend, which is\n typically dom0.\n\nCVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367)\n\n Jan Beulich discovered that the Xen support code and various Xen\n backend drivers did not handle grant mapping errors correctly. A\n malicious guest could exploit these bugs to cause a denial of\n service (crash) within the domain running the backend, which is\n typically dom0.\n\nCVE-2021-27363\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n properly restrict access to transport handle attributes in sysfs.\n On a system acting as an iSCSI initiator, this is an information\n leak to local users and makes it easier to exploit CVE-2021-27364.\n\nCVE-2021-27364\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n properly restrict access to its netlink management interface. On\n a system acting as an iSCSI initiator, a local user could use\n these to cause a denial of service (disconnection of storage) or\n possibly for privilege escalation.\n\nCVE-2021-27365\n\n Adam Nichols reported that the iSCSI initiator subsystem did not\n correctly limit the lengths of parameters or "passthrough PDUs"\n sent through its netlink management interface. On a system acting\n as an iSCSI initiator, a local user could use these to leak the\n contents of kernel memory, to cause a denial of service (kernel\n memory corruption or crash), and probably for privilege\n escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.258-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n", "edition": 1, "modified": "2021-03-09T18:08:28", "published": "2021-03-09T18:08:28", "id": "DEBIAN:DLA-2586-1:6B2FD", "href": "https://lists.debian.org/debian-lts-announce/2021/debian-lts-announce-202103/msg00010.html", "title": "[SECURITY] [DLA 2586-1] linux security update", "type": "debian", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
