DATABASE RESOURCES PRICING ABOUT US

{"id": "UB:CVE-2015-8845", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2015-8845", "description": "The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the\nLinux kernel before 4.4.1 on powerpc platforms does not ensure that TM\nsuspend mode exists before proceeding with a tm_reclaim call, which allows\nlocal users to cause a denial of service (TM Bad Thing exception and panic)\nvia a crafted application.\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=1326540>\n * <https://launchpad.net/bugs/1571018>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[tyhicks](<https://launchpad.net/~tyhicks>) | Specific to powerpc and ppc64el \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support\n", "published": "2016-04-27T00:00:00", "modified": "2016-04-27T00:00:00", "epss": [{"cve": "CVE-2015-8845", "epss": 0.00046, "percentile": 0.12802, "modified": "2023-08-06"}], "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://ubuntu.com/security/CVE-2015-8845", "reporter": "ubuntu.com", "references": ["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8845", "http://seclists.org/oss-sec/2016/q2/68", "https://nvd.nist.gov/vuln/detail/CVE-2015-8845", "https://launchpad.net/bugs/cve/CVE-2015-8845", "https://security-tracker.debian.org/tracker/CVE-2015-8845"], "cvelist": ["CVE-2015-8845"], "immutableFields": [], "lastseen": "2023-08-08T21:55:21", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2016:2574"]}, {"type": "cve", "idList": ["CVE-2015-8845"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-8845"]}, {"type": "ibm", "idList": ["2ABC4CD376C07922A3144CF8116D979F4BDDE16EED9AADA11262FBF58C851DBF", "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "A18DD1594298170A7AF630CBFFA73E78138125D119FBC5D156128BBBD99A03EC", "B7EDA2450D13E204B60C3A3E7379E6FCCD587CB32FEB5041ADDA6CB8E3C44FC3", "F092FBBD34304315E258962CA397F72D24D88CD673A181734FDCE39754098484"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2016-2574.NASL", "EULEROS_SA-2019-1478.NASL", "EULEROS_SA-2019-2599.NASL", "OPENSUSE-2016-1029.NASL", "ORACLELINUX_ELSA-2016-2574.NASL", "REDHAT-RHSA-2016-2574.NASL", "REDHAT-RHSA-2016-2584.NASL", "SL_20161103_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2016-1690-1.NASL", "SUSE_SU-2016-2105-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851358", "OPENVAS:1361412562310851388", "OPENVAS:1361412562310871708", "OPENVAS:1361412562311220191478", "OPENVAS:1361412562311220192599"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2574"]}, {"type": "redhat", "idList": ["RHSA-2016:2574", "RHSA-2016:2584"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:2184-1", "SUSE-SU-2016:1690-1", "SUSE-SU-2016:1937-1", "SUSE-SU-2016:2105-1"]}]}, "score": {"value": 1.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2016:2574"]}, {"type": "cve", "idList": ["CVE-2015-8845"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2015-8845"]}, {"type": "ibm", "idList": ["2ABC4CD376C07922A3144CF8116D979F4BDDE16EED9AADA11262FBF58C851DBF"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1478.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851358", "OPENVAS:1361412562311220192599"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2574"]}, {"type": "redhat", "idList": ["RHSA-2016:2584"]}, {"type": "suse", "idList": ["SUSE-SU-2016:1937-1"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2015-8845", "epss": 0.00046, "percentile": 0.12799, "modified": "2023-05-07"}], "vulnersScore": 1.1}, "_state": {"dependencies": 1691531791, "score": 1691531942, "epss": 0}, "_internal": {"score_hash": "dfe8a1c958ea22ca35698c8c1b1d6d8a"}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "3.13.0-77.121", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "15.10", "arch": "noarch", "packageVersion": "4.2.0-27.32", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-armadaxp"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-aws"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-flo"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-gke"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-goldfish"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-grouper"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-hwe"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-hwe-edge"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-linaro-omap"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-linaro-shared"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-linaro-vexpress"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-quantal"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-raring"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-saucy"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-trusty"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "3.16.0-60.80~14.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-utopic"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-utopic"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "3.19.0-49.55~14.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-vivid"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-vivid"}, {"OS": "ubuntu", "OSVersion": "14.04", "arch": "noarch", "packageVersion": "4.2.0-27.32~14.04.1", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-wily"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-wily"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-lts-xenial"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-maguro"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-mako"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-manta"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-qcm-msm"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-raspi2"}, {"OS": "ubuntu", "OSVersion": "15.10", "arch": "noarch", "packageVersion": "4.2.0-1022.29", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-raspi2"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-snapdragon"}, {"OS": "ubuntu", "OSVersion": "upstream", "arch": "noarch", "packageVersion": "4.4~rc3", "packageFilename": "UNKNOWN", "operator": "lt", "status": "released", "packageName": "linux-ti-omap4"}], "bugs": ["https://bugzilla.redhat.com/show_bug.cgi?id=1326540", "https://launchpad.net/bugs/1571018"]}

{"cve": [{"lastseen": "2023-08-08T15:43:23", "description": "The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-27T17:59:00", "type": "cve", "title": "CVE-2015-8845", "cwe": ["CWE-284"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8845"], "modified": "2018-01-05T02:30:00", "cpe": ["cpe:/o:linux:linux_kernel:4.4", "cpe:/a:suse:suse_linux_enterprise_module_for_public_cloud:12.0", "cpe:/a:suse:suse_linux_enterprise_workstation_extension:12.0", "cpe:/a:suse:suse_linux_enterprise_real_time_extension:12", "cpe:/a:suse:suse_linux_enterprise_live_patching:12.0", "cpe:/o:novell:suse_linux_enterprise_desktop:12.0", "cpe:/a:suse:suse_linux_enterprise_software_development_kit:12.0", "cpe:/o:novell:suse_linux_enterprise_server:12.0"], "id": "CVE-2015-8845", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8845", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:suse:suse_linux_enterprise_module_for_public_cloud:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.4:*:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_linux_enterprise_real_time_extension:12:sp1:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*", "cpe:2.3:a:suse:suse_linux_enterprise_live_patching:12.0:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-08-08T18:26:18", "description": "The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2016-04-27T17:59:00", "type": "debiancve", "title": "CVE-2015-8845", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8845"], "modified": "2016-04-27T17:59:00", "id": "DEBIANCVE:CVE-2015-8845", "href": "https://security-tracker.debian.org/tracker/CVE-2015-8845", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ibm": [{"lastseen": "2023-06-24T06:15:06", "description": "## Summary\n\nPower Hardware Management Console is affected by security vulnerabilities in the Linux Kernel. Power Hardware Management Console has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-10229_](<https://vulners.com/cve/CVE-2016-10229>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in udp.c. By sending specially-crafted UDP packets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124676_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124676>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-5828_](<https://vulners.com/cve/CVE-2016-5828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of Transactional Memory on powerpc systems. By starting a transaction, suspending it, and then calling any of the exec() class system calls, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114456_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114456>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2847_](<https://vulners.com/cve/CVE-2016-2847>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error related to the per-user limit. By filling pipes with an overly large amount of data, an attacker could exploit this vulnerability to consume an overly large amount of kernel memory resources. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111306_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111306>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n**CVEID:** [_CVE-2016-3156_](<https://vulners.com/cve/CVE-2016-3156>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when destroying a network. A local authenticated attacker could exploit this vulnerability using a huge number of ipv4 addresses to keep rtnl_lock for a very long time and block network related operations. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112056_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112056>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n\n**CVEID:** [_CVE-2016-2117_](<https://vulners.com/cve/CVE-2016-2117>)** \nDESCRIPTION:** Atheros Linux wireless drivers could allow a remote attacker to obtain sensitive information, caused by the failure to check scatter/gather IO. By sending a specially crafted packet, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111533_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111533>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2053_](<https://vulners.com/cve/CVE-2016-2053>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the asn1_ber_decoder function. A remote attacker could exploit this vulnerability using an ASN.1 BER file that lacks a public key to cause a denial of service. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114430_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114430>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8956_](<https://vulners.com/cve/CVE-2015-8956>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c. By using vectors involving a bind system call on a Bluetooth RFCOMM socket, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service on the system. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8845_](<https://vulners.com/cve/CVE-2015-8845>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8844_](<https://vulners.com/cve/CVE-2015-8844>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers T and S bits on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8374_](<https://vulners.com/cve/CVE-2015-8374>)** \nDESCRIPTION:** Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by a information leak when truncating compressed/inlined extents on BTRFS. An attacker could exploit this vulnerability to obtain the truncated data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108371_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108371>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n\n## Affected Products and Versions\n\nPower HMC V8.8.6.0\n\n## Remediation/Fixes\n\nThe following fixes are available on IBM Fix Central at: <http://www-933.ibm.com/support/fixcentral/>\n\nProduct\n\n| \n\nVRMF\n\n| \n\nAPAR\n\n| \n\nRemediation/Fix \n \n---|---|---|--- \n \nPower HMC\n\n| \n\nV8.8.6.0 SP1\n\n| \n\nMB04103\n\n| \n\n[MH01718](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.6.0&platform=All>) \n \nPower HMC\n\n| \n\nV8.8.6.0 SP2\n\n| \n\nMB04101\n\n| \n\n[MH01716](<https://www-945.ibm.com/support/fixcentral/main/selectFixes?parent=powersysmgmntcouncil&product=ibm~hmc~9100HMC&release=V8R8.6.0&platform=All>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-23T01:45:02", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in kernel affect Power Hardware Management Console", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8374", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-10229", "CVE-2016-2053", "CVE-2016-2117", "CVE-2016-2847", "CVE-2016-3156", "CVE-2016-5828"], "modified": "2021-09-23T01:45:02", "id": "A18DD1594298170A7AF630CBFFA73E78138125D119FBC5D156128BBBD99A03EC", "href": "https://www.ibm.com/support/pages/node/687481", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-24T00:33:12", "description": "## Summary\n\nVulnerabilities in the Linux Kernel affect IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM Spectrum Virtualize Software, IBM Spectrum Virtualize for Public Cloud and IBM FlashSystem V9000 products. The applicable CVEs are CVE-2016-7117 CVE-2016-6828 \nCVE-2016-10229 CVE-2016-6480 CVE-2016-6327 CVE-2016-6198 CVE-2016-6136 CVE-2016-5829 CVE-2016-5828 CVE-2016-5412 CVE-2016-4794 CVE-2016-4581 CVE-2016-4578 CVE-2016-3699 CVE-2016-3156 CVE-2016-4569 CVE-2016-2847 CVE-2016-2384 CVE-2016-2069 CVE-2016-2053 CVE-2015-8956 CVE-2015-8845 CVE-2015-8844 CVE-2015-8812 CVE-2015-8746 CVE-2015-8543 CVE-2015-8374 CVE-2013-4312 and CVE-2016-3070. \n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-7117_](<https://vulners.com/cve/CVE-2016-7117>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in __sys_recvmmsg function in net/socket.c. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/117765_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/117765>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-6828_](<https://vulners.com/cve/CVE-2016-6828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the failure to properly maintain certain SACK state in tcp_check_send_head function in include/net/tcp.h. By executing a specially-crafted SACK option, an attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118135_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118135>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-10229_](<https://vulners.com/cve/CVE-2016-10229>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in udp.c. By sending specially-crafted UDP packets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124676_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124676>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-6480_](<https://vulners.com/cve/CVE-2016-6480>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.5/drivers/scsi/aacraid/commctrl.c when the driver fetches user space data. A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115630_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115630>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6327_](<https://vulners.com/cve/CVE-2016-6327>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command to abort a device write operation, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6198_](<https://vulners.com/cve/CVE-2016-6198>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service. A local attacker could exploit this vulnerability using rename syscall on overlayfs on top of xfs to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6136_](<https://vulners.com/cve/CVE-2016-6136>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.6.1/kernel/auditsc.c when the driver fetches user space data using copy_from_user(). A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114719_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114719>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5829_](<https://vulners.com/cve/CVE-2016-5829>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the hiddev driver code. By sending a specially crafted ioctl call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)\n\n**CVEID:** [_CVE-2016-5828_](<https://vulners.com/cve/CVE-2016-5828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of Transactional Memory on powerpc systems. By starting a transaction, suspending it, and then calling any of the exec() class system calls, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114456_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114456>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-5412_](<https://vulners.com/cve/CVE-2016-5412>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in book3s_hv_rmhandlers.S. If CONFIG_KVM_BOOK3S_64_HV is enabled, a local attacker could exploit this vulnerability to cause the host to enter into an infinite loop. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116181_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116181>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4794_](<https://vulners.com/cve/CVE-2016-4794>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in array_map_alloc. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4581_](<https://vulners.com/cve/CVE-2016-4581>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the first propagated copy. A local attacker could exploit this vulnerability to cause a kernel oops. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4578_](<https://vulners.com/cve/CVE-2016-4578>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3699_](<https://vulners.com/cve/CVE-2016-3699>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system. By appending ACPI tables to the initrd, an attacker could exploit this vulnerability to bypass intended Secure Boot restrictions and execute arbitrary code on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118241_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118241>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-3156_](<https://vulners.com/cve/CVE-2016-3156>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when destroying a network. A local authenticated attacker could exploit this vulnerability using a huge number of ipv4 addresses to keep rtnl_lock for a very long time and block network related operations. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112056_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112056>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-4569_](<https://vulners.com/cve/CVE-2016-4569>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2847_](<https://vulners.com/cve/CVE-2016-2847>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error related to the per-user limit. By filling pipes with an overly large amount of data, an attacker could exploit this vulnerability to consume an overly large amount of kernel memory resources. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111306_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111306>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2384_](<https://vulners.com/cve/CVE-2016-2384>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free in the ALSA USB MIDI driver. An attacker could exploit this vulnerability using an invalid USB descriptor to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110587_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110587>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-2069_](<https://vulners.com/cve/CVE-2016-2069>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in arch/x86/mm/tlb.c. By triggering access to a paging structure by a different CPU, a local attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113822_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113822>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2053_](<https://vulners.com/cve/CVE-2016-2053>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the asn1_ber_decoder function. A remote attacker could exploit this vulnerability using an ASN.1 BER file that lacks a public key to cause a denial of service. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114430_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114430>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8956_](<https://vulners.com/cve/CVE-2015-8956>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c. By using vectors involving a bind system call on a Bluetooth RFCOMM socket, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service on the system. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8845_](<https://vulners.com/cve/CVE-2015-8845>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8844_](<https://vulners.com/cve/CVE-2015-8844>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers T and S bits on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8812_](<https://vulners.com/cve/CVE-2015-8812>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the CXGB3 kernel driver when the network was considered congested. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110574_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110574>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8746_](<https://vulners.com/cve/CVE-2015-8746>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the client. A local attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109545_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109545>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8543_](<https://vulners.com/cve/CVE-2015-8543>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to validate protocol identifiers for certain protocol families by the networking implementation. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges or cause the kernel to panic \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109383_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109383>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8374_](<https://vulners.com/cve/CVE-2015-8374>)** \nDESCRIPTION:** Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by a information leak when truncating compressed/inlined extents on BTRFS. An attacker could exploit this vulnerability to obtain the truncated data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108371_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108371>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2013-4312_](<https://vulners.com/cve/CVE-2013-4312>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions. By sending specially-crafted file descriptors over a UNIX socket, an attacker could exploit this vulnerability to bypass file-descriptor limits and cause a denial of service. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3070_](<https://vulners.com/cve/CVE-2016-3070>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper interaction with mm/migrate.c by the trace_writeback_dirty_page implementation. By triggering a certain page move, a local attacker could exploit this vulnerability to cause a NULL pointer dereference and crash the system. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116338_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116338>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM SAN Volume Controller \nIBM Storwize V7000 \nIBM Storwize V5000 \nIBM Storwize V3700 \nIBM Storwize V3500 \nIBM FlashSystem V9000 \nIBM Spectrum Virtualize Software \nIBM Spectrum Virtualize for Public Cloud \n \nAll products are affected when running supported versions 7.6 to 8.1.\n\n## Remediation/Fixes\n\nIBM recommends that you fix this vulnerability by upgrading affected versions of IBM SAN Volume Controller, IBM Storwize V7000, V5000, V3700 and V3500, IBM FlashSystem V9000, IBM Spectrum Virtualize Software, and IBM Spectrum Virtualize for Public Cloud to the following code levels or higher: \n \n7.7.1.9 \n7.8.1.6 \n8.1.1.2 \n8.1.2.1 \n \n[_Latest IBM SAN Volume Controller Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Storage%20virtualization&product=ibm/StorageSoftware/SAN+Volume+Controller+\\(2145\\)&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V7000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V7000+\\(2076\\)&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V5000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Mid-range%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V5000&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V3700 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Entry-level%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V3700&release=All&platform=All&function=all>) \n[_Latest IBM Storwize V3500 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Entry-level%20disk%20systems&product=ibm/Storage_Disk/IBM+Storwize+V3500&release=All&platform=All&function=all>) \n[_Latest IBM FlashSystem V9000 Code_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Flash%20high%20availability%20systems&product=ibm/StorageSoftware/IBM+FlashSystem+V9000&release=All&platform=All&function=all>) \n[_Latest IBM Spectrum Virtualize Software_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+software&release=8.1&platform=All&function=all>) \n[_Latest IBM Spectrum Virtualize for Public Cloud_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?parent=Software%20defined%20storage&product=ibm/StorageSoftware/IBM+Spectrum+Virtualize+for+Public+Cloud&release=8.1&platform=All&function=all>) \n \nFor unsupported versions of the above products, IBM recommends upgrading to a fixed, supported version of code.\n\n## Workarounds and Mitigations\n\nAlthough IBM recommends that you install a level of code with a fix for this vulnerability, you can mitigate, although not eliminate, your risk until you have done so by ensuring that all users who have access to the system are authenticated by another security system such as a firewall.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-03-29T01:48:02", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in Linux Kernel affect IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-10229", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-6828", "CVE-2016-7117"], "modified": "2023-03-29T01:48:02", "id": "F092FBBD34304315E258962CA397F72D24D88CD673A181734FDCE39754098484", "href": "https://www.ibm.com/support/pages/node/650901", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T21:52:09", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-9604_](<https://vulners.com/cve/CVE-2016-9604>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by an error in the built-in keyrings for security tokens. By adding a new public key of its own devising to the keyring, an attacker could exploit this vulnerability to bypass module signature verification and gain direct access to an internal keyring. \nCVSS Base Score: 4.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125570_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125570>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N) \n\n**CVEID:** [_CVE-2017-6951_](<https://vulners.com/cve/CVE-2017-6951>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the keyring_search_aux function in security/keys/keyring.c. By using a request_key system call for the \"dead\" type, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/123423_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/123423>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2017-7472_](<https://vulners.com/cve/CVE-2017-7472>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the leaking of a thread keyring by the keyctl_set_reqkey_keyring(). A local authenticated attacker could exploit this vulnerability to exhaust all available kernel memory. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/125573_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/125573>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6213_](<https://vulners.com/cve/CVE-2016-6213>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the mount table. By overflowing kernel mount table using shared bind mount, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114989_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114989>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-8632_](<https://vulners.com/cve/CVE-2016-8632>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a heap-based buffer overflow, caused by improper validation of maximum packet size and minimum fragment length by tipc_msg_build function in net/tipc/msg.c. By leveraging the CAP_NET_ADMIN capability, a local attacker could gain privileges and cause a denial of service. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/119633_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/119633>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n \n \n**CVEID:** [_CVE-2016-10229_](<https://vulners.com/cve/CVE-2016-10229>)** \nDESCRIPTION:** Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in udp.c. By sending specially-crafted UDP packets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124676_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124676>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-6480_](<https://vulners.com/cve/CVE-2016-6480>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.5/drivers/scsi/aacraid/commctrl.c when the driver fetches user space data. A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115630_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115630>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-6327_](<https://vulners.com/cve/CVE-2016-6327>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command to abort a device write operation, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6136_](<https://vulners.com/cve/CVE-2016-6136>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.6.1/kernel/auditsc.c when the driver fetches user space data using copy_from_user(). A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114719_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114719>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5829_](<https://vulners.com/cve/CVE-2016-5829>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the hiddev driver code. By sending a specially crafted ioctl call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)\n\n**CVEID:** [_CVE-2016-5828_](<https://vulners.com/cve/CVE-2016-5828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of Transactional Memory on powerpc systems. By starting a transaction, suspending it, and then calling any of the exec() class system calls, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114456_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114456>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-5412_](<https://vulners.com/cve/CVE-2016-5412>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in book3s_hv_rmhandlers.S. If CONFIG_KVM_BOOK3S_64_HV is enabled, a local attacker could exploit this vulnerability to cause the host to enter into an infinite loop. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116181_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116181>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4794_](<https://vulners.com/cve/CVE-2016-4794>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in array_map_alloc. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4581_](<https://vulners.com/cve/CVE-2016-4581>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the first propagated copy. A local attacker could exploit this vulnerability to cause a kernel oops. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4578_](<https://vulners.com/cve/CVE-2016-4578>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3156_](<https://vulners.com/cve/CVE-2016-3156>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when destroying a network. A local authenticated attacker could exploit this vulnerability using a huge number of ipv4 addresses to keep rtnl_lock for a very long time and block network related operations. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112056_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112056>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-4569_](<https://vulners.com/cve/CVE-2016-4569>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3841_](<https://vulners.com/cve/CVE-2016-3841>)** \nDESCRIPTION:** Google Android could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the IPv6 stack in the Linux Kernel. By using a specially-crafted sendmsg system call, an attacker could exploit this vulnerability to gain elevated privileges on the system or cause a denial of service. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115983_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115983>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2847_](<https://vulners.com/cve/CVE-2016-2847>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error related to the per-user limit. By filling pipes with an overly large amount of data, an attacker could exploit this vulnerability to consume an overly large amount of kernel memory resources. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111306_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111306>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2384_](<https://vulners.com/cve/CVE-2016-2384>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free in the ALSA USB MIDI driver. An attacker could exploit this vulnerability using an invalid USB descriptor to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110587_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110587>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-2117_](<https://vulners.com/cve/CVE-2016-2117>)** \nDESCRIPTION:** Atheros Linux wireless drivers could allow a remote attacker to obtain sensitive information, caused by the failure to check scatter/gather IO. By sending a specially crafted packet, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111533_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111533>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2015-8956_](<https://vulners.com/cve/CVE-2015-8956>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c. By using vectors involving a bind system call on a Bluetooth RFCOMM socket, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service on the system. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8845_](<https://vulners.com/cve/CVE-2015-8845>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8844_](<https://vulners.com/cve/CVE-2015-8844>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers T and S bits on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8812_](<https://vulners.com/cve/CVE-2015-8812>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the CXGB3 kernel driver when the network was considered congested. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110574_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110574>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8746_](<https://vulners.com/cve/CVE-2015-8746>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the client. A local attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109545_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109545>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8543_](<https://vulners.com/cve/CVE-2015-8543>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to validate protocol identifiers for certain protocol families by the networking implementation. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges or cause the kernel to panic \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109383_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109383>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2013-4312_](<https://vulners.com/cve/CVE-2013-4312>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions. By sending specially-crafted file descriptors over a UNIX socket, an attacker could exploit this vulnerability to bypass file-descriptor limits and cause a denial of service. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3070_](<https://vulners.com/cve/CVE-2016-3070>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper interaction with mm/migrate.c by the trace_writeback_dirty_page implementation. By triggering a certain page move, a local attacker could exploit this vulnerability to cause a NULL pointer dereference and crash the system. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116338_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116338>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n \n \n**CVEID:** [_CVE-2017-1000365_](<https://vulners.com/cve/CVE-2017-1000365>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions, caused by the failure to take the argument and environment pointers into account when imposing a size restriction. An attacker could exploit this vulnerability to bypass the limitation and perform unauthorized actions. \nCVSS Base Score: 2.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/127531_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/127531>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n\n## Affected Products and Versions\n\nPowerKVM 2.1 and PowerKVM 3.1 \n\nNote that PowerKVM v2.1 is not vulnerable to CVE-2016-6213.\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n\nFix images are made available via Fix Central. For version 3.1, see [_https://ibm.biz/BdHggw_](<https://ibm.biz/BdHggw>). This issue is addressed starting with v3.1.0.2 update 8.\n\n \n \nFor version 2.1, see [_https://ibm.biz/BdEnT8_](<https://ibm.biz/BdEnT8>). This issue is addressed starting with PowerKVM 2.1.1.3-65 update 17. Customers running v2.1 are, in any case, encouraged to upgrade to v3.1. \n \nFor v2.1 systems currently running fix levels of PowerKVM prior to 2.1.1, please see <http://download4.boulder.ibm.com/sar/CMA/OSA/05e4c/0/README> for prerequisite fixes and instructions. \n\n## Workarounds and Mitigations\n\nCustomers using v2.1 can work around the problem by upgrading to the fixed version of v3.1.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:36:15", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-10229", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6213", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-8632", "CVE-2016-9604", "CVE-2017-1000365", "CVE-2017-6951", "CVE-2017-7472"], "modified": "2018-06-18T01:36:15", "id": "A0B51C5217767E75AB974BA93584FB1F969514BA8D7EE9EDD025C20F274C1D2F", "href": "https://www.ibm.com/support/pages/node/631229", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T01:49:47", "description": "## Summary\n\nIBM Security Access Manager Appliance has addressed the following kernel vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID: **[_CVE-2016-10229_](<https://vulners.com/cve/CVE-2016-10229>)** \nDESCRIPTION: **Linux Kernel could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in udp.c. By sending specially-crafted UDP packets, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/124676_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/124676>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2016-6480_](<https://vulners.com/cve/CVE-2016-6480>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.5/drivers/scsi/aacraid/commctrl.c when the driver fetches user space data. A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115630_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115630>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2016-6327_](<https://vulners.com/cve/CVE-2016-6327>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command to abort a device write operation, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-6198_](<https://vulners.com/cve/CVE-2016-6198>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service. A local attacker could exploit this vulnerability using rename syscall on overlayfs on top of xfs to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-6136_](<https://vulners.com/cve/CVE-2016-6136>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.6.1/kernel/auditsc.c when the driver fetches user space data using copy_from_user(). A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114719_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114719>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2016-5829_](<https://vulners.com/cve/CVE-2016-5829>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the hiddev driver code. By sending a specially crafted ioctl call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L) \n** \nCVEID: **[_CVE-2016-5828_](<https://vulners.com/cve/CVE-2016-5828>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by the improper handling of Transactional Memory on powerpc systems. By starting a transaction, suspending it, and then calling any of the exec() class system calls, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114456_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114456>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-5412_](<https://vulners.com/cve/CVE-2016-5412>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error in book3s_hv_rmhandlers.S. If CONFIG_KVM_BOOK3S_64_HV is enabled, a local attacker could exploit this vulnerability to cause the host to enter into an infinite loop. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116181_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116181>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-4581_](<https://vulners.com/cve/CVE-2016-4581>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the first propagated copy. A local attacker could exploit this vulnerability to cause a kernel oops. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-4578_](<https://vulners.com/cve/CVE-2016-4578>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) \n** \nCVEID: **[_CVE-2016-3699_](<https://vulners.com/cve/CVE-2016-3699>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system. By appending ACPI tables to the initrd, an attacker could exploit this vulnerability to bypass intended Secure Boot restrictions and execute arbitrary code on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118241_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118241>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2016-3156_](<https://vulners.com/cve/CVE-2016-3156>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error when destroying a network. A local authenticated attacker could exploit this vulnerability using a huge number of ipv4 addresses to keep rtnl_lock for a very long time and block network related operations. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112056_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112056>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) \n** \nCVEID: **[_CVE-2016-4569_](<https://vulners.com/cve/CVE-2016-4569>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2016-3841_](<https://vulners.com/cve/CVE-2016-3841>)** \nDESCRIPTION: **Google Android could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the IPv6 stack in the Linux Kernel. By using a specially-crafted sendmsg system call, an attacker could exploit this vulnerability to gain elevated privileges on the system or cause a denial of service. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115983_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115983>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2016-2847_](<https://vulners.com/cve/CVE-2016-2847>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error related to the per-user limit. By filling pipes with an overly large amount of data, an attacker could exploit this vulnerability to consume an overly large amount of kernel memory resources. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111306_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111306>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2016-2384_](<https://vulners.com/cve/CVE-2016-2384>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free in the ALSA USB MIDI driver. An attacker could exploit this vulnerability using an invalid USB descriptor to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110587_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110587>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n** \nCVEID: **[_CVE-2016-2117_](<https://vulners.com/cve/CVE-2016-2117>)** \nDESCRIPTION: **Atheros Linux wireless drivers could allow a remote attacker to obtain sensitive information, caused by the failure to check scatter/gather IO. By sending a specially crafted packet, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111533_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111533>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2016-2069_](<https://vulners.com/cve/CVE-2016-2069>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in arch/x86/mm/tlb.c. By triggering access to a paging structure by a different CPU, a local attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113822_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113822>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2016-2053_](<https://vulners.com/cve/CVE-2016-2053>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error in the asn1_ber_decoder function. A remote attacker could exploit this vulnerability using an ASN.1 BER file that lacks a public key to cause a denial of service. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114430_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114430>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2015-8956_](<https://vulners.com/cve/CVE-2015-8956>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c. By using vectors involving a bind system call on a Bluetooth RFCOMM socket, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service on the system. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L) \n** \nCVEID: **[_CVE-2015-8845_](<https://vulners.com/cve/CVE-2015-8845>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2015-8844_](<https://vulners.com/cve/CVE-2015-8844>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers T and S bits on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2015-8812_](<https://vulners.com/cve/CVE-2015-8812>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the CXGB3 kernel driver when the network was considered congested. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110574_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110574>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2015-8746_](<https://vulners.com/cve/CVE-2015-8746>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the client. A local attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109545_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109545>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n** \nCVEID: **[_CVE-2015-8543_](<https://vulners.com/cve/CVE-2015-8543>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to validate protocol identifiers for certain protocol families by the networking implementation. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges or cause the kernel to panic \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109383_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109383>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n** \nCVEID: **[_CVE-2015-8374_](<https://vulners.com/cve/CVE-2015-8374>)** \nDESCRIPTION: **Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by a information leak when truncating compressed/inlined extents on BTRFS. An attacker could exploit this vulnerability to obtain the truncated data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108371_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108371>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) \n** \nCVEID: **[_CVE-2013-4312_](<https://vulners.com/cve/CVE-2013-4312>)** \nDESCRIPTION: **Linux Kernel could allow a local attacker to bypass security restrictions. By sending specially-crafted file descriptors over a UNIX socket, an attacker could exploit this vulnerability to bypass file-descriptor limits and cause a denial of service. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L) \n** \nCVEID: **[_CVE-2016-3070_](<https://vulners.com/cve/CVE-2016-3070>)** \nDESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by the improper interaction with mm/migrate.c by the trace_writeback_dirty_page implementation. By triggering a certain page move, a local attacker could exploit this vulnerability to cause a NULL pointer dereference and crash the system. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116338_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116338>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\n**Affected IBM Security Access Manager Appliance**\n\n| \n\n**Affected Versions** \n \n---|--- \nIBM Security Access Manager| 9.0.3.0 \n \n## Remediation/Fixes\n\n**Product**\n\n| \n\n**VRMF**\n\n| \n\n**APAR**\n\n| \n\n**Remediation / First Fix** \n \n---|---|---|--- \nIBM Security Access Manager| 9.0.3.0| IJ00123| Upgrade to 9.0.3.1: \n[_9.0.3-ISS-ISAM-FP0001_](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm/Tivoli/Tivoli+Access+Manager+for+e-business&release=9.0.0.0&platform=All&function=all>) \n \n## Workarounds and Mitigations\n\nNone.\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T22:03:41", "type": "ibm", "title": "Security Bulletin: IBM Security Access Manager version 9.0.3.0 appliances are affected by multiple kernel vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-10229", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480"], "modified": "2018-06-16T22:03:41", "id": "2ABC4CD376C07922A3144CF8116D979F4BDDE16EED9AADA11262FBF58C851DBF", "href": "https://www.ibm.com/support/pages/node/299295", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T05:50:31", "description": "## Summary\n\nThere are multiple vulnerabilities in Linux Kernel used by IBM QRadar Network Security. IBM QRadar Network Security has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-6480_](<https://vulners.com/cve/CVE-2016-6480>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.5/drivers/scsi/aacraid/commctrl.c when the driver fetches user space data. A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115630_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115630>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n\n**CVEID:** [_CVE-2016-6327_](<https://vulners.com/cve/CVE-2016-6327>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in drivers/infiniband/ulp/srpt/ib_srpt.c. By using an ABORT_TASK command to abort a device write operation, a local attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6198_](<https://vulners.com/cve/CVE-2016-6198>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service. A local attacker could exploit this vulnerability using rename syscall on overlayfs on top of xfs to cause the kernel to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114867_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114867>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-6136_](<https://vulners.com/cve/CVE-2016-6136>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by a race condition in the Linux-4.6.1/kernel/auditsc.c when the driver fetches user space data using copy_from_user(). A local attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114719_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114719>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-5829_](<https://vulners.com/cve/CVE-2016-5829>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking by the hiddev driver code. By sending a specially crafted ioctl call, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114457_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114457>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L)\n\n**CVEID:** [_CVE-2016-5828_](<https://vulners.com/cve/CVE-2016-5828>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of Transactional Memory on powerpc systems. By starting a transaction, suspending it, and then calling any of the exec() class system calls, an attacker could exploit this vulnerability to cause the system to crash. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114456_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114456>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-5412_](<https://vulners.com/cve/CVE-2016-5412>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in book3s_hv_rmhandlers.S. If CONFIG_KVM_BOOK3S_64_HV is enabled, a local attacker could exploit this vulnerability to cause the host to enter into an infinite loop. \nCVSS Base Score: 6.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116181_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116181>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4794_](<https://vulners.com/cve/CVE-2016-4794>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in array_map_alloc. An attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113188_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113188>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-4581_](<https://vulners.com/cve/CVE-2016-4581>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper handling of the first propagated copy. A local attacker could exploit this vulnerability to cause a kernel oops. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113159_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113159>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-4578_](<https://vulners.com/cve/CVE-2016-4578>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113158_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113158>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3699_](<https://vulners.com/cve/CVE-2016-3699>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system. By appending ACPI tables to the initrd, an attacker could exploit this vulnerability to bypass intended Secure Boot restrictions and execute arbitrary code on the system. \nCVSS Base Score: 7.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118241_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118241>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-3156_](<https://vulners.com/cve/CVE-2016-3156>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when destroying a network. A local authenticated attacker could exploit this vulnerability using a huge number of ipv4 addresses to keep rtnl_lock for a very long time and block network related operations. \nCVSS Base Score: 3.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112056_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112056>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)\n\n**CVEID:** [_CVE-2016-4569_](<https://vulners.com/cve/CVE-2016-4569>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to obtain sensitive information, caused by an information leak in sound/core/timer.c. An attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113190_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113190>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-3841_](<https://vulners.com/cve/CVE-2016-3841>)** \nDESCRIPTION:** Google Android could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free error in the IPv6 stack in the Linux Kernel. By using a specially-crafted sendmsg system call, an attacker could exploit this vulnerability to gain elevated privileges on the system or cause a denial of service. \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/115983_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/115983>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2847_](<https://vulners.com/cve/CVE-2016-2847>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error related to the per-user limit. By filling pipes with an overly large amount of data, an attacker could exploit this vulnerability to consume an overly large amount of kernel memory resources. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111306_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111306>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-2384_](<https://vulners.com/cve/CVE-2016-2384>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a double-free in the ALSA USB MIDI driver. An attacker could exploit this vulnerability using an invalid USB descriptor to execute arbitrary code on the system. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110587_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110587>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-2117_](<https://vulners.com/cve/CVE-2016-2117>)** \nDESCRIPTION:** Atheros Linux wireless drivers could allow a remote attacker to obtain sensitive information, caused by the failure to check scatter/gather IO. By sending a specially crafted packet, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base Score: 5.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/111533_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/111533>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2016-2069_](<https://vulners.com/cve/CVE-2016-2069>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a race condition in arch/x86/mm/tlb.c. By triggering access to a paging structure by a different CPU, a local attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/113822_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/113822>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2016-2053_](<https://vulners.com/cve/CVE-2016-2053>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error in the asn1_ber_decoder function. A remote attacker could exploit this vulnerability using an ASN.1 BER file that lacks a public key to cause a denial of service. \nCVSS Base Score: 5.9 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/114430_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/114430>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8956_](<https://vulners.com/cve/CVE-2015-8956>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c. By using vectors involving a bind system call on a Bluetooth RFCOMM socket, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service on the system. \nCVSS Base Score: 6.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/118238_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/118238>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)\n\n**CVEID:** [_CVE-2015-8845_](<https://vulners.com/cve/CVE-2015-8845>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112156_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112156>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8844_](<https://vulners.com/cve/CVE-2015-8844>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by an error when restoring machine specific registers T and S bits on the power pc platform. Incorrect transactional memory state registers modify the call path on return from userspace. An attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/112155_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/112155>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8812_](<https://vulners.com/cve/CVE-2015-8812>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the CXGB3 kernel driver when the network was considered congested. An attacker could exploit this vulnerability to gain elevated privileges on the system. \nCVSS Base Score: 8.4 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110574_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110574>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8746_](<https://vulners.com/cve/CVE-2015-8746>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the client. A local attacker could exploit this vulnerability to cause a kernel panic. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109545_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109545>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2015-8543_](<https://vulners.com/cve/CVE-2015-8543>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to gain elevated privileges on the system, caused by the failure to validate protocol identifiers for certain protocol families by the networking implementation. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges or cause the kernel to panic \nCVSS Base Score: 7.8 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/109383_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/109383>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\n**CVEID:** [_CVE-2015-8374_](<https://vulners.com/cve/CVE-2015-8374>)** \nDESCRIPTION:** Linux Kernel could allow a remote authenticated attacker to obtain sensitive information, caused by a information leak when truncating compressed/inlined extents on BTRFS. An attacker could exploit this vulnerability to obtain the truncated data. \nCVSS Base Score: 4.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/108371_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/108371>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\n**CVEID:** [_CVE-2013-4312_](<https://vulners.com/cve/CVE-2013-4312>)** \nDESCRIPTION:** Linux Kernel could allow a local attacker to bypass security restrictions. By sending specially-crafted file descriptors over a UNIX socket, an attacker could exploit this vulnerability to bypass file-descriptor limits and cause a denial of service. \nCVSS Base Score: 5.1 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/110778_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/110778>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)\n\n**CVEID:** [_CVE-2016-3070_](<https://vulners.com/cve/CVE-2016-3070>)** \nDESCRIPTION:** Linux Kernel is vulnerable to a denial of service, caused by the improper interaction with mm/migrate.c by the trace_writeback_dirty_page implementation. By triggering a certain page move, a local attacker could exploit this vulnerability to cause a NULL pointer dereference and crash the system. \nCVSS Base Score: 6.2 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/116338_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/116338>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nIBM QRadar Network Security 5.4\n\n## Remediation/Fixes\n\n_Product_\n\n| _VRMF_| _Remediation/First Fix_ \n---|---|--- \nIBM QRadar Network Security| Firmware version 5.4| Install Firmware 5.4.0.2 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. \nOr \nDownload Firmware 5.4.0.2 from [IBM Security License Key and Download Center](<https://ibmss.flexnetoperations.com/control/isdl/home>) and upload and install via the Available Updates page of the Local Management Interface. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-16T22:00:56", "type": "ibm", "title": "Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities in Linux Kernel", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480"], "modified": "2018-06-16T22:00:56", "id": "B7EDA2450D13E204B60C3A3E7379E6FCCD587CB32FEB5041ADDA6CB8E3C44FC3", "href": "https://www.ibm.com/support/pages/node/562779", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T14:27:22", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975533).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling (bsc#983143).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308).\n\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755).\n\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bsc#978401).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548).\n\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bsc#979213).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).\n\n - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bsc#986362).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bsc#986365).\n\n - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213).\n\n - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction an exec system call (bsc#986569).\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-09-02T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2105-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9904", "CVE-2015-7833", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8845", "CVE-2016-0758", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-3672", "CVE-2016-4470", "CVE-2016-4482", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4805", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5244", "CVE-2016-5828", "CVE-2016-5829"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2105-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93299", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2105-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93299);\n script_version(\"2.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9904\", \"CVE-2015-7833\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8845\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3672\", \"CVE-2016-4470\", \"CVE-2016-4482\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4805\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5244\", \"CVE-2016-5828\", \"CVE-2016-5829\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:2105-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to\nreceive various security and bugfixes. The following security bugs\nwere fixed :\n\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in\n the Linux kernel did not properly check for an integer\n overflow, which allowed local users to cause a denial of\n service (insufficient memory allocation) or possibly\n have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2015-7833: The usbvision driver in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (panic) via a nonzero bInterfaceNumber value\n in a USB device descriptor (bnc#950998).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when\n running on an x86 system and using Linux as the driver\n domain, allowed local guest administrators to hit BUG\n conditions and cause a denial of service (NULL pointer\n dereference and host OS crash) by leveraging a system\n with access to a passed-through MSI or MSI-X capable\n physical PCI device and a crafted sequence of\n XEN_PCI_OP_* operations, aka 'Linux pciback missing\n sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when\n running on an x86 system and using Linux as the driver\n domain, allowed local guest administrators to generate a\n continuous stream of WARN messages and cause a denial of\n service (disk consumption) by leveraging a system with\n access to a passed-through MSI or MSI-X capable physical\n PCI device and XEN_PCI_OP_enable_msi operations, aka\n 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on\n powerpc platforms did not ensure that TM suspend mode\n exists before proceeding with a tm_reclaim call, which\n allowed local users to cause a denial of service (TM Bad\n Thing exception and panic) via a crafted application\n (bnc#975533).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bnc#979867).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling (bsc#983143).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel did not properly\n randomize the legacy base address, which made it easier\n for local users to defeat the intended restrictions on\n the ADDR_NO_RANDOMIZE flag, and bypass the ASLR\n protection mechanism for a setuid or setgid program, by\n disabling stack-consumption resource limits\n (bnc#974308).\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bnc#984755).\n\n - CVE-2016-4482: The proc_connectinfo function in\n drivers/usb/core/devio.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call\n (bsc#978401).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in\n net/core/rtnetlink.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bnc#979548).\n\n - CVE-2016-4569: The snd_timer_user_params function in\n sound/core/timer.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface\n (bsc#979213).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel\n did not initialize certain r1 data structures, which\n allowed local users to obtain sensitive information from\n kernel stack memory via crafted use of the ALSA timer\n interface, related to the (1) snd_timer_user_ccallback\n and (2) snd_timer_user_tinterrupt functions\n (bnc#979879).\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network\n namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (memory corruption) by leveraging\n in-container root access to provide a crafted offset\n value that triggers an unintended decrement\n (bsc#986362).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to cause a denial of service\n (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging\n in-container root access to provide a crafted offset\n value that leads to crossing a ruleset blob boundary\n (bsc#986365).\n\n - CVE-2016-5244: The rds_inc_info_copy function in\n net/rds/recv.c in the Linux kernel did not initialize a\n certain structure member, which allowed remote attackers\n to obtain sensitive information from kernel stack memory\n by reading an RDS message (bnc#983213).\n\n - CVE-2016-5828: The start_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on\n powerpc platforms mishandled transactional state, which\n allowed local users to cause a denial of service\n (invalid process state or TM Bad Thing exception, and\n system crash) or possibly have unspecified other impact\n by starting and suspending a transaction an exec system\n call (bsc#986569).\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in\n the hiddev_ioctl_usage function in\n drivers/hid/usbhid/hiddev.c in the Linux kernel allowed\n local users to cause a denial of service or possibly\n have unspecified other impact via a crafted (1)\n HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call\n (bnc#986572).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=950998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980856\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=985978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=986811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=988552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990058\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9904/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-7833/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8552/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8845/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-1583/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4470/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4482/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4486/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4565/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4997/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4998/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5244/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5828/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5829/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162105-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?866069b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2016-1246=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1246=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1246=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2016-1246=1\n\nSUSE Linux Enterprise Live Patching 12:zypper in -t patch\nSUSE-SLE-Live-Patching-12-2016-1246=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1246=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/09/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.62-60.62.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.62-60.62.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-02-19T13:49:27", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file.\n This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.(CVE-2018-12233i1/4%0\n\n - The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.(CVE-2018-15572i1/4%0\n\n - Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.(CVE-2016-2544i1/4%0\n\n - A flaw was found in the Linux kernel's implementation of BPF in which systems can application can overflow a 32 bit refcount in both program and map refcount. This refcount can wrap and end up a user after free.(CVE-2016-4558i1/4%0\n\n - Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.(CVE-2013-4299i1/4%0\n\n - The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16537i1/4%0\n\n - A vulnerability in the handling of Transactional Memory on powerpc systems was found. An unprivileged local user can crash the kernel by starting a transaction, suspending it, and then calling any of the exec() class system calls.(CVE-2016-5828i1/4%0\n\n - A cross-boundary flaw was discovered in the Linux kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read private information from user space that would not otherwise have been accessible.(CVE-2015-5697i1/4%0\n\n - The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643i1/4%0\n\n - Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability.(CVE-2016-6130i1/4%0\n\n - drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16647i1/4%0\n\n - A flaw was found in the Linux kernel which could cause a kernel panic when restoring machine specific registers on the PowerPC platform. Incorrect transactional memory state registers could inadvertently change the call path on return from userspace and cause the kernel to enter an unknown state and crash.(CVE-2015-8845i1/4%0\n\n - fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a 'mount -o remount' command within a user namespace.(CVE-2014-5207i1/4%0\n\n - The NFS2/3 RPC client could send long arguments to the NFS server. These encoded arguments are stored in an array of memory pages, and accessed using pointer variables. Arbitrarily long arguments could make these pointers point outside the array and cause an out-of-bounds memory access. A remote user or program could use this flaw to crash the kernel, resulting in denial of service.(CVE-2017-7645i1/4%0\n\n - The time subsystem in the Linux kernel, when CONFIG_TIMER_STATS is enabled, allows local users to discover real PID values (as distinguished from PID values inside a PID namespace) by reading the /proc/timer_list file, related to the print_timer function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in kernel/time/timer.c.(CVE-2017-5967i1/4%0\n\n - A vulnerability was found in the Linux kernel where the keyctl_set_reqkey_keyring() function leaks the thread keyring. This allows an unprivileged local user to exhaust kernel memory and thus cause a DoS.(CVE-2017-7472i1/4%0\n\n - A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type-i1/4zmatch is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges.(CVE-2017-2647i1/4%0\n\n - The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.(CVE-2017-10911i1/4%0\n\n - Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that uses a long WPS IE element.(CVE-2015-0570i1/4%0\n\n - The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restrictions via a crafted application.(CVE-2013-4270i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1478)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4270", "CVE-2013-4299", "CVE-2014-5207", "CVE-2015-0570", "CVE-2015-5697", "CVE-2015-8845", "CVE-2016-2544", "CVE-2016-4558", "CVE-2016-5828", "CVE-2016-6130", "CVE-2017-10911", "CVE-2017-16537", "CVE-2017-16643", "CVE-2017-16647", "CVE-2017-2647", "CVE-2017-5967", "CVE-2017-7472", "CVE-2017-7645", "CVE-2018-12233", "CVE-2018-15572"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1478.NASL", "href": "https://www.tenable.com/plugins/nessus/124802", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124802);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-4270\",\n \"CVE-2013-4299\",\n \"CVE-2014-5207\",\n \"CVE-2015-0570\",\n \"CVE-2015-5697\",\n \"CVE-2015-8845\",\n \"CVE-2016-2544\",\n \"CVE-2016-4558\",\n \"CVE-2016-5828\",\n \"CVE-2016-6130\",\n \"CVE-2017-10911\",\n \"CVE-2017-16537\",\n \"CVE-2017-16643\",\n \"CVE-2017-16647\",\n \"CVE-2017-2647\",\n \"CVE-2017-5967\",\n \"CVE-2017-7472\",\n \"CVE-2017-7645\",\n \"CVE-2018-12233\",\n \"CVE-2018-15572\"\n );\n script_bugtraq_id(\n 63183,\n 64471,\n 69216\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1478)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - In the ea_get function in fs/jfs/xattr.c in the Linux\n kernel through 4.17.1, a memory corruption bug in JFS\n can be triggered by calling setxattr twice with two\n different extended attribute names on the same file.\n This vulnerability can be triggered by an unprivileged\n user with the ability to create files and execute\n programs. A kmalloc call is incorrect, leading to\n slab-out-of-bounds in jfs_xattr.(CVE-2018-12233i1/4%0\n\n - The spectre_v2_select_mitigation function in\n arch/x86/kernel/cpu/bugs.c in the Linux kernel before\n 4.18.1 does not always fill RSB upon a context switch,\n which makes it easier for attackers to conduct\n userspace-userspace spectreRSB\n attacks.(CVE-2018-15572i1/4%0\n\n - Race condition in the queue_delete function in\n sound/core/seq/seq_queue.c in the Linux kernel before\n 4.4.1 allows local users to cause a denial of service\n (use-after-free and system crash) by making an ioctl\n call at a certain time.(CVE-2016-2544i1/4%0\n\n - A flaw was found in the Linux kernel's implementation\n of BPF in which systems can application can overflow a\n 32 bit refcount in both program and map refcount. This\n refcount can wrap and end up a user after\n free.(CVE-2016-4558i1/4%0\n\n - Interpretation conflict in\n drivers/md/dm-snap-persistent.c in the Linux kernel\n through 3.11.6 allows remote authenticated users to\n obtain sensitive information or modify data via a\n crafted mapping to a snapshot block\n device.(CVE-2013-4299i1/4%0\n\n - The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel through 4.13.11 allows local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16537i1/4%0\n\n - A vulnerability in the handling of Transactional Memory\n on powerpc systems was found. An unprivileged local\n user can crash the kernel by starting a transaction,\n suspending it, and then calling any of the exec() class\n system calls.(CVE-2016-5828i1/4%0\n\n - A cross-boundary flaw was discovered in the Linux\n kernel software raid driver. The driver accessed a\n disabled bitmap where only the first byte of the buffer\n was initialized to zero. This meant that the rest of\n the request (up to 4095 bytes) was left and copied into\n user space. An attacker could use this flaw to read\n private information from user space that would not\n otherwise have been accessible.(CVE-2015-5697i1/4%0\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643i1/4%0\n\n - Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel before\n 4.6 allows local users to obtain sensitive information\n from kernel memory by changing a certain length value,\n aka a 'double fetch' vulnerability.(CVE-2016-6130i1/4%0\n\n - drivers/net/usb/asix_devices.c in the Linux kernel\n through 4.13.11 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16647i1/4%0\n\n - A flaw was found in the Linux kernel which could cause\n a kernel panic when restoring machine specific\n registers on the PowerPC platform. Incorrect\n transactional memory state registers could\n inadvertently change the call path on return from\n userspace and cause the kernel to enter an unknown\n state and crash.(CVE-2015-8845i1/4%0\n\n - fs/namespace.c in the Linux kernel through 3.16.1 does\n not properly restrict clearing MNT_NODEV, MNT_NOSUID,\n and MNT_NOEXEC and changing MNT_ATIME_MASK during a\n remount of a bind mount, which allows local users to\n gain privileges, interfere with backups and auditing on\n systems that had atime enabled, or cause a denial of\n service (excessive filesystem updating) on systems that\n had atime disabled via a 'mount -o remount' command\n within a user namespace.(CVE-2014-5207i1/4%0\n\n - The NFS2/3 RPC client could send long arguments to the\n NFS server. These encoded arguments are stored in an\n array of memory pages, and accessed using pointer\n variables. Arbitrarily long arguments could make these\n pointers point outside the array and cause an\n out-of-bounds memory access. A remote user or program\n could use this flaw to crash the kernel, resulting in\n denial of service.(CVE-2017-7645i1/4%0\n\n - The time subsystem in the Linux kernel, when\n CONFIG_TIMER_STATS is enabled, allows local users to\n discover real PID values (as distinguished from PID\n values inside a PID namespace) by reading the\n /proc/timer_list file, related to the print_timer\n function in kernel/time/timer_list.c and the\n __timer_stats_timer_set_start_info function in\n kernel/time/timer.c.(CVE-2017-5967i1/4%0\n\n - A vulnerability was found in the Linux kernel where the\n keyctl_set_reqkey_keyring() function leaks the thread\n keyring. This allows an unprivileged local user to\n exhaust kernel memory and thus cause a\n DoS.(CVE-2017-7472i1/4%0\n\n - A flaw was found that can be triggered in\n keyring_search_iterator in keyring.c if type-i1/4zmatch\n is NULL. A local user could use this flaw to crash the\n system or, potentially, escalate their\n privileges.(CVE-2017-2647i1/4%0\n\n - The make_response function in\n drivers/block/xen-blkback/blkback.c in the Linux kernel\n before 4.11.8 allows guest OS users to obtain sensitive\n information from host OS (or other guest OS) kernel\n memory by leveraging the copying of uninitialized\n padding fields in Xen block-interface response\n structures, aka XSA-216.(CVE-2017-10911i1/4%0\n\n - Stack-based buffer overflow in the SET_WPS_IE IOCTL\n implementation in wlan_hdd_hostapd.c in the WLAN (aka\n Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used\n in Qualcomm Innovation Center (QuIC) Android\n contributions for MSM devices and other products,\n allows attackers to gain privileges via a crafted\n application that uses a long WPS IE\n element.(CVE-2015-0570i1/4%0\n\n - The net_ctl_permissions function in net/sysctl_net.c in\n the Linux kernel before 3.11.5 does not properly\n determine uid and gid values, which allows local users\n to bypass intended /proc/sys/net restrictions via a\n crafted application.(CVE-2013-4270i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1478\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9f1ad85b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-18T14:26:17", "description": "The openSUSE 13.1 kernel was updated to 3.12.62 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2015-7833: The usbvision driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allowed local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975531 bsc#975533).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux kernel allowed local users to gain privileges via crafted ASN.1 data (bnc#979867).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. (bsc#983143)\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308).\n\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755).\n\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call.\n (bnc#978401)\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relies on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548 bsc#980363).\n\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.\n (bsc#979213)\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).\n\n - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary. (bnc#986365).\n\n - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel did not initialize a certain structure member, which allowed remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message (bnc#983213).\n\n - CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. (bsc#986569)\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572).\n\nThe following non-security bugs were fixed :\n\n - Add wait_event_cmd() (bsc#953048).\n\n - alsa: hrtimer: Handle start/stop more properly (bsc#973378).\n\n - base: make module_create_drivers_dir race-free (bnc#983977).\n\n - btrfs: be more precise on errors when getting an inode from disk (bsc#981038).\n\n - btrfs: do not use src fd for printk (bsc#980348).\n\n - btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038).\n\n - btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933).\n\n - btrfs: serialize subvolume mounts with potentially mismatching rw flags (bsc#951844).\n\n - cdc_ncm: workaround for EM7455 'silent' data interface (bnc#988552).\n\n - ceph: tolerate bad i_size for symlink inode (bsc#985232).\n\n - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904).\n\n - drm/mgag200: Add support for a new rev of G200e (bsc#983904).\n\n - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904).\n\n - drm/mgag200: remove unused variables (bsc#983904).\n\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n\n - EDAC: Correct channel count limit (bsc#979521).\n\n - EDAC: Remove arbitrary limit on number of channels (bsc#979521).\n\n - EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521).\n\n - EDAC/sb_edac: Fix computation of channel address (bsc#979521).\n\n - EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521).\n\n - EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs() (bsc#979521).\n\n - EDAC: Use static attribute groups for managing sysfs entries (bsc#979521).\n\n - efifb: Add support for 64-bit frame buffer addresses (bsc#973499).\n\n - efifb: Fix 16 color palette entry calculation (bsc#983318).\n\n - efifb: Fix KABI of screen_info struct (bsc#973499).\n\n - ehci-pci: enable interrupt on BayTrail (bnc#947337).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)\n\n - hid-elo: kill not flush the work (bnc#982354).\n\n - iommu/vt-d: Enable QI on all IOMMUs before setting root entry (bsc#975772).\n\n - ipvs: count pre-established TCP states as active (bsc#970114).\n\n - kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544).\n\n - kabi/severities: Added raw3270_* PASS to allow IBM LTC changes. (bnc#979922, LTC#141736)\n\n - ktime: make ktime_divns exported on 32-bit architectures.\n\n - md: be careful when testing resync_max against curr_resync_completed (bsc#953048).\n\n - md: do_release_stripe(): No need to call md_wakeup_thread() twice (bsc#953048).\n\n - md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync (bsc#953048).\n\n - md/raid56: Do not perform reads to support writes until stripe is ready.\n\n - md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048).\n\n - md/raid5: allow the stripe_cache to grow and shrink (bsc#953048).\n\n - md/raid5: always set conf->prev_chunk_sectors and\n ->prev_algo (bsc#953048).\n\n - md/raid5: avoid races when changing cache size (bsc#953048).\n\n - md/raid5: avoid reading parity blocks for full-stripe write to degraded array (bsc#953048).\n\n - md/raid5: be more selective about distributing flags across batch (bsc#953048).\n\n - md/raid5: break stripe-batches when the array has failed (bsc#953048).\n\n - md/raid5: call break_stripe_batch_list from handle_stripe_clean_event (bsc#953048).\n\n - md/raid5: change ->inactive_blocked to a bit-flag (bsc#953048).\n\n - md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048).\n\n - md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048).\n\n - md/raid5: close recently introduced race in stripe_head management.\n\n - md/raid5: consider updating reshape_position at start of reshape (bsc#953048).\n\n - md/raid5: deadlock between retry_aligned_read with barrier io (bsc#953048).\n\n - md/raid5: do not do chunk aligned read on degraded array (bsc#953048).\n\n - md/raid5: do not index beyond end of array in need_this_block() (bsc#953048).\n\n - md/raid5: do not let shrink_slab shrink too far (bsc#953048).\n\n - md/raid5: duplicate some more handle_stripe_clean_event code in break_stripe_batch_list (bsc#953048).\n\n - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048).\n\n - md/raid5: ensure device failure recorded before write request returns (bsc#953048).\n\n - md/raid5: ensure whole batch is delayed for all required bitmap updates (bsc#953048).\n\n - md/raid5: fix allocation of 'scribble' array (bsc#953048).\n\n - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048).\n\n - md/raid5: fix handling of degraded stripes in batches (bsc#953048).\n\n - md/raid5: fix init_stripe() inconsistencies (bsc#953048).\n\n - md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048).\n\n - md/raid5: fix newly-broken locking in get_active_stripe.\n\n - md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with REQ_NOMERGE.\n\n - md/raid5: handle possible race as reshape completes (bsc#953048).\n\n - md/raid5: ignore released_stripes check (bsc#953048).\n\n - md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048).\n\n - md/raid5: move max_nr_stripes management into grow_one_stripe and drop_one_stripe (bsc#953048).\n\n - md/raid5: need_this_block: start simplifying the last two conditions (bsc#953048).\n\n - md/raid5: need_this_block: tidy/fix last condition (bsc#953048).\n\n - md/raid5: new alloc_stripe() to allocate an initialize a stripe (bsc#953048).\n\n - md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048).\n\n - md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048).\n\n - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list.\n\n - md/raid5: remove condition test from check_break_stripe_batch_list (bsc#953048).\n\n - md/raid5: remove incorrect 'min_t()' when calculating writepos (bsc#953048).\n\n - md/raid5: remove redundant check in stripe_add_to_batch_list() (bsc#953048).\n\n - md/raid5: separate large if clause out of fetch_block() (bsc#953048).\n\n - md/raid5: separate out the easy conditions in need_this_block (bsc#953048).\n\n - md/raid5: split wait_for_stripe and introduce wait_for_quiescent (bsc#953048).\n\n - md/raid5: strengthen check on reshape_position at run (bsc#953048).\n\n - md/raid5: switch to use conf->chunk_sectors in place of mddev->chunk_sectors where possible (bsc#953048).\n\n - md/raid5: use bio_list for the list of bios to return (bsc#953048).\n\n - md/raid5: use ->lock to protect accessing raid5 sysfs attributes (bsc#953048).\n\n - md: remove unwanted white space from md.c (bsc#953048).\n\n - md: use set_bit/clear_bit instead of shift/mask for bi_flags changes (bsc#953048).\n\n - mm: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491).\n\n - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).\n\n - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667).\n\n - net: disable fragment reassembly if high_thresh is set to zero (bsc#970506).\n\n - netfilter: bridge: do not leak skb in error paths (bsc#982544).\n\n - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).\n\n - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544).\n\n - net: fix wrong mac_len calculation for vlans (bsc#968667).\n\n - net/qlge: Avoids recursive EEH error (bsc#954847).\n\n - net: Start with correct mac_len in skb_network_protocol (bsc#968667).\n\n - nvme: don't poll the CQ from the kthread (bsc#975788, bsc#965087).\n\n - PCI/AER: Clear error status registers during enumeration and restore (bsc#985978).\n\n - perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489).\n\n - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489).\n\n - ppp: defer netns reference release for ppp channel (bsc#980371).\n\n - qeth: delete napi struct when removing a qeth device (bnc#988215, LTC#143590).\n\n - raid5: add a new flag to track if a stripe can be batched (bsc#953048).\n\n - raid5: add an option to avoid copy data from bio to stripe cache (bsc#953048).\n\n - raid5: avoid release list until last reference of the stripe (bsc#953048).\n\n - raid5: batch adjacent full stripe write (bsc#953048).\n\n - raid5: check faulty flag for array status during recovery (bsc#953048).\n\n - RAID5: check_reshape() shouldn't call mddev_suspend (bsc#953048).\n\n - raid5: fix a race of stripe count check.\n\n - raid5: fix broken async operation chain (bsc#953048).\n\n - raid5: get_active_stripe avoids device_lock.\n\n - raid5: handle expansion/resync case with stripe batching (bsc#953048).\n\n - raid5: handle io error of batch list (bsc#953048).\n\n - raid5: make_request does less prepare wait.\n\n - raid5: relieve lock contention in get_active_stripe().\n\n - raid5: relieve lock contention in get_active_stripe().\n\n - raid5: Retry R5_ReadNoMerge flag when hit a read error.\n\n - RAID5: revert e9e4c377e2f563 to fix a livelock (bsc#953048).\n\n - raid5: speedup sync_request processing (bsc#953048).\n\n - raid5: track overwrite disk count (bsc#953048).\n\n - raid5: update analysis state for failed stripe (bsc#953048).\n\n - raid5: use flex_array for scribble data (bsc#953048).\n\n - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with head exceeding page size (bsc#978469).\n\n - s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736).\n\n - s390/3270: avoid endless I/O loop with disconnected 3270 terminals (bnc#979922, LTC#141736).\n\n - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736).\n\n - s390/3270: fix view reference counting (bnc#979922, LTC#141736).\n\n - s390/3270: handle reconnect of a tty with a different size (bnc#979922, LTC#141736).\n\n - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922, LTC#141736).\n\n - s390: fix test_fp_ctl inline assembly contraints (bnc#988215, LTC#143138).\n\n - s390/mm: fix asce_bits handling with dynamic pagetable levels (bnc#979922, LTC#141456).\n\n - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106).\n\n - sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell (bsc#979521).\n\n - sb_edac: Fix a typo and a thinko in address handling for Haswell (bsc#979521).\n\n - sb_edac: Fix support for systems with two home agents per socket (bsc#979521).\n\n - sb_edac: look harder for DDRIO on Haswell systems (bsc#979521).\n\n - sb_edac: support for Broadwell -EP and -EX (bsc#979521).\n\n - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency (bnc#988498).\n\n - sched/cputime: Fix cpu_timer_sample_group() double accounting (bnc#988498).\n\n - sched: Provide update_curr callbacks for stop/idle scheduling classes (bnc#988498).\n\n - sched/x86: Fix up typo in topology detection (bsc#974165).\n\n - scsi: Increase REPORT_LUNS timeout (bsc#982282).\n\n - series.conf: move netfilter section at the end of core networking\n\n - series.conf: move stray netfilter patches to the right section\n\n - target/rbd: do not put snap_context twice (bsc#981143).\n\n - target/rbd: remove caw_mutex usage (bsc#981143).\n\n - Update patches.drivers/0001-nvme-fix-max_segments-integer-trunc ation.patch (bsc#979419). Fix reference.\n\n - Update patches.drivers/nvme-0106-init-nvme-queue-before-enablin g-irq.patch (bsc#962742). Fix incorrect bugzilla referece.\n\n - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456).\n\n - usb: xhci: Add broken streams quirk for Frescologic device id 1009 (bnc#982698).\n\n - VSOCK: Fix lockdep issue (bsc#977417).\n\n - VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417).\n\n - wait: introduce wait_event_exclusive_cmd (bsc#953048).\n\n - x86 EDAC, sb_edac.c: Repair damage introduced when 'fixing' channel address (bsc#979521).\n\n - x86 EDAC, sb_edac.c: Take account of channel hashing when needed (bsc#979521).\n\n - x86/efi: parse_efi_setup() build fix (bsc#979485).\n\n - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n\n - x86: Removed the free memblock of hibernat keys to avoid memory corruption (bsc#990058).\n\n - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165).\n\n - x86: standardize mmap_rnd() usage (bnc#974308).\n\n - xen: fix i586 build after SLE12-SP1 commit 2f4c3ff45d5e.\n\n - xfs: fix premature enospc on inode allocation (bsc#984148).\n\n - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).\n\n - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-1029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9904", "CVE-2015-7833", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8845", "CVE-2016-0758", "CVE-2016-1583", "CVE-2016-2053", "CVE-2016-3672", "CVE-2016-4470", "CVE-2016-4482", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4805", "CVE-2016-4997", "CVE-2016-4998", "CVE-2016-5244", "CVE-2016-5828", "CVE-2016-5829"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper", "p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:ndiswrapper-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:openvswitch-controller", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget", "p-cpe:/a:novell:opensuse:openvswitch-debugsource", "p-cpe:/a:novell:opensuse:iscsitarget-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default", "p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop", "p-cpe:/a:novell:opensuse:iscsitarget-debugsource", "p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop", "p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-pki", "p-cpe:/a:novell:opensuse:openvswitch-switch", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae", "p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:openvswitch-test", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:python-openvswitch", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:python-openvswitch-test", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:xen-tools-domu", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-tools-domu-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-xend-tools", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-1029.NASL", "href": "https://www.tenable.com/plugins/nessus/93216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1029.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93216);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9904\", \"CVE-2015-7833\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8845\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\", \"CVE-2016-3672\", \"CVE-2016-4470\", \"CVE-2016-4482\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4805\", \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5244\", \"CVE-2016-5828\", \"CVE-2016-5829\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-1029)\");\n script_summary(english:\"Check for the openSUSE-2016-1029 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 13.1 kernel was updated to 3.12.62 to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in\n the Linux kernel did not properly check for an integer\n overflow, which allowed local users to cause a denial of\n service (insufficient memory allocation) or possibly\n have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2015-7833: The usbvision driver in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (panic) via a nonzero bInterfaceNumber value\n in a USB device descriptor (bnc#950998).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when\n running on an x86 system and using Linux 3.1.x through\n 4.3.x as the driver domain, allowed local guest\n administrators to hit BUG conditions and cause a denial\n of service (NULL pointer dereference and host OS crash)\n by leveraging a system with access to a passed-through\n MSI or MSI-X capable physical PCI device and a crafted\n sequence of XEN_PCI_OP_* operations, aka 'Linux pciback\n missing sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when\n running on an x86 system and using Linux 3.1.x through\n 4.3.x as the driver domain, allowed local guest\n administrators to generate a continuous stream of WARN\n messages and cause a denial of service (disk\n consumption) by leveraging a system with access to a\n passed-through MSI or MSI-X capable physical PCI device\n and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback\n missing sanity checks (bnc#957990).\n\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on\n powerpc platforms did not ensure that TM suspend mode\n exists before proceeding with a tm_reclaim call, which\n allowed local users to cause a denial of service (TM Bad\n Thing exception and panic) via a crafted application\n (bnc#975531 bsc#975533).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in\n the Linux kernel allowed local users to gain privileges\n via crafted ASN.1 data (bnc#979867).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local\n users to gain privileges or cause a denial of service\n (stack memory consumption) via vectors involving crafted\n mmap calls for /proc pathnames, leading to recursive\n pagefault handling. (bsc#983143)\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel did not properly\n randomize the legacy base address, which made it easier\n for local users to defeat the intended restrictions on\n the ADDR_NO_RANDOMIZE flag, and bypass the ASLR\n protection mechanism for a setuid or setgid program, by\n disabling stack-consumption resource limits\n (bnc#974308).\n\n - CVE-2016-4470: The key_reject_and_link function in\n security/keys/key.c in the Linux kernel did not ensure\n that a certain data structure is initialized, which\n allowed local users to cause a denial of service (system\n crash) via vectors involving a crafted keyctl request2\n command (bnc#984755).\n\n - CVE-2016-4482: The proc_connectinfo function in\n drivers/usb/core/devio.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call.\n (bnc#978401)\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in\n net/core/rtnetlink.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relies on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bnc#979548 bsc#980363).\n\n - CVE-2016-4569: The snd_timer_user_params function in\n sound/core/timer.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface.\n (bsc#979213)\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel\n did not initialize certain r1 data structures, which\n allowed local users to obtain sensitive information from\n kernel stack memory via crafted use of the ALSA timer\n interface, related to the (1) snd_timer_user_ccallback\n and (2) snd_timer_user_tinterrupt functions\n (bnc#979879).\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network\n namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel allowed local users to gain privileges or cause a\n denial of service (memory corruption) by leveraging\n in-container root access to provide a crafted offset\n value that triggers an unintended decrement\n (bnc#986362).\n\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt\n implementation in the netfilter subsystem in the Linux\n kernel before 4.6 allows local users to cause a denial\n of service (out-of-bounds read) or possibly obtain\n sensitive information from kernel heap memory by\n leveraging in-container root access to provide a crafted\n offset value that leads to crossing a ruleset blob\n boundary. (bnc#986365).\n\n - CVE-2016-5244: The rds_inc_info_copy function in\n net/rds/recv.c in the Linux kernel did not initialize a\n certain structure member, which allowed remote attackers\n to obtain sensitive information from kernel stack memory\n by reading an RDS message (bnc#983213).\n\n - CVE-2016-5828: The start_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on\n powerpc platforms mishandled transactional state, which\n allowed local users to cause a denial of service\n (invalid process state or TM Bad Thing exception, and\n system crash) or possibly have unspecified other impact\n by starting and suspending a transaction before an exec\n system call. (bsc#986569)\n\n - CVE-2016-5829: Multiple heap-based buffer overflows in\n the hiddev_ioctl_usage function in\n drivers/hid/usbhid/hiddev.c in the Linux kernel allow\n local users to cause a denial of service or possibly\n have unspecified other impact via a crafted (1)\n HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call\n (bnc#986572).\n\nThe following non-security bugs were fixed :\n\n - Add wait_event_cmd() (bsc#953048).\n\n - alsa: hrtimer: Handle start/stop more properly\n (bsc#973378).\n\n - base: make module_create_drivers_dir race-free\n (bnc#983977).\n\n - btrfs: be more precise on errors when getting an inode\n from disk (bsc#981038).\n\n - btrfs: do not use src fd for printk (bsc#980348).\n\n - btrfs: improve performance on fsync against new inode\n after rename/unlink (bsc#981038).\n\n - btrfs: qgroup: Fix qgroup accounting when creating\n snapshot (bsc#972933).\n\n - btrfs: serialize subvolume mounts with potentially\n mismatching rw flags (bsc#951844).\n\n - cdc_ncm: workaround for EM7455 'silent' data interface\n (bnc#988552).\n\n - ceph: tolerate bad i_size for symlink inode\n (bsc#985232).\n\n - drm/mgag200: Add support for a new G200eW3 chipset\n (bsc#983904).\n\n - drm/mgag200: Add support for a new rev of G200e\n (bsc#983904).\n\n - drm/mgag200: Black screen fix for G200e rev 4\n (bsc#983904).\n\n - drm/mgag200: remove unused variables (bsc#983904).\n\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n\n - EDAC: Correct channel count limit (bsc#979521).\n\n - EDAC: Remove arbitrary limit on number of channels\n (bsc#979521).\n\n - EDAC, sb_edac: Add support for duplicate device IDs\n (bsc#979521).\n\n - EDAC/sb_edac: Fix computation of channel address\n (bsc#979521).\n\n - EDAC, sb_edac: Fix rank lookup on Broadwell\n (bsc#979521).\n\n - EDAC, sb_edac: Fix TAD presence check for\n sbridge_mci_bind_devs() (bsc#979521).\n\n - EDAC: Use static attribute groups for managing sysfs\n entries (bsc#979521).\n\n - efifb: Add support for 64-bit frame buffer addresses\n (bsc#973499).\n\n - efifb: Fix 16 color palette entry calculation\n (bsc#983318).\n\n - efifb: Fix KABI of screen_info struct (bsc#973499).\n\n - ehci-pci: enable interrupt on BayTrail (bnc#947337).\n\n - enic: set netdev->vlan_features (bsc#966245).\n\n - fs/cifs: fix wrongly prefixed path to root (bsc#963655,\n bsc#979681)\n\n - hid-elo: kill not flush the work (bnc#982354).\n\n - iommu/vt-d: Enable QI on all IOMMUs before setting root\n entry (bsc#975772).\n\n - ipvs: count pre-established TCP states as active\n (bsc#970114).\n\n - kabi: prevent spurious modversion changes after\n bsc#982544 fix (bsc#982544).\n\n - kabi/severities: Added raw3270_* PASS to allow IBM LTC\n changes. (bnc#979922, LTC#141736)\n\n - ktime: make ktime_divns exported on 32-bit\n architectures.\n\n - md: be careful when testing resync_max against\n curr_resync_completed (bsc#953048).\n\n - md: do_release_stripe(): No need to call\n md_wakeup_thread() twice (bsc#953048).\n\n - md: make sure MD_RECOVERY_DONE is clear before starting\n recovery/resync (bsc#953048).\n\n - md/raid56: Do not perform reads to support writes until\n stripe is ready.\n\n - md/raid5: add handle_flags arg to\n break_stripe_batch_list (bsc#953048).\n\n - md/raid5: allow the stripe_cache to grow and shrink\n (bsc#953048).\n\n - md/raid5: always set conf->prev_chunk_sectors and\n ->prev_algo (bsc#953048).\n\n - md/raid5: avoid races when changing cache size\n (bsc#953048).\n\n - md/raid5: avoid reading parity blocks for full-stripe\n write to degraded array (bsc#953048).\n\n - md/raid5: be more selective about distributing flags\n across batch (bsc#953048).\n\n - md/raid5: break stripe-batches when the array has failed\n (bsc#953048).\n\n - md/raid5: call break_stripe_batch_list from\n handle_stripe_clean_event (bsc#953048).\n\n - md/raid5: change ->inactive_blocked to a bit-flag\n (bsc#953048).\n\n - md/raid5: clear R5_NeedReplace when no longer needed\n (bsc#953048).\n\n - md/raid5: close race between STRIPE_BIT_DELAY and\n batching (bsc#953048).\n\n - md/raid5: close recently introduced race in stripe_head\n management.\n\n - md/raid5: consider updating reshape_position at start of\n reshape (bsc#953048).\n\n - md/raid5: deadlock between retry_aligned_read with\n barrier io (bsc#953048).\n\n - md/raid5: do not do chunk aligned read on degraded array\n (bsc#953048).\n\n - md/raid5: do not index beyond end of array in\n need_this_block() (bsc#953048).\n\n - md/raid5: do not let shrink_slab shrink too far\n (bsc#953048).\n\n - md/raid5: duplicate some more handle_stripe_clean_event\n code in break_stripe_batch_list (bsc#953048).\n\n - md/raid5: Ensure a batch member is not handled\n prematurely (bsc#953048).\n\n - md/raid5: ensure device failure recorded before write\n request returns (bsc#953048).\n\n - md/raid5: ensure whole batch is delayed for all required\n bitmap updates (bsc#953048).\n\n - md/raid5: fix allocation of 'scribble' array\n (bsc#953048).\n\n - md/raid5: fix another livelock caused by non-aligned\n writes (bsc#953048).\n\n - md/raid5: fix handling of degraded stripes in batches\n (bsc#953048).\n\n - md/raid5: fix init_stripe() inconsistencies\n (bsc#953048).\n\n - md/raid5: fix locking in handle_stripe_clean_event()\n (bsc#953048).\n\n - md/raid5: fix newly-broken locking in get_active_stripe.\n\n - md/raid5: For stripe with R5_ReadNoMerge, we replace\n REQ_FLUSH with REQ_NOMERGE.\n\n - md/raid5: handle possible race as reshape completes\n (bsc#953048).\n\n - md/raid5: ignore released_stripes check (bsc#953048).\n\n - md/raid5: more incorrect BUG_ON in handle_stripe_fill\n (bsc#953048).\n\n - md/raid5: move max_nr_stripes management into\n grow_one_stripe and drop_one_stripe (bsc#953048).\n\n - md/raid5: need_this_block: start simplifying the last\n two conditions (bsc#953048).\n\n - md/raid5: need_this_block: tidy/fix last condition\n (bsc#953048).\n\n - md/raid5: new alloc_stripe() to allocate an initialize a\n stripe (bsc#953048).\n\n - md/raid5: pass gfp_t arg to grow_one_stripe()\n (bsc#953048).\n\n - md/raid5: per hash value and exclusive wait_for_stripe\n (bsc#953048).\n\n - md/raid5: preserve STRIPE_PREREAD_ACTIVE in\n break_stripe_batch_list.\n\n - md/raid5: remove condition test from\n check_break_stripe_batch_list (bsc#953048).\n\n - md/raid5: remove incorrect 'min_t()' when calculating\n writepos (bsc#953048).\n\n - md/raid5: remove redundant check in\n stripe_add_to_batch_list() (bsc#953048).\n\n - md/raid5: separate large if clause out of fetch_block()\n (bsc#953048).\n\n - md/raid5: separate out the easy conditions in\n need_this_block (bsc#953048).\n\n - md/raid5: split wait_for_stripe and introduce\n wait_for_quiescent (bsc#953048).\n\n - md/raid5: strengthen check on reshape_position at run\n (bsc#953048).\n\n - md/raid5: switch to use conf->chunk_sectors in place of\n mddev->chunk_sectors where possible (bsc#953048).\n\n - md/raid5: use bio_list for the list of bios to return\n (bsc#953048).\n\n - md/raid5: use ->lock to protect accessing raid5 sysfs\n attributes (bsc#953048).\n\n - md: remove unwanted white space from md.c (bsc#953048).\n\n - md: use set_bit/clear_bit instead of shift/mask for\n bi_flags changes (bsc#953048).\n\n - mm: increase safety margin provided by PF_LESS_THROTTLE\n (bsc#956491).\n\n - mm/swap.c: flush lru pvecs on compound page arrival\n (bnc#983721).\n\n - net: Account for all vlan headers in skb_mac_gso_segment\n (bsc#968667).\n\n - net: disable fragment reassembly if high_thresh is set\n to zero (bsc#970506).\n\n - netfilter: bridge: do not leak skb in error paths\n (bsc#982544).\n\n - netfilter: bridge: forward IPv6 fragmented packets\n (bsc#982544).\n\n - netfilter: bridge: Use __in6_dev_get rather than\n in6_dev_get in br_validate_ipv6 (bsc#982544).\n\n - net: fix wrong mac_len calculation for vlans\n (bsc#968667).\n\n - net/qlge: Avoids recursive EEH error (bsc#954847).\n\n - net: Start with correct mac_len in skb_network_protocol\n (bsc#968667).\n\n - nvme: don't poll the CQ from the kthread (bsc#975788,\n bsc#965087).\n\n - PCI/AER: Clear error status registers during enumeration\n and restore (bsc#985978).\n\n - perf/rapl: Fix sysfs_show() initialization for RAPL PMU\n (bsc#979489).\n\n - perf/x86/intel: Add Intel RAPL PP1 energy counter\n support (bsc#979489).\n\n - ppp: defer netns reference release for ppp channel\n (bsc#980371).\n\n - qeth: delete napi struct when removing a qeth device\n (bnc#988215, LTC#143590).\n\n - raid5: add a new flag to track if a stripe can be\n batched (bsc#953048).\n\n - raid5: add an option to avoid copy data from bio to\n stripe cache (bsc#953048).\n\n - raid5: avoid release list until last reference of the\n stripe (bsc#953048).\n\n - raid5: batch adjacent full stripe write (bsc#953048).\n\n - raid5: check faulty flag for array status during\n recovery (bsc#953048).\n\n - RAID5: check_reshape() shouldn't call mddev_suspend\n (bsc#953048).\n\n - raid5: fix a race of stripe count check.\n\n - raid5: fix broken async operation chain (bsc#953048).\n\n - raid5: get_active_stripe avoids device_lock.\n\n - raid5: handle expansion/resync case with stripe batching\n (bsc#953048).\n\n - raid5: handle io error of batch list (bsc#953048).\n\n - raid5: make_request does less prepare wait.\n\n - raid5: relieve lock contention in get_active_stripe().\n\n - raid5: relieve lock contention in get_active_stripe().\n\n - raid5: Retry R5_ReadNoMerge flag when hit a read error.\n\n - RAID5: revert e9e4c377e2f563 to fix a livelock\n (bsc#953048).\n\n - raid5: speedup sync_request processing (bsc#953048).\n\n - raid5: track overwrite disk count (bsc#953048).\n\n - raid5: update analysis state for failed stripe\n (bsc#953048).\n\n - raid5: use flex_array for scribble data (bsc#953048).\n\n - Refresh patches.xen/xen-netback-coalesce: Restore\n copying of SKBs with head exceeding page size\n (bsc#978469).\n\n - s390/3270: add missing tty_kref_put (bnc#979922,\n LTC#141736).\n\n - s390/3270: avoid endless I/O loop with disconnected 3270\n terminals (bnc#979922, LTC#141736).\n\n - s390/3270: fix garbled output on 3270 tty view\n (bnc#979922, LTC#141736).\n\n - s390/3270: fix view reference counting (bnc#979922,\n LTC#141736).\n\n - s390/3270: handle reconnect of a tty with a different\n size (bnc#979922, LTC#141736).\n\n - s390/3270: hangup the 3270 tty after a disconnect\n (bnc#979922, LTC#141736).\n\n - s390: fix test_fp_ctl inline assembly contraints\n (bnc#988215, LTC#143138).\n\n - s390/mm: fix asce_bits handling with dynamic pagetable\n levels (bnc#979922, LTC#141456).\n\n - s390/spinlock: avoid yield to non existent cpu\n (bnc#979922, LTC#141106).\n\n - sb_edac: correctly fetch DIMM width on Ivy Bridge and\n Haswell (bsc#979521).\n\n - sb_edac: Fix a typo and a thinko in address handling for\n Haswell (bsc#979521).\n\n - sb_edac: Fix support for systems with two home agents\n per socket (bsc#979521).\n\n - sb_edac: look harder for DDRIO on Haswell systems\n (bsc#979521).\n\n - sb_edac: support for Broadwell -EP and -EX (bsc#979521).\n\n - sched/cputime: Fix clock_nanosleep()/clock_gettime()\n inconsistency (bnc#988498).\n\n - sched/cputime: Fix cpu_timer_sample_group() double\n accounting (bnc#988498).\n\n - sched: Provide update_curr callbacks for stop/idle\n scheduling classes (bnc#988498).\n\n - sched/x86: Fix up typo in topology detection\n (bsc#974165).\n\n - scsi: Increase REPORT_LUNS timeout (bsc#982282).\n\n - series.conf: move netfilter section at the end of core\n networking\n\n - series.conf: move stray netfilter patches to the right\n section\n\n - target/rbd: do not put snap_context twice (bsc#981143).\n\n - target/rbd: remove caw_mutex usage (bsc#981143).\n\n - Update\n patches.drivers/0001-nvme-fix-max_segments-integer-trunc\n ation.patch (bsc#979419). Fix reference.\n\n - Update\n patches.drivers/nvme-0106-init-nvme-queue-before-enablin\n g-irq.patch (bsc#962742). Fix incorrect bugzilla\n referece.\n\n - usb: quirk to stop runtime PM for Intel 7260\n (bnc#984456).\n\n - usb: xhci: Add broken streams quirk for Frescologic\n device id 1009 (bnc#982698).\n\n - VSOCK: Fix lockdep issue (bsc#977417).\n\n - VSOCK: sock_put wasn't safe to call in interrupt context\n (bsc#977417).\n\n - wait: introduce wait_event_exclusive_cmd (bsc#953048).\n\n - x86 EDAC, sb_edac.c: Repair damage introduced when\n 'fixing' channel address (bsc#979521).\n\n - x86 EDAC, sb_edac.c: Take account of channel hashing\n when needed (bsc#979521).\n\n - x86/efi: parse_efi_setup() build fix (bsc#979485).\n\n - x86/mm/pat, /dev/mem: Remove superfluous error message\n (bsc#974620).\n\n - x86: Removed the free memblock of hibernat keys to avoid\n memory corruption (bsc#990058).\n\n - x86, sched: Add new topology for multi-NUMA-node CPUs\n (bsc#974165).\n\n - x86: standardize mmap_rnd() usage (bnc#974308).\n\n - xen: fix i586 build after SLE12-SP1 commit 2f4c3ff45d5e.\n\n - xfs: fix premature enospc on inode allocation\n (bsc#984148).\n\n - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).\n\n - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros\n (bsc#984148).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=947337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=956491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=962742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=963762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=965087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=966245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=968667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=970506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=971770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=972933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=973499\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=974620\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=975788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=977417\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978469\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=978822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979489\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979521\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979681\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=980371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=982698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983721\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=983977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=984755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=985978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986362\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=986811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=988552\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=990058\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel 4.6.3 Netfilter Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-controller-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-pki\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-switch-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-openvswitch-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-2.639-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debuginfo-2.639-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debugsource-2.639-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-2.639_k3.12.62_52-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.12.62_52-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-2.639_k3.12.62_52-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.12.62_52-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-2.639_k3.12.62_52-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.12.62_52-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-2.639_k3.12.62_52-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.12.62_52-11.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-7.0.2-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debuginfo-7.0.2-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debugsource-7.0.2-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-devel-7.0.2-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-7.0.2-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-debuginfo-7.0.2-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-7.0.2-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-debuginfo-7.0.2-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-7.0.2_k3.12.62_52-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-debuginfo-7.0.2_k3.12.62_52-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-7.0.2_k3.12.62_52-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-debuginfo-7.0.2_k3.12.62_52-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-7.0.2_k3.12.62_52-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-debuginfo-7.0.2_k3.12.62_52-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-7.0.2_k3.12.62_52-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-debuginfo-7.0.2_k3.12.62_52-2.32.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-debugsource-1.28-16.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-1.28_k3.12.62_52-16.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.12.62_52-16.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-1.28_k3.12.62_52-16.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.12.62_52-16.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-1.28_k3.12.62_52-16.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.12.62_52-16.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-1.28_k3.12.62_52-16.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.12.62_52-16.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-6.21.1-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debuginfo-6.21.1-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debugsource-6.21.1-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-devel-6.21.1-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-6.21.1_k3.12.62_52-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-debuginfo-6.21.1_k3.12.62_52-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-6.21.1_k3.12.62_52-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-debuginfo-6.21.1_k3.12.62_52-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-6.21.1_k3.12.62_52-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-debuginfo-6.21.1_k3.12.62_52-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-6.21.1_k3.12.62_52-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-debuginfo-6.21.1_k3.12.62_52-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-1.4.20.3-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debuginfo-1.4.20.3-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debugsource-1.4.20.3-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-1.4.20.3_k3.12.62_52-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.12.62_52-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-1.4.20.3_k3.12.62_52-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.12.62_52-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-1.4.20.3_k3.12.62_52-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.12.62_52-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-1.4.20.3_k3.12.62_52-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.12.62_52-13.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-macros-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-vanilla-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-syms-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-6.21.1-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-debuginfo-6.21.1-2.36.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-1.58-33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debuginfo-1.58-33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debugsource-1.58-33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-1.58_k3.12.62_52-33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-debuginfo-1.58_k3.12.62_52-33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-1.58_k3.12.62_52-33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.12.62_52-33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-1.58_k3.12.62_52-33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-debuginfo-1.58_k3.12.62_52-33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-controller-debuginfo-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debuginfo-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-debugsource-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-1.11.0_k3.12.62_52-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-default-debuginfo-1.11.0_k3.12.62_52-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-1.11.0_k3.12.62_52-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-desktop-debuginfo-1.11.0_k3.12.62_52-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-1.11.0_k3.12.62_52-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-pae-debuginfo-1.11.0_k3.12.62_52-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-1.11.0_k3.12.62_52-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-kmp-xen-debuginfo-1.11.0_k3.12.62_52-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-pki-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-switch-debuginfo-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"openvswitch-test-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-0.44-258.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debuginfo-0.44-258.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debugsource-0.44-258.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-0.44_k3.12.62_52-258.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.12.62_52-258.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-0.44_k3.12.62_52-258.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.12.62_52-258.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-0.44_k3.12.62_52-258.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.12.62_52-258.33.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-openvswitch-test-1.11.0-0.39.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-debuginfo-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-debugsource-20130607-2.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-20130607_k3.12.62_52-2.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-debuginfo-20130607_k3.12.62_52-2.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-20130607_k3.12.62_52-2.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-debuginfo-20130607_k3.12.62_52-2.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-20130607_k3.12.62_52-2.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-debuginfo-20130607_k3.12.62_52-2.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-20130607_k3.12.62_52-2.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-debuginfo-20130607_k3.12.62_52-2.32.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debuginfo-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debugsource-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-devel-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-debuginfo-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-debuginfo-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-debuginfo-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-debuginfo-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-debuginfo-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-debuginfo-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-debuginfo-4.2.36_k3.12.62_52-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-source-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-debuginfo-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-debuginfo-4.2.36-2.64.4\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-debugsource-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-devel-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-4.3.4_10_k3.12.62_52-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-debuginfo-4.3.4_10_k3.12.62_52-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-4.3.4_10_k3.12.62_52-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-debuginfo-4.3.4_10_k3.12.62_52-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-4.3.4_10_k3.12.62_52-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-debuginfo-4.3.4_10_k3.12.62_52-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-debuginfo-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-debuginfo-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-2.3-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debuginfo-2.3-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debugsource-2.3-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-2.3_k3.12.62_52-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-debuginfo-2.3_k3.12.62_52-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-2.3_k3.12.62_52-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.3_k3.12.62_52-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-2.3_k3.12.62_52-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-debuginfo-2.3_k3.12.62_52-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-2.3_k3.12.62_52-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-debuginfo-2.3_k3.12.62_52-2.31.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.62-52.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-4.3.4_10-65.3\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-debuginfo-4.3.4_10-65.3\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloop / cloop-debuginfo / cloop-debugsource / cloop-kmp-default / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:45", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2016:2584)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2017-13167"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2016-2584.NASL", "href": "https://www.tenable.com/plugins/nessus/94547", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2584. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94547);\n script_version(\"2.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2017-13167\");\n script_xref(name:\"RHSA\", value:\"2016:2584\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2016:2584)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of\nservice (use-after-free and system crash) via a crafted sendmsg system\ncall. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the\nLinux kernel. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-4312,\nCVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844,\nCVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,\nCVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829,\nCVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480,\nCVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384,\nCVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn\nCrosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was\ndiscovered by Venkatesh Pottem (Red Hat Engineering); the\nCVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav\nVadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered\nby Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered\nby CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by\nJan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13167\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2017-13167\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2016:2584\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2584\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-514.rt56.420.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-514.rt56.420.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:26:28", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH umount2 system called without verifying that the MNT_LOCKED flag is unset, which allowed local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace (bnc#928547).\n\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel did not properly maintain a hub-interface data structure, which allowed physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device (bnc#968010).\n\n - CVE-2015-8845: The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms did not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allowed local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application (bnc#975533).\n\n - CVE-2016-0758: Fix ASN.1 indefinite length object parsing (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel allowed attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2143: The fork implementation in the Linux kernel on s390 platforms mishandled the case of four page-table levels, which allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application, related to arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h. (bnc#970504)\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-2185: The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#971124).\n\n - CVE-2016-2186: The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970958).\n\n - CVE-2016-2188: The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970956).\n\n - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of unread data in pipes, which allowed local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes (bnc#970948).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not validate certain offset fields, which allowed local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-3136: The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors (bnc#970955).\n\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions (bnc#970970).\n\n - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor (bnc#970911).\n\n - CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970909).\n\n - CVE-2016-3140: The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor (bnc#970892).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled destruction of device objects, which allowed guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses (bnc#971360).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel did not properly randomize the legacy base address, which made it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits (bnc#974308).\n\n - CVE-2016-3689: The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface (bnc#971628).\n\n - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor (bnc#974418).\n\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#978822).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel incorrectly relied on the write system call, which allowed local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a uAPI interface (bnc#979548).\n\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface (bnc#979213).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize certain r1 data structures, which allowed local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions (bnc#979879).\n\n - CVE-2016-4805: Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-5244: Fixed an infoleak in rds_inc_info_copy (bsc#983213).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-08-29T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1690-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9717", "CVE-2015-8816", "CVE-2015-8845", "CVE-2016-0758", "CVE-2016-2053", "CVE-2016-2143", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2188", "CVE-2016-2782", "CVE-2016-2847", "CVE-2016-3134", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3156", "CVE-2016-3672", "CVE-2016-3689", "CVE-2016-3951", "CVE-2016-4482", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4805", "CVE-2016-5244"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-1690-1.NASL", "href": "https://www.tenable.com/plugins/nessus/93165", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:1690-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(93165);\n script_version(\"2.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9717\", \"CVE-2015-8816\", \"CVE-2015-8845\", \"CVE-2016-0758\", \"CVE-2016-2053\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2188\", \"CVE-2016-2782\", \"CVE-2016-2847\", \"CVE-2016-3134\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-4482\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4805\", \"CVE-2016-5244\");\n script_bugtraq_id(74226);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2016:1690-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2014-9717: fs/namespace.c in the Linux kernel\n processes MNT_DETACH umount2 system called without\n verifying that the MNT_LOCKED flag is unset, which\n allowed local users to bypass intended access\n restrictions and navigate to filesystem locations\n beneath a mount by calling umount2 within a user\n namespace (bnc#928547).\n\n - CVE-2015-8816: The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel did not\n properly maintain a hub-interface data structure, which\n allowed physically proximate attackers to cause a denial\n of service (invalid memory access and system crash) or\n possibly have unspecified other impact by unplugging a\n USB hub device (bnc#968010).\n\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on\n powerpc platforms did not ensure that TM suspend mode\n exists before proceeding with a tm_reclaim call, which\n allowed local users to cause a denial of service (TM Bad\n Thing exception and panic) via a crafted application\n (bnc#975533).\n\n - CVE-2016-0758: Fix ASN.1 indefinite length object\n parsing (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in\n lib/asn1_decoder.c in the Linux kernel allowed attackers\n to cause a denial of service (panic) via an ASN.1 BER\n file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2143: The fork implementation in the Linux\n kernel on s390 platforms mishandled the case of four\n page-table levels, which allowed local users to cause a\n denial of service (system crash) or possibly have\n unspecified other impact via a crafted application,\n related to arch/s390/include/asm/mmu_context.h and\n arch/s390/include/asm/pgalloc.h. (bnc#970504)\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference or\n double free, and system crash) via a crafted endpoints\n value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#971124).\n\n - CVE-2016-2186: The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970958).\n\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a crafted endpoints value in a USB device descriptor\n (bnc#970956).\n\n - CVE-2016-2782: The treo_attach function in\n drivers/usb/serial/visor.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a\n USB device that lacks a (1) bulk-in or (2) interrupt-in\n endpoint (bnc#968670).\n\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not\n limit the amount of unread data in pipes, which allowed\n local users to cause a denial of service (memory\n consumption) by creating many pipes with non-default\n sizes (bnc#970948).\n\n - CVE-2016-3134: The netfilter subsystem in the Linux\n kernel did not validate certain offset fields, which\n allowed local users to gain privileges or cause a denial\n of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n\n - CVE-2016-3136: The mct_u232_msr_to_state function in\n drivers/usb/serial/mct_u232.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted USB device without two interrupt-in\n endpoint descriptors (bnc#970955).\n\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the\n Linux kernel allowed physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a USB device without both an\n interrupt-in and an interrupt-out endpoint descriptor,\n related to the cypress_generic_port_probe and\n cypress_open functions (bnc#970970).\n\n - CVE-2016-3138: The acm_probe function in\n drivers/usb/class/cdc-acm.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and system crash) via\n a USB device without both a control and a data endpoint\n descriptor (bnc#970911).\n\n - CVE-2016-3139: The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970909).\n\n - CVE-2016-3140: The digi_port_init function in\n drivers/usb/serial/digi_acceleport.c in the Linux kernel\n allowed physically proximate attackers to cause a denial\n of service (NULL pointer dereference and system crash)\n via a crafted endpoints value in a USB device descriptor\n (bnc#970892).\n\n - CVE-2016-3156: The IPv4 implementation in the Linux\n kernel mishandled destruction of device objects, which\n allowed guest OS users to cause a denial of service\n (host OS networking outage) by arranging for a large\n number of IP addresses (bnc#971360).\n\n - CVE-2016-3672: The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel did not properly\n randomize the legacy base address, which made it easier\n for local users to defeat the intended restrictions on\n the ADDR_NO_RANDOMIZE flag, and bypass the ASLR\n protection mechanism for a setuid or setgid program, by\n disabling stack-consumption resource limits\n (bnc#974308).\n\n - CVE-2016-3689: The ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (system crash) via a USB device without both a\n master and a slave interface (bnc#971628).\n\n - CVE-2016-3951: Double free vulnerability in\n drivers/net/usb/cdc_ncm.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of\n service (system crash) or possibly have unspecified\n other impact by inserting a USB device with an invalid\n USB descriptor (bnc#974418).\n\n - CVE-2016-4482: The proc_connectinfo function in\n drivers/usb/core/devio.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call\n (bnc#978401).\n\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in\n net/core/rtnetlink.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the\n Linux kernel incorrectly relied on the write system\n call, which allowed local users to cause a denial of\n service (kernel memory write operation) or possibly have\n unspecified other impact via a uAPI interface\n (bnc#979548).\n\n - CVE-2016-4569: The snd_timer_user_params function in\n sound/core/timer.c in the Linux kernel did not\n initialize a certain data structure, which allowed local\n users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface\n (bnc#979213).\n\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel\n did not initialize certain r1 data structures, which\n allowed local users to obtain sensitive information from\n kernel stack memory via crafted use of the ALSA timer\n interface, related to the (1) snd_timer_user_ccallback\n and (2) snd_timer_user_tinterrupt functions\n (bnc#979879).\n\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption and system crash, or spinlock) or possibly\n have unspecified other impact by removing a network\n namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n\n - CVE-2016-5244: Fixed an infoleak in rds_inc_info_copy\n (bsc#983213).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=676471\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=880007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=889207\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=903279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=928547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=931448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=940413\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943989\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=944309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=945345\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=947337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=953233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=954847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956491\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=956852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=957986\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=960857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962872\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=963762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=964727\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=965319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966054\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966573\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=966831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967251\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=967903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968448\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968687\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969571\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969690\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=969993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970892\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970948\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970958\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=970970\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971049\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971126\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971360\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=971947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972003\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972933\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=972951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973556\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973570\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=973855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=974646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975533\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=975945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=976868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977582\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=977685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=978822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979867\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=980371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981143\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=982698\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983394\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=983904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=984456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9717/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8816/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-8845/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-0758/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2053/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2143/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2185/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2186/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2188/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2782/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-2847/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3134/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3136/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3137/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3138/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3139/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3140/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3156/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3689/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-3951/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4482/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4486/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4565/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4569/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4578/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-4805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-5244/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20161690-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c76d1249\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12 :\n\nzypper in -t patch SUSE-SLE-WE-12-2016-1001=1\n\nSUSE Linux Enterprise Software Development Kit 12 :\n\nzypper in -t patch SUSE-SLE-SDK-12-2016-1001=1\n\nSUSE Linux Enterprise Server 12 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-2016-1001=1\n\nSUSE Linux Enterprise Module for Public Cloud 12 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2016-1001=1\n\nSUSE Linux Enterprise Live Patching 12 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-2016-1001=1\n\nSUSE Linux Enterprise Desktop 12 :\n\nzypper in -t patch SUSE-SLE-DESKTOP-12-2016-1001=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/04/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/08/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-devel-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-syms-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.60-52.49.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.60-52.49.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:43", "description": "Security Fix(es) :\n\n - It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n(CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nAdditional Changes :", "cvss3": {}, "published": "2016-12-15T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20161103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161103_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/95841", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95841);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20161103)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - It was found that the Linux kernel's IPv6 implementation\n mishandled socket options. A local attacker could abuse\n concurrent access to the socket options to escalate\n their privileges, or cause a denial of service\n (use-after-free and system crash) via a crafted sendmsg\n system call. (CVE-2016-3841, Important)\n\n(CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812,\nCVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069,\nCVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794,\nCVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136,\nCVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746,\nCVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070,\nCVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nAdditional Changes :\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=12735\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77976f21\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:30:18", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2016:2574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2016-2574.NASL", "href": "https://www.tenable.com/plugins/nessus/94537", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2574. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(94537);\n script_version(\"2.16\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3044\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-9794\", \"CVE-2017-13167\", \"CVE-2018-16597\");\n script_xref(name:\"RHSA\", value:\"2016:2574\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2016:2574)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of\nservice (use-after-free and system crash) via a crafted sendmsg system\ncall. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the\nLinux kernel. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-4312,\nCVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844,\nCVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,\nCVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,\nCVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198,\nCVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956,\nCVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699,\nCVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn\nCrosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was\ndiscovered by Venkatesh Pottem (Red Hat Engineering); the\nCVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav\nVadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered\nby Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered\nby CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by\nJan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2013-4312\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8746\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8812\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2015-8956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-2847\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3044\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3699\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-3841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4569\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-4794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5828\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-5829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6136\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-6480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-7915\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9794\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-13167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16597\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3044\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-9794\", \"CVE-2017-13167\", \"CVE-2018-16597\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2016:2574\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2574\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-514.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:19:47", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-2574 advisory.\n\n - The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c. (CVE-2013-4312)\n\n - The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. (CVE-2015-8543)\n\n - The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from kernel memory by reading packet data. (CVE-2016-2117)\n\n - The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. (CVE-2016-6198)\n\n - Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging structure by a different CPU. (CVE-2016-2069)\n\n - The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses. (CVE-2016-3156)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted series of mount system calls. (CVE-2016-4581)\n\n - fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes. (CVE-2016-2847)\n\n - fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. (CVE-2015-8374)\n\n - Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. (CVE-2016-5829)\n\n - The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. (CVE-2015-8844)\n\n - The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. (CVE-2015-8845)\n\n - The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. (CVE-2015-8956)\n\n - The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. (CVE-2016-2053)\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface. (CVE-2016-4569)\n\n - sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.\n (CVE-2016-4578)\n\n - arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. (CVE-2016-5412)\n\n - drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation. (CVE-2016-6327)\n\n - Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a double fetch vulnerability. (CVE-2016-6480)\n\n - fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) via crafted network traffic. (CVE-2015-8746)\n\n - drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use- after-free) via crafted packets. (CVE-2015-8812)\n\n - The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move. (CVE-2016-3070)\n\n - The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd. (CVE-2016-3699)\n\n - The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841)\n\n - Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf system calls. (CVE-2016-4794)\n\n - The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call. (CVE-2016-5828)\n\n - Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by changing a certain string, aka a double fetch vulnerability. (CVE-2016-6136)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2016-11-11T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2016-2574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2016-2574.NASL", "href": "https://www.tenable.com/plugins/nessus/94697", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2016-2574.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(94697);\n script_version(\"2.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2013-4312\",\n \"CVE-2015-8374\",\n \"CVE-2015-8543\",\n \"CVE-2015-8746\",\n \"CVE-2015-8812\",\n \"CVE-2015-8844\",\n \"CVE-2015-8845\",\n \"CVE-2015-8956\",\n \"CVE-2016-2053\",\n \"CVE-2016-2069\",\n \"CVE-2016-2117\",\n \"CVE-2016-2384\",\n \"CVE-2016-2847\",\n \"CVE-2016-3044\",\n \"CVE-2016-3070\",\n \"CVE-2016-3156\",\n \"CVE-2016-3699\",\n \"CVE-2016-3841\",\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-4581\",\n \"CVE-2016-4794\",\n \"CVE-2016-5412\",\n \"CVE-2016-5828\",\n \"CVE-2016-5829\",\n \"CVE-2016-6136\",\n \"CVE-2016-6198\",\n \"CVE-2016-6327\",\n \"CVE-2016-6480\",\n \"CVE-2016-7914\",\n \"CVE-2016-7915\",\n \"CVE-2016-9794\",\n \"CVE-2017-13167\",\n \"CVE-2018-16597\"\n );\n script_xref(name:\"RHSA\", value:\"2016:2574\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2016-2574)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2016-2574 advisory.\n\n - The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of\n service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to\n net/unix/af_unix.c and net/unix/garbage.c. (CVE-2013-4312)\n\n - The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products,\n does not validate protocol identifiers for certain protocol families, which allows local users to cause a\n denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by\n leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. (CVE-2015-8543)\n\n - The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel through 4.5.2\n incorrectly enables scatter/gather I/O, which allows remote attackers to obtain sensitive information from\n kernel memory by reading packet data. (CVE-2016-2117)\n\n - The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an\n OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service\n (system crash) via a rename system call, related to fs/namei.c and fs/open.c. (CVE-2016-6198)\n\n - Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges\n by triggering access to a paging structure by a different CPU. (CVE-2016-2069)\n\n - The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which\n allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large\n number of IP addresses. (CVE-2016-3156)\n\n - fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse a mount propagation tree in a\n certain case involving a slave mount, which allows local users to cause a denial of service (NULL pointer\n dereference and OOPS) via a crafted series of mount system calls. (CVE-2016-4581)\n\n - fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows\n local users to cause a denial of service (memory consumption) by creating many pipes with non-default\n sizes. (CVE-2016-2847)\n\n - fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local\n users to obtain sensitive pre-truncation information from a file via a clone action. (CVE-2015-8374)\n\n - Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in\n the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified\n other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call. (CVE-2016-5829)\n\n - The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR\n with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing\n exception and panic) via a crafted application. (CVE-2015-8844)\n\n - The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on\n powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call,\n which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted\n application. (CVE-2015-8845)\n\n - The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local\n users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors\n involving a bind system call on a Bluetooth RFCOMM socket. (CVE-2015-8956)\n\n - The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to\n cause a denial of service (panic) via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in crypto/asymmetric_keys/public_key.c. (CVE-2016-2053)\n\n - Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel\n before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have\n unspecified other impact via vectors involving an invalid USB descriptor. (CVE-2016-2384)\n\n - The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not\n initialize a certain data structure, which allows local users to obtain sensitive information from kernel\n stack memory via crafted use of the ALSA timer interface. (CVE-2016-4569)\n\n - sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which\n allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA\n timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.\n (CVE-2016-4578)\n\n - arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when\n CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite\n loop) by making a H_CEDE hypercall during the existence of a suspended transaction. (CVE-2016-5412)\n\n - drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 allows local users to cause a\n denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a\n device write operation. (CVE-2016-6327)\n\n - Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel\n through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by\n changing a certain size value, aka a double fetch vulnerability. (CVE-2016-6480)\n\n - fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory\n for migration recovery operations, which allows remote NFS servers to cause a denial of service (NULL\n pointer dereference and panic) via crafted network traffic. (CVE-2015-8746)\n\n - drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error\n conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-\n after-free) via crafted packets. (CVE-2015-8812)\n\n - The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel\n before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of service\n (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a\n certain page move. (CVE-2016-3070)\n\n - The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted\n with UEFI Secure Boot enabled, allows local users to bypass intended Secure Boot restrictions and execute\n untrusted code by appending ACPI tables to the initrd. (CVE-2016-3699)\n\n - The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain\n privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system\n call. (CVE-2016-3841)\n\n - Use-after-free vulnerability in mm/percpu.c in the Linux kernel through 4.6 allows local users to cause a\n denial of service (BUG) or possibly have unspecified other impact via crafted use of the mmap and bpf\n system calls. (CVE-2016-4794)\n\n - The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc\n platforms mishandles transactional state, which allows local users to cause a denial of service (invalid\n process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by\n starting and suspending a transaction before an exec system call. (CVE-2016-5828)\n\n - Race condition in the audit_log_single_execve_arg function in kernel/auditsc.c in the Linux kernel through\n 4.7 allows local users to bypass intended character-set restrictions or disrupt system-call auditing by\n changing a certain string, aka a double fetch vulnerability. (CVE-2016-6136)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2016-2574.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8812\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-514.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2016-2574');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-514.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-514.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:29:54", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {}, "published": "2016-11-28T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2016:2574)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2016-2574.NASL", "href": "https://www.tenable.com/plugins/nessus/95321", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2574 and \n# CentOS Errata and Security Advisory 2016:2574 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95321);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\", \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\", \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\", \"CVE-2016-2847\", \"CVE-2016-3044\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\", \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\", \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\", \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\", \"CVE-2016-7914\", \"CVE-2016-7915\", \"CVE-2016-9794\", \"CVE-2017-13167\", \"CVE-2018-16597\");\n script_xref(name:\"RHSA\", value:\"2016:2574\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2016:2574)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of\nservice (use-after-free and system crash) via a crafted sendmsg system\ncall. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the\nLinux kernel. Space precludes documenting each of these issues in this\nadvisory. Refer to the CVE links in the References section for a\ndescription of each of these vulnerabilities. (CVE-2013-4312,\nCVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844,\nCVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847,\nCVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,\nCVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198,\nCVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956,\nCVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699,\nCVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156;\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn\nCrosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was\ndiscovered by Venkatesh Pottem (Red Hat Engineering); the\nCVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav\nVadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered\nby Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered\nby CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by\nJan Stancek (Red Hat).\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2016-November/003609.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4a0f0ff\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-8812\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-514.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-514.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:32:45", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run.\n NOTE: the author of the LZO algorithms says 'the Linux kernel is *not* affected media hype.'(CVE-2014-4608)A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)An elevation of privilege vulnerability in the kernel scsi driver.\n Product: Android. Versions: Android kernel. Android ID A-65023233.(CVE-2017-13168)An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.(CVE-2018-14617)An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.(CVE-2016-2384)fsamespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a 'mount -o remount' command within a user namespace.(CVE-2014-5207)fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink.(CVE-2016-6197)In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb3 71a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base.\n Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the 'gap' between the stack and the binary.(CVE-2017-1000253)Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability.(CVE-2016-6130)rtl_p2p_noa_ie in drivers et/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.(CVE-2016-4578)Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.(CVE-2017-5753)The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both a control and a data endpoint descriptor.(CVE-2016-3138)The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.(CVE-2016-7425)The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2185)The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2184)The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3140)The do_remount function in fsamespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a 'mount -o remount' command within a user namespace.(CVE-2014-5206)The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2187)The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.(CVE-2015-8816)The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device without both a master and a slave interface.(CVE-2016-3689)The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable, the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack. Linux Kernel version 4.11.5 is affected.(CVE-2017-1000379)The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.(CVE-2015-8844)The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface.(CVE-2016-4569)The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application.(CVE-2015-8845)The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program.(CVE-2015-1350)The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-4608", "CVE-2014-5206", "CVE-2014-5207", "CVE-2015-1350", "CVE-2015-3332", "CVE-2015-8816", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-9289", "CVE-2016-2184", "CVE-2016-2185", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-2384", "CVE-2016-3138", "CVE-2016-3139", "CVE-2016-3140", "CVE-2016-3689", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-6130", "CVE-2016-6197", "CVE-2016-7425", "CVE-2017-1000253", "CVE-2017-1000379", "CVE-2017-13168", "CVE-2017-18509", "CVE-2017-18551", "CVE-2017-18595", "CVE-2017-5753", "CVE-2018-14617", "CVE-2019-0136", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2599.NASL", "href": "https://www.tenable.com/plugins/nessus/132134", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132134);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2014-4608\",\n \"CVE-2014-5206\",\n \"CVE-2014-5207\",\n \"CVE-2015-1350\",\n \"CVE-2015-3332\",\n \"CVE-2015-8816\",\n \"CVE-2015-8844\",\n \"CVE-2015-8845\",\n \"CVE-2015-9289\",\n \"CVE-2016-2184\",\n \"CVE-2016-2185\",\n \"CVE-2016-2186\",\n \"CVE-2016-2187\",\n \"CVE-2016-2384\",\n \"CVE-2016-3138\",\n \"CVE-2016-3139\",\n \"CVE-2016-3140\",\n \"CVE-2016-3689\",\n \"CVE-2016-4569\",\n \"CVE-2016-4578\",\n \"CVE-2016-6130\",\n \"CVE-2016-6197\",\n \"CVE-2016-7425\",\n \"CVE-2017-5753\",\n \"CVE-2017-13168\",\n \"CVE-2017-18509\",\n \"CVE-2017-18551\",\n \"CVE-2017-18595\",\n \"CVE-2017-1000253\",\n \"CVE-2017-1000379\",\n \"CVE-2018-14617\",\n \"CVE-2019-0136\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\"\n );\n script_bugtraq_id(\n 68214,\n 69214,\n 69216,\n 74232\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-2599)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):** DISPUTED ** Multiple\n integer overflows in the lzo1x_decompress_safe function\n in lib/lzo/lzo1x_decompress_safe.c in the LZO\n decompressor in the Linux kernel before 3.15.2 allow\n context-dependent attackers to cause a denial of\n service (memory corruption) via a crafted Literal Run.\n NOTE: the author of the LZO algorithms says 'the Linux\n kernel is *not* affected media hype.'(CVE-2014-4608)A\n certain backport in the TCP Fast Open implementation\n for the Linux kernel before 3.18 does not properly\n maintain a count value, which allow local users to\n cause a denial of service (system crash) via the Fast\n Open feature, as demonstrated by visiting the\n chrome://flags/#enable-tcp-fast-open URL when using\n certain 3.10.x through 3.16.x kernel builds, including\n longterm-maintenance releases and ckt (aka Canonical\n Kernel Team) builds.(CVE-2015-3332)An elevation of\n privilege vulnerability in the kernel scsi driver.\n Product: Android. Versions: Android kernel. Android ID\n A-65023233.(CVE-2017-13168)An issue was discovered in\n drivers/i2c/i2c-core-smbus.c in the Linux kernel before\n 4.14.15. There is an out of bounds write in the\n function i2c_smbus_xfer_emulated.(CVE-2017-18551)An\n issue was discovered in net/ipv6/ip6mr.c in the Linux\n kernel before 4.11. By setting a specific socket\n option, an attacker can control a pointer in kernel\n land and cause an inet_csk_listen_stop general\n protection fault, or potentially execute arbitrary code\n under certain circumstances. The issue can be triggered\n as root (e.g., inside a default LXC container or with\n the CAP_NET_ADMIN capability) or after namespace\n unsharing. This occurs because sk_type and protocol are\n not checked in the appropriate part of the ip6_mroute_*\n functions. NOTE: this affects Linux distributions that\n use 4.9.x longterm kernels before\n 4.9.187.(CVE-2017-18509)An issue was discovered in the\n Linux kernel before 4.14.11. A double free may be\n caused by the function allocate_trace_buffer in the\n file kernel/trace/trace.c.(CVE-2017-18595)An issue was\n discovered in the Linux kernel through 4.17.10. There\n is a NULL pointer dereference and panic in\n hfsplus_lookup() in fs/hfsplus/dir.c when opening a\n file (that is purportedly a hard link) in an hfs+\n filesystem that has malformed catalog data, and is\n mounted read-only without a metadata\n directory.(CVE-2018-14617)An issue was discovered in\n write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in\n the Linux kernel through 5.3.2. The cxgb4 driver is\n directly calling dma_map_single (a DMA function) from a\n stack variable. This could allow an attacker to trigger\n a Denial of Service, exploitable if this driver is used\n on an architecture for which this stack/DMA interaction\n has security relevance.(CVE-2019-17075)Double free\n vulnerability in the snd_usbmidi_create function in\n sound/usb/midi.c in the Linux kernel before 4.5 allows\n physically proximate attackers to cause a denial of\n service (panic) or possibly have unspecified other\n impact via vectors involving an invalid USB\n descriptor.(CVE-2016-2384)fsamespace.c in the Linux\n kernel through 3.16.1 does not properly restrict\n clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and\n changing MNT_ATIME_MASK during a remount of a bind\n mount, which allows local users to gain privileges,\n interfere with backups and auditing on systems that had\n atime enabled, or cause a denial of service (excessive\n filesystem updating) on systems that had atime disabled\n via a 'mount -o remount' command within a user\n namespace.(CVE-2014-5207)fs/overlayfs/dir.c in the\n OverlayFS filesystem implementation in the Linux kernel\n before 4.6 does not properly verify the upper dentry\n before proceeding with unlink and rename system-call\n processing, which allows local users to cause a denial\n of service (system crash) via a rename system call that\n specifies a self-hardlink.(CVE-2016-6197)In the Linux\n kernel before 4.1.4, a buffer overflow occurs when\n checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size\n for a DiSEqC command is 6, according to the userspace\n API. However, the code allows larger values such as\n 23.(CVE-2015-9289)In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow.(CVE-2019-17133)Insufficient access control in\n the Intel(R) PROSet/Wireless WiFi Software driver\n before version 21.10 may allow an unauthenticated user\n to potentially enable denial of service via adjacent\n access.(CVE-2019-0136)Linux distributions that have not\n patched their long-term kernels with\n https://git.kernel.org/linus/a87938b2e246b81b4fb713edb3\n 71a9fa3c5c3c86 (committed on April 14, 2015). This\n kernel vulnerability was fixed in April 2015 by commit\n a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to\n Linux 3.10.77 in May 2015), but it was not recognized\n as a security threat. With\n CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a\n normal top-down address allocation strategy,\n load_elf_binary() will attempt to map a PIE binary into\n an address range immediately below mm->mmap_base.\n Unfortunately, load_elf_ binary() does not take account\n of the need to allocate sufficient space for the entire\n binary which means that, while the first PT_LOAD\n segment is mapped below mm->mmap_base, the subsequent\n PT_LOAD segment(s) end up being mapped above\n mm->mmap_base into the are that is supposed to be the\n 'gap' between the stack and the\n binary.(CVE-2017-1000253)Race condition in the\n sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel before\n 4.6 allows local users to obtain sensitive information\n from kernel memory by changing a certain length value,\n aka a 'double fetch'\n vulnerability.(CVE-2016-6130)rtl_p2p_noa_ie in drivers\n et/wireless/realtek/rtlwifi/ps.c in the Linux kernel\n through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer\n overflow.(CVE-2019-17666)sound/core/timer.c in the\n Linux kernel through 4.6 does not initialize certain r1\n data structures, which allows local users to obtain\n sensitive information from kernel stack memory via\n crafted use of the ALSA timer interface, related to the\n (1) snd_timer_user_ccallback and (2)\n snd_timer_user_tinterrupt\n functions.(CVE-2016-4578)Systems with microprocessors\n utilizing speculative execution and branch prediction\n may allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis.(CVE-2017-5753)The acm_probe function in\n drivers/usb/class/cdc-acm.c in the Linux kernel before\n 4.5.1 allows physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system\n crash) via a USB device without both a control and a\n data endpoint descriptor.(CVE-2016-3138)The\n arcmsr_iop_message_xfer function in\n drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel\n through 4.8.2 does not restrict a certain length field,\n which allows local users to gain privileges or cause a\n denial of service (heap-based buffer overflow) via an\n ARCMSR_MESSAGE_WRITE_WQBUFFER control\n code.(CVE-2016-7425)The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2185)The\n create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the\n Linux kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference or double free, and system crash) via a\n crafted endpoints value in a USB device\n descriptor.(CVE-2016-2184)The digi_port_init function\n in drivers/usb/serial/digi_acceleport.c in the Linux\n kernel before 4.5.1 allows physically proximate\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints\n value in a USB device descriptor.(CVE-2016-3140)The\n do_remount function in fsamespace.c in the Linux kernel\n through 3.16.1 does not maintain the MNT_LOCK_READONLY\n bit across a remount of a bind mount, which allows\n local users to bypass an intended read-only restriction\n and defeat certain sandbox protection mechanisms via a\n 'mount -o remount' command within a user\n namespace.(CVE-2014-5206)The gtco_probe function in\n drivers/input/tablet/gtco.c in the Linux kernel through\n 4.5.2 allows physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system\n crash) via a crafted endpoints value in a USB device\n descriptor.(CVE-2016-2187)The hub_activate function in\n drivers/usb/core/hub.c in the Linux kernel before 4.3.5\n does not properly maintain a hub-interface data\n structure, which allows physically proximate attackers\n to cause a denial of service (invalid memory access and\n system crash) or possibly have unspecified other impact\n by unplugging a USB hub device.(CVE-2015-8816)The\n ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel before\n 4.5.1 allows physically proximate attackers to cause a\n denial of service (system crash) via a USB device\n without both a master and a slave\n interface.(CVE-2016-3689)The Linux Kernel running on\n AMD64 systems will sometimes map the contents of PIE\n executable, the heap or ld.so to where the stack is\n mapped allowing attackers to more easily manipulate the\n stack. Linux Kernel version 4.11.5 is\n affected.(CVE-2017-1000379)The powermate_probe function\n in drivers/input/misc/powermate.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2186)The signal\n implementation in the Linux kernel before 4.3.5 on\n powerpc platforms does not check for an MSR with both\n the S and T bits set, which allows local users to cause\n a denial of service (TM Bad Thing exception and panic)\n via a crafted application.(CVE-2015-8844)The\n snd_timer_user_params function in sound/core/timer.c in\n the Linux kernel through 4.6 does not initialize a\n certain data structure, which allows local users to\n obtain sensitive information from kernel stack memory\n via crafted use of the ALSA timer\n interface.(CVE-2016-4569)The tm_reclaim_thread function\n in arch/powerpc/kernel/process.c in the Linux kernel\n before 4.4.1 on powerpc platforms does not ensure that\n TM suspend mode exists before proceeding with a\n tm_reclaim call, which allows local users to cause a\n denial of service (TM Bad Thing exception and panic)\n via a crafted application.(CVE-2015-8845)The VFS\n subsystem in the Linux kernel 3.x provides an\n incomplete set of requirements for setattr operations\n that underspecifies removing extended privilege\n attributes, which allows local users to cause a denial\n of service (capability stripping) via a failed\n invocation of a system call, as demonstrated by using\n chown to remove a capability from the ping or Wireshark\n dumpcap program.(CVE-2015-1350)The wacom_probe function\n in drivers/input/tablet/wacom_sys.c in the Linux kernel\n before 3.17 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-3139)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2599\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc6af25f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17666\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h234\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h234\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h234\",\n \"kernel-devel-3.10.0-514.44.5.10.h234\",\n \"kernel-headers-3.10.0-514.44.5.10.h234\",\n \"kernel-tools-3.10.0-514.44.5.10.h234\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h234\",\n \"perf-3.10.0-514.44.5.10.h234\",\n \"python-perf-3.10.0-514.44.5.10.h234\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2016-09-04T12:32:47", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.62 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel\n did not properly check for an integer overflow, which allowed local\n users to cause a denial of service (insufficient memory allocation) or\n possibly have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n - CVE-2015-7833: The usbvision driver in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (panic) via\n a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86\n system and using Linux as the driver domain, allowed local guest\n administrators to hit BUG conditions and cause a denial of service (NULL\n pointer dereference and host OS crash) by leveraging a system with\n access to a passed-through MSI or MSI-X capable physical PCI device and\n a crafted sequence of XEN_PCI_OP_* operations, aka &quot;Linux pciback\n missing sanity checks (bnc#957990).\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86\n system and using Linux as the driver domain, allowed local guest\n administrators to generate a continuous stream of WARN messages and\n cause a denial of service (disk consumption) by leveraging a system with\n access to a passed-through MSI or MSI-X capable physical PCI device and\n XEN_PCI_OP_enable_msi operations, aka &quot;Linux pciback missing sanity\n checks (bnc#957990).\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n did not ensure that TM suspend mode exists before proceeding with a\n tm_reclaim call, which allowed local users to cause a denial of service\n (TM Bad Thing exception and panic) via a crafted application\n (bnc#975533).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bnc#979867).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bsc#983143).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c\n in the Linux kernel did not properly randomize the legacy base address,\n which made it easier for local users to defeat the intended restrictions\n on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism\n for a setuid or setgid program, by disabling stack-consumption resource\n limits (bnc#974308).\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755).\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bsc#978401).\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bnc#979548).\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface (bsc#979213).\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize\n certain r1 data structures, which allowed local users to obtain\n sensitive information from kernel stack memory via crafted use of the\n ALSA timer interface, related to the (1) snd_timer_user_ccallback and\n (2) snd_timer_user_tinterrupt functions (bnc#979879).\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash, or\n spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation\n in the netfilter subsystem in the Linux kernel allowed local users to\n gain privileges or cause a denial of service (memory corruption) by\n leveraging in-container root access to provide a crafted offset value\n that triggers an unintended decrement (bsc#986362).\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel allowed local users to cause a\n denial of service (out-of-bounds read) or possibly obtain sensitive\n information from kernel heap memory by leveraging in-container root\n access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary (bsc#986365).\n - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the\n Linux kernel did not initialize a certain structure member, which\n allowed remote attackers to obtain sensitive information from kernel\n stack memory by reading an RDS message (bnc#983213).\n - CVE-2016-5828: The start_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n mishandled transactional state, which allowed local users to cause a\n denial of service (invalid process state or TM Bad Thing exception, and\n system crash) or possibly have unspecified other impact by starting and\n suspending a transaction an exec system call (bsc#986569).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572).\n\n The following non-security bugs were fixed:\n - ALSA: hrtimer: Handle start/stop more properly (bsc#973378).\n - Add wait_event_cmd() (bsc#953048).\n - Btrfs: be more precise on errors when getting an inode from disk\n (bsc#981038).\n - Btrfs: do not use src fd for printk (bsc#980348).\n - Btrfs: improve performance on fsync against new inode after\n rename/unlink (bsc#981038).\n - Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933).\n - Btrfs: serialize subvolume mounts with potentially mismatching rw flags\n (bsc#951844).\n - Disable btrfs patch (bsc#981597)\n - EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521).\n - EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs()\n (bsc#979521).\n - EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521).\n - EDAC/sb_edac: Fix computation of channel address (bsc#979521).\n - EDAC: Correct channel count limit (bsc#979521).\n - EDAC: Remove arbitrary limit on number of channels (bsc#979521).\n - EDAC: Use static attribute groups for managing sysfs entries\n (bsc#979521).\n - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491).\n - PCI/AER: Clear error status registers during enumeration and restore\n (bsc#985978).\n - RAID5: batch adjacent full stripe write (bsc#953048).\n - RAID5: check_reshape() shouldn't call mddev_suspend (bsc#953048).\n - RAID5: revert e9e4c377e2f563 to fix a livelock (bsc#953048).\n - Restore copying of SKBs with head exceeding page size (bsc#978469).\n - SCSI: Increase REPORT_LUNS timeout (bsc#982282).\n - USB: xhci: Add broken streams quirk for Frescologic device id 1009\n (bnc#982698).\n - Update\n patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch\n (bsc#979419). Fix reference.\n - Update\n patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch\n (bsc#962742). Fix incorrect bugzilla referece.\n - VSOCK: Fix lockdep issue (bsc#977417).\n - VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417).\n - base: make module_create_drivers_dir race-free (bnc#983977).\n - cdc_ncm: workaround for EM7455 &quot;silent&quot; data interface (bnc#988552).\n - ceph: tolerate bad i_size for symlink inode (bsc#985232).\n - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904).\n - drm/mgag200: Add support for a new rev of G200e (bsc#983904).\n - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904).\n - drm/mgag200: remove unused variables (bsc#983904).\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n - efifb: Add support for 64-bit frame buffer addresses (bsc#973499).\n - efifb: Fix 16 color palette entry calculation (bsc#983318).\n - efifb: Fix KABI of screen_info struct (bsc#973499).\n - ehci-pci: enable interrupt on BayTrail (bnc#947337).\n - enic: set netdev-&gt;vlan_features (bsc#966245).\n - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)\n - hid-elo: kill not flush the work (bnc#982354).\n - iommu/vt-d: Enable QI on all IOMMUs before setting root entry\n (bsc#975772).\n - ipvs: count pre-established TCP states as active (bsc#970114).\n - kabi/severities: Added raw3270_* PASS to allow IBM LTC changes\n (bnc#979922, LTC#141736)\n - kabi: prevent spurious modversion changes after bsc#982544 fix\n (bsc#982544).\n - kvm: Guest does not show the cpu flag nonstop_tsc (bsc#971770)\n - md/raid56: Do not perform reads to support writes until stripe is ready.\n - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048).\n - md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with\n REQ_NOMERGE.\n - md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048).\n - md/raid5: allow the stripe_cache to grow and shrink (bsc#953048).\n - md/raid5: always set conf-&gt;prev_chunk_sectors and -&gt;prev_algo\n (bsc#953048).\n - md/raid5: avoid races when changing cache size (bsc#953048).\n - md/raid5: avoid reading parity blocks for full-stripe write to degraded\n array (bsc#953048).\n - md/raid5: be more selective about distributing flags across batch\n (bsc#953048).\n - md/raid5: break stripe-batches when the array has failed (bsc#953048).\n - md/raid5: call break_stripe_batch_list from handle_stripe_clean_event\n (bsc#953048).\n - md/raid5: change -&gt;inactive_blocked to a bit-flag (bsc#953048).\n - md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048).\n - md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048).\n - md/raid5: close recently introduced race in stripe_head management.\n - md/raid5: consider updating reshape_position at start of reshape\n (bsc#953048).\n - md/raid5: deadlock between retry_aligned_read with barrier io\n (bsc#953048).\n - md/raid5: do not do chunk aligned read on degraded array (bsc#953048).\n - md/raid5: do not index beyond end of array in need_this_block()\n (bsc#953048).\n - md/raid5: do not let shrink_slab shrink too far (bsc#953048).\n - md/raid5: duplicate some more handle_stripe_clean_event code in\n break_stripe_batch_list (bsc#953048).\n - md/raid5: ensure device failure recorded before write request returns\n (bsc#953048).\n - md/raid5: ensure whole batch is delayed for all required bitmap updates\n (bsc#953048).\n - md/raid5: fix allocation of 'scribble' array (bsc#953048).\n - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048).\n - md/raid5: fix handling of degraded stripes in batches (bsc#953048).\n - md/raid5: fix init_stripe() inconsistencies (bsc#953048).\n - md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048).\n - md/raid5: fix newly-broken locking in get_active_stripe.\n - md/raid5: handle possible race as reshape completes (bsc#953048).\n - md/raid5: ignore released_stripes check (bsc#953048).\n - md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048).\n - md/raid5: move max_nr_stripes management into grow_one_stripe and\n drop_one_stripe (bsc#953048).\n - md/raid5: need_this_block: start simplifying the last two conditions\n (bsc#953048).\n - md/raid5: need_this_block: tidy/fix last condition (bsc#953048).\n - md/raid5: new alloc_stripe() to allocate an initialize a stripe\n (bsc#953048).\n - md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048).\n - md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048).\n - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list.\n - md/raid5: remove condition test from check_break_stripe_batch_list\n (bsc#953048).\n - md/raid5: remove incorrect &quot;min_t()&quot; when calculating writepos\n (bsc#953048).\n - md/raid5: remove redundant check in stripe_add_to_batch_list()\n (bsc#953048).\n - md/raid5: separate large if clause out of fetch_block() (bsc#953048).\n - md/raid5: separate out the easy conditions in need_this_block\n (bsc#953048).\n - md/raid5: split wait_for_stripe and introduce wait_for_quiescent\n (bsc#953048).\n - md/raid5: strengthen check on reshape_position at run (bsc#953048).\n - md/raid5: switch to use conf-&gt;chunk_sectors in place of\n mddev-&gt;chunk_sectors where possible (bsc#953048).\n - md/raid5: use -&gt;lock to protect accessing raid5 sysfs attributes\n (bsc#953048).\n - md/raid5: use bio_list for the list of bios to return (bsc#953048).\n - md: be careful when testing resync_max against curr_resync_completed\n (bsc#953048).\n - md: do_release_stripe(): No need to call md_wakeup_thread() twice\n (bsc#953048).\n - md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync\n (bsc#953048).\n - md: remove unwanted white space from md.c (bsc#953048).\n - md: use set_bit/clear_bit instead of shift/mask for bi_flags changes\n (bsc#953048).\n - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).\n - net/qlge: Avoids recursive EEH error (bsc#954847).\n - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667).\n - net: Start with correct mac_len in skb_network_protocol (bsc#968667).\n - net: disable fragment reassembly if high_thresh is set to zero\n (bsc#970506).\n - net: fix wrong mac_len calculation for vlans (bsc#968667).\n - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in\n br_validate_ipv6 (bsc#982544).\n - netfilter: bridge: do not leak skb in error paths (bsc#982544).\n - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).\n - nvme: don't poll the CQ from the kthread (bsc#975788, bsc#965087).\n - perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489).\n - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489).\n - ppp: defer netns reference release for ppp channel (bsc#980371).\n - qeth: delete napi struct when removing a qeth device (bnc#988215,\n LTC#143590).\n - raid5: Retry R5_ReadNoMerge flag when hit a read error.\n - raid5: add a new flag to track if a stripe can be batched (bsc#953048).\n - raid5: add an option to avoid copy data from bio to stripe cache\n (bsc#953048).\n - raid5: avoid release list until last reference of the stripe\n (bsc#953048).\n - raid5: check faulty flag for array status during recovery (bsc#953048).\n - raid5: fix a race of stripe count check.\n - raid5: fix broken async operation chain (bsc#953048).\n - raid5: get_active_stripe avoids device_lock.\n - raid5: handle expansion/resync case with stripe batching (bsc#953048).\n - raid5: handle io error of batch list (bsc#953048).\n - raid5: make_request does less prepare wait.\n - raid5: relieve lock contention in get_active_stripe().\n - raid5: relieve lock contention in get_active_stripe().\n - raid5: speedup sync_request processing (bsc#953048).\n - raid5: track overwrite disk count (bsc#953048).\n - raid5: update analysis state for failed stripe (bsc#953048).\n - raid5: use flex_array for scribble data (bsc#953048).\n - s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736).\n - s390/3270: avoid endless I/O loop with disconnected 3270 terminals\n (bnc#979922, LTC#141736).\n - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736).\n - s390/3270: fix view reference counting (bnc#979922, LTC#141736).\n - s390/3270: handle reconnect of a tty with a different size (bnc#979922,\n LTC#141736).\n - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922,\n LTC#141736).\n - s390/mm: fix asce_bits handling with dynamic pagetable levels\n (bnc#979922, LTC#141456).\n - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106).\n - s390: fix test_fp_ctl inline assembly contraints (bnc#988215,\n LTC#143138).\n - sb_edac: Fix a typo and a thinko in address handling for Haswell\n (bsc#979521).\n - sb_edac: Fix support for systems with two home agents per socket\n (bsc#979521).\n - sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell\n (bsc#979521).\n - sb_edac: look harder for DDRIO on Haswell systems (bsc#979521).\n - sb_edac: support for Broadwell -EP and -EX (bsc#979521).\n - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency\n (bnc#988498).\n - sched/cputime: Fix cpu_timer_sample_group() double accounting\n (bnc#988498).\n - sched/x86: Fix up typo in topology detection (bsc#974165).\n - sched: Provide update_curr callbacks for stop/idle scheduling classes\n (bnc#988498).\n - target/rbd: do not put snap_context twice (bsc#981143).\n - target/rbd: remove caw_mutex usage (bsc#981143).\n - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456).\n - wait: introduce wait_event_exclusive_cmd (bsc#953048).\n - x86 EDAC, sb_edac.c: Repair damage introduced when &quot;fixing&quot; channel\n address (bsc#979521).\n - x86 EDAC, sb_edac.c: Take account of channel hashing when needed\n (bsc#979521).\n - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165).\n - x86/efi: parse_efi_setup() build fix (bsc#979485).\n - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n - x86: Removed the free memblock of hibernat keys to avoid memory\n corruption (bsc#990058).\n - x86: standardize mmap_rnd() usage (bnc#974308).\n - xfs: fix premature enospc on inode allocation (bsc#984148).\n - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).\n - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).\n\n", "cvss3": {}, "published": "2016-08-19T14:09:25", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2015-8551", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-4486", "CVE-2014-9904", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-5829", "CVE-2016-4997", "CVE-2016-4482", "CVE-2015-7833", "CVE-2016-4578", "CVE-2016-4805", "CVE-2015-8552", "CVE-2016-4470", "CVE-2016-4565", "CVE-2015-8845", "CVE-2016-3672", "CVE-2016-4998"], "modified": "2016-08-19T14:09:25", "id": "SUSE-SU-2016:2105-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00044.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T18:42:29", "description": "The openSUSE 13.1 kernel was updated to 3.12.62 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel\n did not properly check for an integer overflow, which allowed local\n users to cause a denial of service (insufficient memory allocation) or\n possibly have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n - CVE-2015-7833: The usbvision driver in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (panic) via\n a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86\n system and using Linux 3.1.x through 4.3.x as the driver domain, allowed\n local guest administrators to hit BUG conditions and cause a denial of\n service (NULL pointer dereference and host OS crash) by leveraging a\n system with access to a passed-through MSI or MSI-X capable physical PCI\n device and a crafted sequence of XEN_PCI_OP_* operations, aka &quot;Linux\n pciback missing sanity checks (bnc#957990).\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86\n system and using Linux 3.1.x through 4.3.x as the driver domain, allowed\n local guest administrators to generate a continuous stream of WARN\n messages and cause a denial of service (disk consumption) by leveraging\n a system with access to a passed-through MSI or MSI-X capable physical\n PCI device and XEN_PCI_OP_enable_msi operations, aka &quot;Linux pciback\n missing sanity checks (bnc#957990).\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n did not ensure that TM suspend mode exists before proceeding with a\n tm_reclaim call, which allowed local users to cause a denial of service\n (TM Bad Thing exception and panic) via a crafted application (bnc#975531\n bsc#975533).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bnc#979867).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling. (bsc#983143)\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c\n in the Linux kernel did not properly randomize the legacy base address,\n which made it easier for local users to defeat the intended restrictions\n on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism\n for a setuid or setgid program, by disabling stack-consumption resource\n limits (bnc#974308).\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755).\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call. (bnc#978401)\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bnc#979548\n bsc#980363).\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface. (bsc#979213)\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize\n certain r1 data structures, which allowed local users to obtain\n sensitive information from kernel stack memory via crafted use of the\n ALSA timer interface, related to the (1) snd_timer_user_ccallback and\n (2) snd_timer_user_tinterrupt functions (bnc#979879).\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash, or\n spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation\n in the netfilter subsystem in the Linux kernel allowed local users to\n gain privileges or cause a denial of service (memory corruption) by\n leveraging in-container root access to provide a crafted offset value\n that triggers an unintended decrement (bnc#986362).\n - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the\n netfilter subsystem in the Linux kernel before 4.6 allows local users to\n cause a denial of service (out-of-bounds read) or possibly obtain\n sensitive information from kernel heap memory by leveraging in-container\n root access to provide a crafted offset value that leads to crossing a\n ruleset blob boundary. (bnc#986365).\n - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the\n Linux kernel did not initialize a certain structure member, which\n allowed remote attackers to obtain sensitive information from kernel\n stack memory by reading an RDS message (bnc#983213).\n - CVE-2016-5828: The start_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n mishandled transactional state, which allowed local users to cause a\n denial of service (invalid process state or TM Bad Thing exception, and\n system crash) or possibly have unspecified other impact by starting and\n suspending a transaction before an exec system call. (bsc#986569)\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allow local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572).\n\n The following non-security bugs were fixed:\n - Add wait_event_cmd() (bsc#953048).\n - alsa: hrtimer: Handle start/stop more properly (bsc#973378).\n - base: make module_create_drivers_dir race-free (bnc#983977).\n - btrfs: be more precise on errors when getting an inode from disk\n (bsc#981038).\n - btrfs: do not use src fd for printk (bsc#980348).\n - btrfs: improve performance on fsync against new inode after\n rename/unlink (bsc#981038).\n - btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933).\n - btrfs: serialize subvolume mounts with potentially mismatching rw flags\n (bsc#951844).\n - cdc_ncm: workaround for EM7455 &quot;silent&quot; data interface (bnc#988552).\n - ceph: tolerate bad i_size for symlink inode (bsc#985232).\n - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904).\n - drm/mgag200: Add support for a new rev of G200e (bsc#983904).\n - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904).\n - drm/mgag200: remove unused variables (bsc#983904).\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n - EDAC: Correct channel count limit (bsc#979521).\n - EDAC: Remove arbitrary limit on number of channels (bsc#979521).\n - EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521).\n - EDAC/sb_edac: Fix computation of channel address (bsc#979521).\n - EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521).\n - EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs()\n (bsc#979521).\n - EDAC: Use static attribute groups for managing sysfs entries\n (bsc#979521).\n - efifb: Add support for 64-bit frame buffer addresses (bsc#973499).\n - efifb: Fix 16 color palette entry calculation (bsc#983318).\n - efifb: Fix KABI of screen_info struct (bsc#973499).\n - ehci-pci: enable interrupt on BayTrail (bnc#947337).\n - enic: set netdev-&gt;vlan_features (bsc#966245).\n - fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)\n - hid-elo: kill not flush the work (bnc#982354).\n - iommu/vt-d: Enable QI on all IOMMUs before setting root entry\n (bsc#975772).\n - ipvs: count pre-established TCP states as active (bsc#970114).\n - kabi: prevent spurious modversion changes after bsc#982544 fix\n (bsc#982544).\n - kabi/severities: Added raw3270_* PASS to allow IBM LTC changes.\n (bnc#979922, LTC#141736)\n - ktime: make ktime_divns exported on 32-bit architectures.\n - md: be careful when testing resync_max against curr_resync_completed\n (bsc#953048).\n - md: do_release_stripe(): No need to call md_wakeup_thread() twice\n (bsc#953048).\n - md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync\n (bsc#953048).\n - md/raid56: Do not perform reads to support writes until stripe is ready.\n - md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048).\n - md/raid5: allow the stripe_cache to grow and shrink (bsc#953048).\n - md/raid5: always set conf-&gt;prev_chunk_sectors and -&gt;prev_algo\n (bsc#953048).\n - md/raid5: avoid races when changing cache size (bsc#953048).\n - md/raid5: avoid reading parity blocks for full-stripe write to degraded\n array (bsc#953048).\n - md/raid5: be more selective about distributing flags across batch\n (bsc#953048).\n - md/raid5: break stripe-batches when the array has failed (bsc#953048).\n - md/raid5: call break_stripe_batch_list from handle_stripe_clean_event\n (bsc#953048).\n - md/raid5: change -&gt;inactive_blocked to a bit-flag (bsc#953048).\n - md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048).\n - md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048).\n - md/raid5: close recently introduced race in stripe_head management.\n - md/raid5: consider updating reshape_position at start of reshape\n (bsc#953048).\n - md/raid5: deadlock between retry_aligned_read with barrier io\n (bsc#953048).\n - md/raid5: do not do chunk aligned read on degraded array (bsc#953048).\n - md/raid5: do not index beyond end of array in need_this_block()\n (bsc#953048).\n - md/raid5: do not let shrink_slab shrink too far (bsc#953048).\n - md/raid5: duplicate some more handle_stripe_clean_event code in\n break_stripe_batch_list (bsc#953048).\n - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048).\n - md/raid5: ensure device failure recorded before write request returns\n (bsc#953048).\n - md/raid5: ensure whole batch is delayed for all required bitmap updates\n (bsc#953048).\n - md/raid5: fix allocation of 'scribble' array (bsc#953048).\n - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048).\n - md/raid5: fix handling of degraded stripes in batches (bsc#953048).\n - md/raid5: fix init_stripe() inconsistencies (bsc#953048).\n - md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048).\n - md/raid5: fix newly-broken locking in get_active_stripe.\n - md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with\n REQ_NOMERGE.\n - md/raid5: handle possible race as reshape completes (bsc#953048).\n - md/raid5: ignore released_stripes check (bsc#953048).\n - md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048).\n - md/raid5: move max_nr_stripes management into grow_one_stripe and\n drop_one_stripe (bsc#953048).\n - md/raid5: need_this_block: start simplifying the last two conditions\n (bsc#953048).\n - md/raid5: need_this_block: tidy/fix last condition (bsc#953048).\n - md/raid5: new alloc_stripe() to allocate an initialize a stripe\n (bsc#953048).\n - md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048).\n - md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048).\n - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list.\n - md/raid5: remove condition test from check_break_stripe_batch_list\n (bsc#953048).\n - md/raid5: remove incorrect &quot;min_t()&quot; when calculating writepos\n (bsc#953048).\n - md/raid5: remove redundant check in stripe_add_to_batch_list()\n (bsc#953048).\n - md/raid5: separate large if clause out of fetch_block() (bsc#953048).\n - md/raid5: separate out the easy conditions in need_this_block\n (bsc#953048).\n - md/raid5: split wait_for_stripe and introduce wait_for_quiescent\n (bsc#953048).\n - md/raid5: strengthen check on reshape_position at run (bsc#953048).\n - md/raid5: switch to use conf-&gt;chunk_sectors in place of\n mddev-&gt;chunk_sectors where possible (bsc#953048).\n - md/raid5: use bio_list for the list of bios to return (bsc#953048).\n - md/raid5: use -&gt;lock to protect accessing raid5 sysfs attributes\n (bsc#953048).\n - md: remove unwanted white space from md.c (bsc#953048).\n - md: use set_bit/clear_bit instead of shift/mask for bi_flags changes\n (bsc#953048).\n - mm: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491).\n - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).\n - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667).\n - net: disable fragment reassembly if high_thresh is set to zero\n (bsc#970506).\n - netfilter: bridge: do not leak skb in error paths (bsc#982544).\n - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).\n - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in\n br_validate_ipv6 (bsc#982544).\n - net: fix wrong mac_len calculation for vlans (bsc#968667).\n - net/qlge: Avoids recursive EEH error (bsc#954847).\n - net: Start with correct mac_len in skb_network_protocol (bsc#968667).\n - nvme: don't poll the CQ from the kthread (bsc#975788, bsc#965087).\n - PCI/AER: Clear error status registers during enumeration and restore\n (bsc#985978).\n - perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489).\n - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489).\n - ppp: defer netns reference release for ppp channel (bsc#980371).\n - qeth: delete napi struct when removing a qeth device (bnc#988215,\n LTC#143590).\n - raid5: add a new flag to track if a stripe can be batched (bsc#953048).\n - raid5: add an option to avoid copy data from bio to stripe cache\n (bsc#953048).\n - raid5: avoid release list until last reference of the stripe\n (bsc#953048).\n - raid5: batch adjacent full stripe write (bsc#953048).\n - raid5: check faulty flag for array status during recovery (bsc#953048).\n - RAID5: check_reshape() shouldn't call mddev_suspend (bsc#953048).\n - raid5: fix a race of stripe count check.\n - raid5: fix broken async operation chain (bsc#953048).\n - raid5: get_active_stripe avoids device_lock.\n - raid5: handle expansion/resync case with stripe batching (bsc#953048).\n - raid5: handle io error of batch list (bsc#953048).\n - raid5: make_request does less prepare wait.\n - raid5: relieve lock contention in get_active_stripe().\n - raid5: relieve lock contention in get_active_stripe().\n - raid5: Retry R5_ReadNoMerge flag when hit a read error.\n - RAID5: revert e9e4c377e2f563 to fix a livelock (bsc#953048).\n - raid5: speedup sync_request processing (bsc#953048).\n - raid5: track overwrite disk count (bsc#953048).\n - raid5: update analysis state for failed stripe (bsc#953048).\n - raid5: use flex_array for scribble data (bsc#953048).\n - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with\n head exceeding page size (bsc#978469).\n - s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736).\n - s390/3270: avoid endless I/O loop with disconnected 3270 terminals\n (bnc#979922, LTC#141736).\n - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736).\n - s390/3270: fix view reference counting (bnc#979922, LTC#141736).\n - s390/3270: handle reconnect of a tty with a different size (bnc#979922,\n LTC#141736).\n - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922,\n LTC#141736).\n - s390: fix test_fp_ctl inline assembly contraints (bnc#988215,\n LTC#143138).\n - s390/mm: fix asce_bits handling with dynamic pagetable levels\n (bnc#979922, LTC#141456).\n - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106).\n - sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell\n (bsc#979521).\n - sb_edac: Fix a typo and a thinko in address handling for Haswell\n (bsc#979521).\n - sb_edac: Fix support for systems with two home agents per socket\n (bsc#979521).\n - sb_edac: look harder for DDRIO on Haswell systems (bsc#979521).\n - sb_edac: support for Broadwell -EP and -EX (bsc#979521).\n - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency\n (bnc#988498).\n - sched/cputime: Fix cpu_timer_sample_group() double accounting\n (bnc#988498).\n - sched: Provide update_curr callbacks for stop/idle scheduling classes\n (bnc#988498).\n - sched/x86: Fix up typo in topology detection (bsc#974165).\n - scsi: Increase REPORT_LUNS timeout (bsc#982282).\n - series.conf: move netfilter section at the end of core networking\n - series.conf: move stray netfilter patches to the right section\n - target/rbd: do not put snap_context twice (bsc#981143).\n - target/rbd: remove caw_mutex usage (bsc#981143).\n - Update\n patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch\n (bsc#979419). Fix reference.\n - Update\n patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch\n (bsc#962742). Fix incorrect bugzilla referece.\n - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456).\n - usb: xhci: Add broken streams quirk for Frescologic device id 1009\n (bnc#982698).\n - VSOCK: Fix lockdep issue (bsc#977417).\n - VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417).\n - wait: introduce wait_event_exclusive_cmd (bsc#953048).\n - x86 EDAC, sb_edac.c: Repair damage introduced when &quot;fixing&quot; channel\n address (bsc#979521).\n - x86 EDAC, sb_edac.c: Take account of channel hashing when needed\n (bsc#979521).\n - x86/efi: parse_efi_setup() build fix (bsc#979485).\n - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n - x86: Removed the free memblock of hibernat keys to avoid memory\n corruption (bsc#990058).\n - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165).\n - x86: standardize mmap_rnd() usage (bnc#974308).\n - xen: fix i586 build after SLE12-SP1 commit 2f4c3ff45d5e.\n - xfs: fix premature enospc on inode allocation (bsc#984148).\n - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).\n - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).\n\n", "cvss3": {}, "published": "2016-08-29T20:08:39", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2015-8551", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-4486", "CVE-2014-9904", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-5829", "CVE-2016-4997", "CVE-2016-4482", "CVE-2015-7833", "CVE-2016-4578", "CVE-2016-4805", "CVE-2015-8552", "CVE-2016-4470", "CVE-2016-4565", "CVE-2015-8845", "CVE-2016-3672", "CVE-2016-4998"], "modified": "2016-08-29T20:08:39", "id": "OPENSUSE-SU-2016:2184-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00055.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T12:38:48", "description": "The SUSE Linux Enterprise 12 SP1 RT kernel was updated to 3.12.61 to\n receive various security and bugfixes.\n\n Main feature additions:\n - Improved support for Clustered File System (CephFS, fate#318586).\n\n The following security bugs were fixed:\n - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH\n umount2 system calls without verifying that the MNT_LOCKED flag is\n unset, which allowed local users to bypass intended access restrictions\n and navigate to filesystem locations beneath a mount by calling umount2\n within a user namespace (bnc#928547).\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel\n did not properly check for an integer overflow, which allowed local\n users to cause a denial of service (insufficient memory allocation) or\n possibly have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n - CVE-2015-7833: The usbvision driver in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (panic) via\n a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n - CVE-2015-8539: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (BUG) via crafted\n keyctl commands that negatively instantiate a key, related to\n security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and\n security/keys/user_defined.c (bnc#958463).\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86\n system, allowed local guest administrators to hit BUG conditions and\n cause a denial of service (NULL pointer dereference and host OS crash)\n by leveraging a system with access to a passed-through MSI or MSI-X\n capable physical PCI device and a crafted sequence of XEN_PCI_OP_*\n operations, aka &quot;Linux pciback missing sanity checks (bnc#957990).\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86\n system, allowed local guest administrators to generate a continuous\n stream of WARN messages and cause a denial of service (disk consumption)\n by leveraging a system with access to a passed-through MSI or MSI-X\n capable physical PCI device and XEN_PCI_OP_enable_msi operations, aka\n &quot;Linux pciback missing sanity checks (bnc#957990).\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n did not ensure that TM suspend mode exists before proceeding with a\n tm_reclaim call, which allowed local users to cause a denial of service\n (TM Bad Thing exception and panic) via a crafted application\n (bnc#975533).\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bnc#979867).\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling (bnc#983143).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of\n unread data in pipes, which allowed local users to cause a denial of\n service (memory consumption) by creating many pipes with non-default\n sizes (bnc#970948).\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c\n in the Linux kernel did not properly randomize the legacy base address,\n which made it easier for local users to defeat the intended restrictions\n on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism\n for a setuid or setgid program, by disabling stack-consumption resource\n limits (bnc#974308).\n - CVE-2016-3707: The icmp_check_sysrq function in net/ipv4/icmp.c in the\n kernel.org projects/rt patches for the Linux kernel allowed remote\n attackers to execute SysRq commands via crafted ICMP Echo Request\n packets, as demonstrated by a brute-force attack to discover a cookie,\n or an attack that occurs after reading the local icmp_echo_sysrq file\n (bnc#980246).\n - CVE-2016-4470: The key_reject_and_link function in security/keys/key.c\n in the Linux kernel did not ensure that a certain data structure is\n initialized, which allowed local users to cause a denial of service\n (system crash) via vectors involving a crafted keyctl request2 command\n (bnc#984755).\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relies on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bnc#979548).\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface (bnc#979213).\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize\n certain r1 data structures, which allowed local users to obtain\n sensitive information from kernel stack memory via crafted use of the\n ALSA timer interface, related to the (1) snd_timer_user_ccallback and\n (2) snd_timer_user_tinterrupt functions (bnc#979879).\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash, or\n spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n - CVE-2016-4997: The compat IPT_SO_SET_REPLACE setsockopt implementation\n in the netfilter subsystem in the Linux kernel allowed local users to\n gain privileges or cause a denial of service (memory corruption) by\n leveraging in-container root access to provide a crafted offset value\n that triggers an unintended decrement (bnc#986362).\n - CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the\n Linux kernel did not initialize a certain structure member, which\n allowed remote attackers to obtain sensitive information from kernel\n stack memory by reading an RDS message (bnc#983213).\n - CVE-2016-5828: The start_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n mishandled transactional state, which allowed local users to cause a\n denial of service (invalid process state or TM Bad Thing exception, and\n system crash) or possibly have unspecified other impact by starting and\n suspending a transaction before an exec system call (bnc#986569).\n - CVE-2016-5829: Multiple heap-based buffer overflows in the\n hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux\n kernel allowed local users to cause a denial of service or possibly have\n unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)\n HIDIOCSUSAGES ioctl call (bnc#986572).\n\n The following non-security bugs were fixed:\n - ALSA: hrtimer: Handle start/stop more properly (bsc#973378).\n - Add wait_event_cmd() (bsc#953048).\n - Btrfs: be more precise on errors when getting an inode from disk\n (bsc#981038).\n - Btrfs: do not collect ordered extents when logging that inode exists\n (bsc#977685).\n - Btrfs: do not return EBUSY on concurrent subvolume mounts (bsc#951844).\n - Btrfs: do not use src fd for printk (bsc#980348).\n - Btrfs: fix empty symlink after creating symlink and fsync parent dir\n (bsc#977685).\n - Btrfs: fix file loss on log replay after renaming a file and fsync\n (bsc#977685).\n - Btrfs: fix file/data loss caused by fsync after rename and new inode\n (bsc#977685).\n - Btrfs: fix for incorrect directory entries after fsync log replay\n (bsc#957805, bsc#977685).\n - Btrfs: fix race between fsync and lockless direct IO writes (bsc#977685).\n - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync\n (bsc#977685).\n - Btrfs: improve performance on fsync against new inode after\n rename/unlink (bsc#981038).\n - Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933).\n - Btrfs: serialize subvolume mounts with potentially mismatching rw flags\n (bsc#951844).\n - CacheFiles: Fix incorrect test for in-memory object collision\n (bsc#971049).\n - CacheFiles: Handle object being killed before being set up (bsc#971049).\n - EDAC, sb_edac: Add support for duplicate device IDs (bsc#979521).\n - EDAC, sb_edac: Fix TAD presence check for sbridge_mci_bind_devs()\n (bsc#979521).\n - EDAC, sb_edac: Fix rank lookup on Broadwell (bsc#979521).\n - EDAC/sb_edac: Fix computation of channel address (bsc#979521).\n - EDAC: Correct channel count limit (bsc#979521).\n - EDAC: Remove arbitrary limit on number of channels (bsc#979521).\n - EDAC: Use static attribute groups for managing sysfs entries\n (bsc#979521).\n - FS-Cache: Add missing initialization of ret in cachefiles_write_page()\n (bsc#971049).\n - FS-Cache: Count culled objects and objects rejected due to lack of space\n (bsc#971049).\n - FS-Cache: Fix cancellation of in-progress operation (bsc#971049).\n - FS-Cache: Handle a new operation submitted against a killed object\n (bsc#971049).\n - FS-Cache: Move fscache_report_unexpected_submission() to make it more\n available (bsc#971049).\n - FS-Cache: Out of line fscache_operation_init() (bsc#971049).\n - FS-Cache: Permit fscache_cancel_op() to cancel in-progress operations\n too (bsc#971049).\n - FS-Cache: Put an aborted initialised op so that it is accounted\n correctly (bsc#971049).\n - FS-Cache: Reduce cookie ref count if submit fails (bsc#971049).\n - FS-Cache: Synchronise object death state change vs operation submission\n (bsc#971049).\n - FS-Cache: The operation cancellation method needs calling in more places\n (bsc#971049).\n - FS-Cache: Timeout for releasepage() (bsc#971049).\n - FS-Cache: When submitting an op, cancel it if the target object is dying\n (bsc#971049).\n - FS-Cache: fscache_object_is_dead() has wrong logic, kill it (bsc#971049).\n - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309)\n - Fix kabi issue (bsc#971049).\n - Input: i8042 - lower log level for &quot;no controller&quot; message (bsc#945345).\n - KVM: x86: expose invariant tsc cpuid bit (v2) (bsc#971770).\n - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491).\n - NVMe: Unify controller probe and resume (bsc#979347).\n - NVMe: init nvme queue before enabling irq (bsc#662458).\n - PCI/AER: Clear error status registers during enumeration and restore\n (bsc#985978).\n - Refresh patches.xen/xen-netback-coalesce: Restore copying of SKBs with\n head exceeding page size (bsc#978469).\n - Revert &quot;scsi: fix soft lockup in scsi_remove_target() on module removal&quot;\n (bsc#970609).\n - SCSI: Increase REPORT_LUNS timeout (bsc#982282).\n - USB: xhci: Add broken streams quirk for Frescologic device id 1009\n (bnc#982698).\n - Update\n patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch\n (bsc#979419). Fix reference.\n - Update\n patches.drivers/nvme-0106-init-nvme-queue-before-enabling-irq.patch\n (bsc#962742). Fix incorrect bugzilla referece.\n - Update patches.kernel.org/patch-3.12.55-56 references (add bsc#973570).\n - Use mainline variant of hyperv KVP IP failover patch (bnc#978527)\n - VSOCK: Fix lockdep issue (bsc#977417).\n - VSOCK: sock_put wasn't safe to call in interrupt context (bsc#977417).\n - Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739).\n - base: make module_create_drivers_dir race-free (bnc#983977).\n - block: do not check request size in blk_cloned_rq_check_limits()\n (bsc#972124).\n - cachefiles: perform test on s_blocksize when opening cache file\n (bsc#971049).\n - cdc_ncm: workaround for EM7455 &quot;silent&quot; data interface (bnc#988552).\n - ceph fscache: Introduce a routine for uncaching single no data page from\n fscache.\n - ceph fscache: Uncaching no data page from fscache in readpage().\n - ceph: Asynchronous IO support.\n - ceph: Avoid to propagate the invalid page point.\n - ceph: Clean up if error occurred in finish_read().\n - ceph: EIO all operations after forced umount.\n - ceph: Implement writev/pwritev for sync operation.\n - ceph: Remove racey watch/notify event infrastructure (bsc#964727)\n - ceph: Remove racey watch/notify event infrastructure (bsc#964727)\n - ceph: add acl for cephfs.\n - ceph: add acl, noacl options for cephfs mount.\n - ceph: add get_name() NFS export callback.\n - ceph: add get_parent() NFS export callback.\n - ceph: add imported caps when handling cap export message.\n - ceph: add inline data to pagecache.\n - ceph: add missing init_acl() for mkdir() and atomic_open().\n - ceph: add open export target session helper.\n - ceph: add request to i_unsafe_dirops when getting unsafe reply.\n - ceph: additional debugfs output.\n - ceph: always re-send cap flushes when MDS recovers.\n - ceph: avoid block operation when !TASK_RUNNING (ceph_get_caps).\n - ceph: avoid block operation when !TASK_RUNNING\n (ceph_mdsc_close_sessions).\n - ceph: avoid block operation when !TASK_RUNNING (ceph_mdsc_sync).\n - ceph: avoid releasing caps that are being used.\n - ceph: avoid sending unnessesary FLUSHSNAP message.\n - ceph: avoid useless ceph_get_dentry_parent_inode() in ceph_rename().\n - ceph: cast PAGE_SIZE to size_t in ceph_sync_write().\n - ceph: ceph_frag_contains_value can be boolean.\n - ceph: ceph_get_parent() can be static.\n - ceph: check OSD caps before read/write.\n - ceph: check buffer size in ceph_vxattrcb_layout().\n - ceph: check caps in filemap_fault and page_mkwrite.\n - ceph: check directory's completeness before emitting directory entry.\n - ceph: check inode caps in ceph_d_revalidate.\n - ceph: check unsupported fallocate mode.\n - ceph: check zero length in ceph_sync_read().\n - ceph: checking for IS_ERR instead of NULL.\n - ceph: cleanup unsafe requests when reconnecting is denied.\n - ceph: cleanup use of ceph_msg_get.\n - ceph: clear directory's completeness when creating file.\n - ceph: convert inline data to normal data before data write.\n - ceph: do not assume r_old_dentry[_dir] always set together.\n - ceph: do not chain inode updates to parent fsync.\n - ceph: do not grabs open file reference for aborted request.\n - ceph: do not include ceph.{file,dir}.layout vxattr in listxattr().\n - ceph: do not include used caps in cap_wanted.\n - ceph: do not invalidate page cache when inode is no longer used.\n - ceph: do not mark dirty caps when there is no auth cap.\n - ceph: do not pre-allocate space for cap release messages.\n - ceph: do not set r_old_dentry_dir on link().\n - ceph: do not trim auth cap when there are cap snaps.\n - ceph: do not zero i_wrbuffer_ref when reconnecting is denied.\n - ceph: drop cap releases in requests composed before cap reconnect.\n - ceph: drop extra open file reference in ceph_atomic_open().\n - ceph: drop unconnected inodes.\n - ceph: exclude setfilelock requests when calculating oldest tid.\n - ceph: export ceph_session_state_name function.\n - ceph: fetch inline data when getting Fcr cap refs.\n - ceph: fix __dcache_readdir().\n - ceph: fix a comment typo.\n - ceph: fix append mode write.\n - ceph: fix atomic_open snapdir.\n - ceph: fix bool assignments.\n - ceph: fix cache revoke race.\n - ceph: fix ceph_dir_llseek().\n - ceph: fix ceph_fh_to_parent().\n - ceph: fix ceph_removexattr().\n - ceph: fix ceph_set_acl().\n - ceph: fix ceph_writepages_start().\n - ceph: fix dcache/nocache mount option.\n - ceph: fix dentry leaks.\n - ceph: fix directory fsync.\n - ceph: fix divide-by-zero in __validate_layout().\n - ceph: fix double page_unlock() in page_mkwrite().\n - ceph: fix dout() compile warnings in ceph_filemap_fault().\n - ceph: fix file lock interruption.\n - ceph: fix flush tid comparision.\n - ceph: fix flushing caps.\n - ceph: fix llistxattr on symlink.\n - ceph: fix message length computation.\n - ceph: fix mksnap crash.\n - ceph: fix null pointer dereference in send_mds_reconnect().\n - ceph: fix pr_fmt() redefinition.\n - ceph: fix queuing inode to mdsdir's snaprealm.\n - ceph: fix reading inline data when i_size greater than PAGE_SIZE.\n - ceph: fix request time stamp encoding.\n - ceph: fix reset_readdir().\n - ceph: fix setting empty extended attribute.\n - ceph: fix sizeof(struct tYpO *) typo.\n - ceph: fix snap context leak in error path.\n - ceph: fix trim caps.\n - ceph: fix uninline data function.\n - ceph: flush cap release queue when trimming session caps.\n - ceph: flush inline version.\n - ceph: forbid mandatory file lock.\n - ceph: fscache: Update object store limit after file writing.\n - ceph: fscache: Wait for completion of object initialization.\n - ceph: fscache: add an interface to synchronize object store limit.\n - ceph: get inode size for each append write.\n - ceph: handle -ESTALE reply.\n - ceph: handle SESSION_FORCE_RO message.\n - ceph: handle cap export race in try_flush_caps().\n - ceph: handle cap import atomically.\n - ceph: handle frag mismatch between readdir request and reply.\n - ceph: handle race between cap reconnect and cap release.\n - ceph: handle session flush message.\n - ceph: hold on to exclusive caps on complete directories.\n - ceph: implement readv/preadv for sync operation.\n - ceph: improve readahead for file holes.\n - ceph: improve reference tracking for snaprealm.\n - ceph: include time stamp in every MDS request.\n - ceph: include time stamp in replayed MDS requests.\n - ceph: initial CEPH_FEATURE_FS_FILE_LAYOUT_V2 support.\n - ceph: initialize inode before instantiating dentry.\n - ceph: introduce a new inode flag indicating if cached dentries are\n ordered.\n - ceph: introduce ceph_fill_fragtree().\n - ceph: introduce global empty snap context.\n - ceph: invalidate dirty pages after forced umount.\n - ceph: keep i_snap_realm while there are writers.\n - ceph: kstrdup() memory handling.\n - ceph: let MDS adjust readdir 'frag'.\n - ceph: make ceph_forget_all_cached_acls() static inline.\n - ceph: make fsync() wait unsafe requests that created/modified inode.\n - ceph: make sure syncfs flushes all cap snaps.\n - ceph: make sure write caps are registered with auth MDS.\n - ceph: match wait_for_completion_timeout return type.\n - ceph: message versioning fixes.\n - ceph: move ceph_find_inode() outside the s_mutex.\n - ceph: move spinlocking into ceph_encode_locks_to_buffer and\n ceph_count_locks.\n - ceph: no need to get parent inode in ceph_open.\n - ceph: parse inline data in MClientReply and MClientCaps.\n - ceph: pre-allocate ceph_cap struct for ceph_add_cap().\n - ceph: pre-allocate data structure that tracks caps flushing.\n - ceph: preallocate buffer for readdir reply.\n - ceph: print inode number for LOOKUPINO request.\n - ceph: properly apply umask when ACL is enabled.\n - ceph: properly handle XATTR_CREATE and XATTR_REPLACE.\n - ceph: properly mark empty directory as complete.\n - ceph: properly release page upon error.\n - ceph: properly zero data pages for file holes.\n - ceph: provide seperate {inode,file}_operations for snapdir.\n - ceph: queue cap release in __ceph_remove_cap().\n - ceph: queue vmtruncate if necessary when handing cap grant/revoke.\n - ceph: ratelimit warn messages for MDS closes session.\n - ceph: re-send AIO write request when getting -EOLDSNAP error.\n - ceph: re-send flushing caps (which are revoked) in reconnect stage.\n - ceph: re-send requests when MDS enters reconnecting stage.\n - ceph: refactor readpage_nounlock() to make the logic clearer.\n - ceph: remember subtree root dirfrag's auth MDS.\n - ceph: remove exported caps when handling cap import message.\n - ceph: remove outdated frag information.\n - ceph: remove redundant code for max file size verification.\n - ceph: remove redundant declaration.\n - ceph: remove redundant memset(0).\n - ceph: remove redundant test of head-&gt;safe and silence static analysis\n warnings.\n - ceph: remove the useless judgement.\n - ceph: remove unused functions in ceph_frag.h.\n - ceph: remove unused stringification macros.\n - ceph: remove useless ACL check.\n - ceph: remove xattr when null value is given to setxattr().\n - ceph: rename snapshot support.\n - ceph: replace comma with a semicolon.\n - ceph: request xattrs if xattr_version is zero.\n - ceph: reserve caps for file layout/lock MDS requests.\n - ceph: reset r_resend_mds after receiving -ESTALE.\n - ceph: return error for traceless reply race.\n - ceph: rework dcache readdir.\n - ceph: send TID of the oldest pending caps flush to MDS.\n - ceph: send client metadata to MDS.\n - ceph: set caps count after composing cap reconnect message.\n - ceph: set i_head_snapc when getting CEPH_CAP_FILE_WR reference.\n - ceph: set mds_wanted when MDS reply changes a cap to auth cap.\n - ceph: show nocephx_require_signatures and notcp_nodelay options.\n - ceph: show non-default options only.\n - ceph: simplify ceph_fh_to_dentry().\n - ceph: simplify two mount_timeout sites.\n - ceph: skip invalid dentry during dcache readdir.\n - ceph: support inline data feature.\n - ceph: switch some GFP_NOFS memory allocation to GFP_KERNEL.\n - ceph: sync read inline data.\n - ceph: take snap_rwsem when accessing snap realm's cached_context.\n - ceph: tolerate bad i_size for symlink inode (bsc#985232).\n - ceph: track pending caps flushing accurately.\n - ceph: track pending caps flushing globally.\n - ceph: trim unused inodes before reconnecting to recovering MDS.\n - ceph: trivial comment fix.\n - ceph: update i_max_size even if inode version does not change.\n - ceph: update inode fields according to issued caps.\n - ceph: use %zu for len in ceph_fill_inline_data().\n - ceph: use ceph_seq_cmp() to compare migrate_seq.\n - ceph: use empty snap context for uninline_data and get_pool_perm.\n - ceph: use fl-&gt;fl_file as owner identifier of flock and posix lock.\n - ceph: use fl-&gt;fl_type to decide flock operation.\n - ceph: use fpos_cmp() to compare dentry positions.\n - ceph: use getattr request to fetch inline data.\n - ceph: use i_size_{read,write} to get/set i_size.\n - ceph: use msecs_to_jiffies for time conversion.\n - ceph: use pagelist to present MDS request data.\n - ceph: use truncate_pagecache() instead of truncate_inode_pages().\n - ceph_sync_{,direct_}write: fix an oops on ceph_osdc_new_request()\n failure.\n - client: include kernel version in client metadata.\n - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857,\n bsc#974646).\n - crush: add chooseleaf_stable tunable.\n - crush: decode and initialize chooseleaf_stable.\n - crush: ensure bucket id is valid before indexing buckets array.\n - crush: ensure take bucket value is valid.\n - crush: fix crash from invalid 'take' argument.\n - crush: sync up with userspace.\n - crypto: testmgr - allow rfc3686 aes-ctr variants in fips mode\n (bsc#958390).\n - crypto: testmgr - mark authenticated ctr(aes) also as FIPS able\n (bsc#958390).\n - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904).\n - drm/mgag200: Add support for a new rev of G200e (bsc#983904).\n - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904).\n - drm/mgag200: remove unused variables (bsc#983904).\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n - efifb: Add support for 64-bit frame buffer addresses (bsc#973499).\n - efifb: Fix 16 color palette entry calculation (bsc#983318).\n - efifb: Fix KABI of screen_info struct (bsc#973499).\n - ehci-pci: enable interrupt on BayTrail (bnc#947337).\n - enic: set netdev-&gt;vlan_features (bsc#966245).\n - fs/ceph/debugfs.c: replace seq_printf by seq_puts.\n - fs/ceph: replace pr_warning by pr_warn.\n - hid-elo: kill not flush the work (bnc#982354).\n - hv: util: Pass the channel information during the init call (bnc#978527).\n - hv: utils: Invoke the poll function after handshake (bnc#978527).\n - hv: vmbus: Fix signaling logic in hv_need_to_signal_on_read().\n - iommu/vt-d: Enable QI on all IOMMUs before setting root entry\n (bsc#975772).\n - ipvs: count pre-established TCP states as active (bsc#970114).\n - kabi/severities: Added raw3270_* PASS to allow IBM LTC changes\n (bnc#979922, LTC#141736).\n - kabi/severities: Allow changes in zpci_* symbols (bsc#974692)\n - kabi/severities: Whitelist libceph and rbd (bsc#964727).\n - kabi/severities: Whitelist libceph and rbd.\n - kabi: prevent spurious modversion changes after bsc#982544 fix\n (bsc#982544).\n - kabi: protect struct fc_rport_priv (bsc#953233, bsc#962846).\n - kgraft/gfs2: Do not block livepatching in the log daemon for too long.\n - kgraft/xen: Do not block livepatching in the XEN blkif kthread.\n - libceph: Avoid holding the zero page on ceph_msgr_slab_init errors.\n - libceph: Fix ceph_tcp_sendpage()'s more boolean usage.\n - libceph: MOSDOpReply v7 encoding.\n - libceph: Remove spurious kunmap() of the zero page.\n - libceph: a couple tweaks for wait loops.\n - libceph: add nocephx_sign_messages option.\n - libceph: advertise support for TUNABLES5.\n - libceph: advertise support for keepalive2.\n - libceph: allow setting osd_req_op's flags.\n - libceph: check data_len in -&gt;alloc_msg().\n - libceph: clear messenger auth_retry flag if we fault.\n - libceph: clear msg-&gt;con in ceph_msg_release() only.\n - libceph: do not access invalid memory in keepalive2 path.\n - libceph: do not spam dmesg with stray reply warnings.\n - libceph: drop authorizer check from cephx msg signing routines.\n - libceph: evaluate osd_req_op_data() arguments only once.\n - libceph: fix authorizer invalidation, take 2.\n - libceph: fix ceph_msg_revoke().\n - libceph: fix wrong name &quot;Ceph filesystem for Linux&quot;.\n - libceph: handle writefull for OSD op extent init (bsc#980706).\n - libceph: introduce ceph_x_authorizer_cleanup().\n - libceph: invalidate AUTH in addition to a service ticket.\n - libceph: kill off ceph_x_ticket_handler::validity.\n - libceph: move ceph_file_layout helpers to ceph_fs.h.\n - libceph: msg signing callouts do not need con argument.\n - libceph: nuke time_sub().\n - libceph: properly release STAT request's raw_data_in.\n - libceph: remove con argument in handle_reply().\n - libceph: remove outdated comment.\n - libceph: remove the unused macro AES_KEY_SIZE.\n - libceph: rename con_work() to ceph_con_workfn().\n - libceph: set 'exists' flag for newly up osd.\n - libceph: stop duplicating client fields in messenger.\n - libceph: store timeouts in jiffies, verify user input.\n - libceph: treat sockaddr_storage with uninitialized family as blank.\n - libceph: use keepalive2 to verify the mon session is alive.\n - libceph: use list_for_each_entry_safe.\n - libceph: use list_next_entry instead of list_entry_next.\n - libceph: use local variable cursor instead of msg-&gt;cursor.\n - libceph: use the right footer size when skipping a message.\n - libfc: replace 'rp_mutex' with 'rp_lock' (bsc#953233, bsc#962846).\n - md/raid56: Do not perform reads to support writes until stripe is ready.\n - md/raid5: Ensure a batch member is not handled prematurely (bsc#953048).\n - md/raid5: For stripe with R5_ReadNoMerge, we replace REQ_FLUSH with\n REQ_NOMERGE.\n - md/raid5: add handle_flags arg to break_stripe_batch_list (bsc#953048).\n - md/raid5: allow the stripe_cache to grow and shrink (bsc#953048).\n - md/raid5: always set conf-&gt;prev_chunk_sectors and -&gt;prev_algo\n (bsc#953048).\n - md/raid5: avoid races when changing cache size (bsc#953048).\n - md/raid5: avoid reading parity blocks for full-stripe write to degraded\n array (bsc#953048).\n - md/raid5: be more selective about distributing flags across batch\n (bsc#953048).\n - md/raid5: break stripe-batches when the array has failed (bsc#953048).\n - md/raid5: call break_stripe_batch_list from handle_stripe_clean_event\n (bsc#953048).\n - md/raid5: change -&gt;&gt;inactive_blocked to a bit-flag (bsc#953048).\n - md/raid5: clear R5_NeedReplace when no longer needed (bsc#953048).\n - md/raid5: close race between STRIPE_BIT_DELAY and batching (bsc#953048).\n - md/raid5: close recently introduced race in stripe_head management.\n - md/raid5: consider updating reshape_position at start of reshape\n (bsc#953048).\n - md/raid5: deadlock between retry_aligned_read with barrier io\n (bsc#953048).\n - md/raid5: do not do chunk aligned read on degraded array (bsc#953048).\n - md/raid5: do not index beyond end of array in need_this_block()\n (bsc#953048).\n - md/raid5: do not let shrink_slab shrink too far (bsc#953048).\n - md/raid5: duplicate some more handle_stripe_clean_event code in\n break_stripe_batch_list (bsc#953048).\n - md/raid5: ensure device failure recorded before write request returns\n (bsc#953048).\n - md/raid5: ensure whole batch is delayed for all required bitmap updates\n (bsc#953048).\n - md/raid5: fix allocation of 'scribble' array (bsc#953048).\n - md/raid5: fix another livelock caused by non-aligned writes (bsc#953048).\n - md/raid5: fix handling of degraded stripes in batches (bsc#953048).\n - md/raid5: fix init_stripe() inconsistencies (bsc#953048).\n - md/raid5: fix locking in handle_stripe_clean_event() (bsc#953048).\n - md/raid5: fix newly-broken locking in get_active_stripe.\n - md/raid5: handle possible race as reshape completes (bsc#953048).\n - md/raid5: ignore released_stripes check (bsc#953048).\n - md/raid5: more incorrect BUG_ON in handle_stripe_fill (bsc#953048).\n - md/raid5: move max_nr_stripes management into grow_one_stripe and\n drop_one_stripe (bsc#953048).\n - md/raid5: need_this_block: start simplifying the last two conditions\n (bsc#953048).\n - md/raid5: need_this_block: tidy/fix last condition (bsc#953048).\n - md/raid5: new alloc_stripe() to allocate an initialize a stripe\n (bsc#953048).\n - md/raid5: pass gfp_t arg to grow_one_stripe() (bsc#953048).\n - md/raid5: per hash value and exclusive wait_for_stripe (bsc#953048).\n - md/raid5: preserve STRIPE_PREREAD_ACTIVE in break_stripe_batch_list.\n - md/raid5: remove condition test from check_break_stripe_batch_list\n (bsc#953048).\n - md/raid5: remove incorrect &quot;min_t()&quot; when calculating writepos\n (bsc#953048).\n - md/raid5: remove redundant check in stripe_add_to_batch_list()\n (bsc#953048).\n - md/raid5: separate large if clause out of fetch_block() (bsc#953048).\n - md/raid5: separate out the easy conditions in need_this_block\n (bsc#953048).\n - md/raid5: split wait_for_stripe and introduce wait_for_quiescent\n (bsc#953048).\n - md/raid5: strengthen check on reshape_position at run (bsc#953048).\n - md/raid5: switch to use conf-&gt;chunk_sectors in place of\n mddev-&gt;chunk_sectors where possible (bsc#953048).\n - md/raid5: use -&gt;lock to protect accessing raid5 sysfs attributes\n (bsc#953048).\n - md/raid5: use bio_list for the list of bios to return (bsc#953048).\n - md: be careful when testing resync_max against curr_resync_completed\n (bsc#953048).\n - md: do_release_stripe(): No need to call md_wakeup_thread() twice\n (bsc#953048).\n - md: make sure MD_RECOVERY_DONE is clear before starting recovery/resync\n (bsc#953048).\n - md: remove unwanted white space from md.c (bsc#953048).\n - md: use set_bit/clear_bit instead of shift/mask for bi_flags changes\n (bsc#953048).\n - mds: check cap ID when handling cap export message.\n - mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).\n - mmc: sdhci: Allow for irq being shared (bnc#977582).\n - mpt3sas: Fix use sas_is_tlr_enabled API before enabling\n MPI2_SCSIIO_CONTROL_TLR_ON flag (bsc#967640).\n - net/qlge: Avoids recursive EEH error (bsc#954847).\n - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667).\n - net: Start with correct mac_len in skb_network_protocol (bsc#968667).\n - net: disable fragment reassembly if high_thresh is set to zero\n (bsc#970506).\n - net: fix wrong mac_len calculation for vlans (bsc#968667).\n - netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in\n br_validate_ipv6 (bsc#982544).\n - netfilter: bridge: do not leak skb in error paths (bsc#982544).\n - netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).\n - nvme: do not poll the CQ from the kthread (bsc#975788, bsc#965087).\n - nvme: fix max_segments integer truncation (bsc#676471).\n - ocfs2: do not set fs read-only if rec[0] is empty while committing\n truncate (bnc#971947).\n - ocfs2: extend enough credits for freeing one truncate record while\n replaying truncate records (bnc#971947).\n - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and\n ocfs2_update_edge_lengths() before to avoid inconsistency between inode\n and et (bnc#971947).\n - perf/rapl: Fix sysfs_show() initialization for RAPL PMU (bsc#979489).\n - perf/x86/intel: Add Intel RAPL PP1 energy counter support (bsc#979489).\n - powerpc/book3s64: Fix branching to OOL handlers in relocatable kernel\n (bsc@976821).\n - powerpc/book3s64: Remove __end_handlers marker (bsc#976821).\n - qeth: delete napi struct when removing a qeth device (bnc#988215,\n LTC#143590).\n - raid5: Retry R5_ReadNoMerge flag when hit a read error.\n - raid5: add a new flag to track if a stripe can be batched (bsc#953048).\n - raid5: add an option to avoid copy data from bio to stripe cache\n (bsc#953048).\n - raid5: avoid release list until last reference of the stripe\n (bsc#953048).\n - raid5: batch adjacent full stripe write (bsc#953048).\n - raid5: check faulty flag for array status during recovery (bsc#953048).\n - raid5: check_reshape() shouldn't call mddev_suspend (bsc#953048).\n - raid5: fix a race of stripe count check.\n - raid5: fix broken async operation chain (bsc#953048).\n - raid5: get_active_stripe avoids device_lock.\n - raid5: handle expansion/resync case with stripe batching (bsc#953048).\n - raid5: handle io error of batch list (bsc#953048).\n - raid5: make_request does less prepare wait.\n - raid5: relieve lock contention in get_active_stripe().\n - raid5: relieve lock contention in get_active_stripe().\n - raid5: revert e9e4c377e2f563 to fix a livelock (bsc#953048).\n - raid5: speedup sync_request processing (bsc#953048).\n - raid5: track overwrite disk count (bsc#953048).\n - raid5: update analysis state for failed stripe (bsc#953048).\n - raid5: use flex_array for scribble data (bsc#953048).\n - rbd: bump queue_max_segments.\n - rbd: delete an unnecessary check before rbd_dev_destroy().\n - rbd: do not free rbd_dev outside of the release callback.\n - rbd: do not put snap_context twice in rbd_queue_workfn().\n - rbd: drop null test before destroy functions.\n - rbd: handle OBJ_REQUEST_SG types for copyup (bsc#983394).\n - rbd: plug rbd_dev-&gt;header.object_prefix memory leak.\n - rbd: rbd_wq comment is obsolete.\n - rbd: remove duplicate calls to rbd_dev_mapping_clear().\n - rbd: report unsupported features to syslog (bsc#979169).\n - rbd: return -ENOMEM instead of pool id if rbd_dev_create() fails.\n - rbd: set device_type::release instead of device::release.\n - rbd: set max_sectors explicitly.\n - rbd: store rbd_options in rbd_device.\n - rbd: terminate rbd_opts_tokens with Opt_err.\n - rbd: timeout watch teardown on unmap with mount_timeout.\n - rbd: use writefull op for object size writes.\n - rpm/modprobe-xen.conf: Revert comment change to allow parallel install\n (bsc#957986). This reverts commit\n 6c6d86d3cdc26f7746fe4ba2bef8859b5aeb346c.\n - s390/3270: add missing tty_kref_put (bnc#979922, LTC#141736).\n - s390/3270: avoid endless I/O loop with disconnected 3270 terminals\n (bnc#979922, LTC#141736).\n - s390/3270: fix garbled output on 3270 tty view (bnc#979922, LTC#141736).\n - s390/3270: fix view reference counting (bnc#979922, LTC#141736).\n - s390/3270: handle reconnect of a tty with a different size (bnc#979922,\n LTC#141736).\n - s390/3270: hangup the 3270 tty after a disconnect (bnc#979922,\n LTC#141736).\n - s390/mm: fix asce_bits handling with dynamic pagetable levels\n (bnc#979922, LTC#141456).\n - s390/pci: add extra padding to function measurement block (bnc#974692,\n LTC#139445).\n - s390/pci: enforce fmb page boundary rule (bnc#974692, LTC#139445).\n - s390/pci: extract software counters from fmb (bnc#974692, LTC#139445).\n - s390/pci: remove pdev pointer from arch data (bnc#974692, LTC#139444).\n - s390/pci_dma: fix DMA table corruption with &gt; 4 TB main memory\n (bnc#974692, LTC#139401).\n - s390/pci_dma: handle dma table failures (bnc#974692, LTC#139442).\n - s390/pci_dma: improve debugging of errors during dma map (bnc#974692,\n LTC#139442).\n - s390/pci_dma: unify label of invalid translation table entries\n (bnc#974692, LTC#139442).\n - s390/spinlock: avoid yield to non existent cpu (bnc#979922, LTC#141106).\n - s390: fix test_fp_ctl inline assembly contraints (bnc#988215,\n LTC#143138).\n - sb_edac: Fix a typo and a thinko in address handling for Haswell\n (bsc#979521).\n - sb_edac: Fix support for systems with two home agents per socket\n (bsc#979521).\n - sb_edac: correctly fetch DIMM width on Ivy Bridge and Haswell\n (bsc#979521).\n - sb_edac: look harder for DDRIO on Haswell systems (bsc#979521).\n - sb_edac: support for Broadwell -EP and -EX (bsc#979521).\n - sched/cputime: Fix clock_nanosleep()/clock_gettime() inconsistency\n (bnc#988498).\n - sched/cputime: Fix cpu_timer_sample_group() double accounting\n (bnc#988498).\n - sched/x86: Fix up typo in topology detection (bsc#974165).\n - sched: Provide update_curr callbacks for stop/idle scheduling classes\n (bnc#988498).\n - scsi-bnx2fc-handle_scsi_retry_delay\n - scsi-bnx2fc-soft_lockup_when_rmmod\n - scsi: Avoid crashing if device uses DIX but adapter does not support it\n (bsc#969016).\n - sd: get disk reference in sd_check_events() (bnc#897662).\n - target/rbd: do not put snap_context twice (bsc#981143).\n - target/rbd: do not put snap_context twice (bsc#981143).\n - target/rbd: remove caw_mutex usage (bsc#981143).\n - target/rbd: remove caw_mutex usage (bsc#981143).\n - usb: quirk to stop runtime PM for Intel 7260 (bnc#984456).\n - vgaarb: Add more context to error messages (bsc#976868).\n - wait: introduce wait_event_exclusive_cmd (bsc#953048).\n - x86 EDAC, sb_edac.c: Repair damage introduced when &quot;fixing&quot; channel\n address (bsc#979521).\n - x86 EDAC, sb_edac.c: Take account of channel hashing when needed\n (bsc#979521).\n - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165).\n - x86/efi: parse_efi_setup() build fix (bsc#979485).\n - x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n - x86: standardize mmap_rnd() usage (bnc#974308).\n - xen/acpi: Disable ACPI table override when UEFI Secure Boot is enabled\n (bsc#970604).\n - xfs: fix premature enospc on inode allocation (bsc#984148).\n - xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).\n - xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).\n\n", "cvss3": {}, "published": "2016-08-02T16:09:12", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2015-8551", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-2847", "CVE-2016-4486", "CVE-2014-9904", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-5829", "CVE-2015-8539", "CVE-2016-4997", "CVE-2014-9717", "CVE-2016-4482", "CVE-2015-7833", "CVE-2016-4578", "CVE-2016-4805", "CVE-2015-8552", "CVE-2016-4470", "CVE-2016-4565", "CVE-2015-8845", "CVE-2016-3707", "CVE-2016-3672"], "modified": "2016-08-02T16:09:12", "id": "SUSE-SU-2016:1937-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00000.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:21:38", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH\n umount2 system called without verifying that the MNT_LOCKED flag is\n unset, which allowed local users to bypass intended access restrictions\n and navigate to filesystem locations beneath a mount by calling umount2\n within a user namespace (bnc#928547).\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bnc#968010).\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n did not ensure that TM suspend mode exists before proceeding with a\n tm_reclaim call, which allowed local users to cause a denial of service\n (TM Bad Thing exception and panic) via a crafted application\n (bnc#975533).\n - CVE-2016-0758: Fix ASN.1 indefinite length object parsing (bsc#979867).\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n - CVE-2016-2143: The fork implementation in the Linux kernel on s390\n platforms mishandled the case of four page-table levels, which allowed\n local users to cause a denial of service (system crash) or possibly have\n unspecified other impact via a crafted application, related to\n arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.\n (bnc#970504)\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference or double free, and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971125).\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#971124).\n - CVE-2016-2186: The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970958).\n - CVE-2016-2188: The iowarrior_probe function in\n drivers/usb/misc/iowarrior.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970956).\n - CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by inserting a USB device that\n lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#968670).\n - CVE-2016-2847: fs/pipe.c in the Linux kernel did not limit the amount of\n unread data in pipes, which allowed local users to cause a denial of\n service (memory consumption) by creating many pipes with non-default\n sizes (bnc#970948).\n - CVE-2016-3134: The netfilter subsystem in the Linux kernel did not\n validate certain offset fields, which allowed local users to gain\n privileges or cause a denial of service (heap memory corruption) via an\n IPT_SO_SET_REPLACE setsockopt call (bnc#971126).\n - CVE-2016-3136: The mct_u232_msr_to_state function in\n drivers/usb/serial/mct_u232.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted USB device without two\n interrupt-in endpoint descriptors (bnc#970955).\n - CVE-2016-3137: drivers/usb/serial/cypress_m8.c in the Linux kernel\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference and system crash) via a USB device without\n both an interrupt-in and an interrupt-out endpoint descriptor, related\n to the cypress_generic_port_probe and cypress_open functions\n (bnc#970970).\n - CVE-2016-3138: The acm_probe function in drivers/usb/class/cdc-acm.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (NULL pointer dereference and system crash) via a USB\n device without both a control and a data endpoint descriptor\n (bnc#970911).\n - CVE-2016-3139: The wacom_probe function in\n drivers/input/tablet/wacom_sys.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#970909).\n - CVE-2016-3140: The digi_port_init function in\n drivers/usb/serial/digi_acceleport.c in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted endpoints value in a\n USB device descriptor (bnc#970892).\n - CVE-2016-3156: The IPv4 implementation in the Linux kernel mishandled\n destruction of device objects, which allowed guest OS users to cause a\n denial of service (host OS networking outage) by arranging for a large\n number of IP addresses (bnc#971360).\n - CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c\n in the Linux kernel did not properly randomize the legacy base address,\n which made it easier for local users to defeat the intended restrictions\n on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism\n for a setuid or setgid program, by disabling stack-consumption resource\n limits (bnc#974308).\n - CVE-2016-3689: The ims_pcu_parse_cdc_data function in\n drivers/input/misc/ims-pcu.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (system crash) via a\n USB device without both a master and a slave interface (bnc#971628).\n - CVE-2016-3951: Double free vulnerability in drivers/net/usb/cdc_ncm.c in\n the Linux kernel allowed physically proximate attackers to cause a\n denial of service (system crash) or possibly have unspecified other\n impact by inserting a USB device with an invalid USB descriptor\n (bnc#974418).\n - CVE-2016-4482: The proc_connectinfo function in drivers/usb/core/devio.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a crafted USBDEVFS_CONNECTINFO ioctl call (bnc#978401).\n - CVE-2016-4486: The rtnl_fill_link_ifmap function in net/core/rtnetlink.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory by reading a Netlink message (bnc#978822).\n - CVE-2016-4565: The InfiniBand (aka IB) stack in the Linux kernel\n incorrectly relied on the write system call, which allowed local users\n to cause a denial of service (kernel memory write operation) or possibly\n have unspecified other impact via a uAPI interface (bnc#979548).\n - CVE-2016-4569: The snd_timer_user_params function in sound/core/timer.c\n in the Linux kernel did not initialize a certain data structure, which\n allowed local users to obtain sensitive information from kernel stack\n memory via crafted use of the ALSA timer interface (bnc#979213).\n - CVE-2016-4578: sound/core/timer.c in the Linux kernel did not initialize\n certain r1 data structures, which allowed local users to obtain\n sensitive information from kernel stack memory via crafted use of the\n ALSA timer interface, related to the (1) snd_timer_user_ccallback and\n (2) snd_timer_user_tinterrupt functions (bnc#979879).\n - CVE-2016-4805: Use-after-free vulnerability in\n drivers/net/ppp/ppp_generic.c in the Linux kernel allowed local users to\n cause a denial of service (memory corruption and system crash, or\n spinlock) or possibly have unspecified other impact by removing a\n network namespace, related to the ppp_register_net_channel and\n ppp_unregister_channel functions (bnc#980371).\n - CVE-2016-5244: Fixed an infoleak in rds_inc_info_copy (bsc#983213).\n\n The following non-security bugs were fixed:\n - ALSA: hrtimer: Handle start/stop more properly (bsc#973378).\n - ALSA: timer: Call notifier in the same spinlock (bsc#973378).\n - ALSA: timer: Protect the whole snd_timer_close() with open race\n (bsc#973378).\n - ALSA: timer: Sync timer deletion at closing the system timer\n (bsc#973378).\n - ALSA: timer: Use mod_timer() for rearming the system timer (bsc#973378).\n - Btrfs-8394-qgroup-Account-data-space-in-more-proper-timin.patch:\n (bsc#963193).\n - Btrfs: do not collect ordered extents when logging that inode exists\n (bsc#977685).\n - Btrfs: do not use src fd for printk (bsc#980348).\n - Btrfs: fix deadlock between direct IO reads and buffered writes\n (bsc#973855).\n - Btrfs: fix empty symlink after creating symlink and fsync parent dir\n (bsc#977685).\n - Btrfs: fix file loss on log replay after renaming a file and fsync\n (bsc#977685).\n - Btrfs: fix file/data loss caused by fsync after rename and new inode\n (bsc#977685).\n - Btrfs: fix for incorrect directory entries after fsync log replay\n (bsc#957805, bsc#977685).\n - Btrfs: fix loading of orphan roots leading to BUG_ON (bsc#972844).\n - Btrfs: fix race between fsync and lockless direct IO writes (bsc#977685).\n - Btrfs: fix unreplayable log after snapshot delete + parent dir fsync\n (bsc#977685).\n - Btrfs: handle non-fatal errors in btrfs_qgroup_inherit() (bsc#972951).\n - Btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value\n (bsc#969439).\n - Btrfs: qgroup: Fix qgroup accounting when creating snapshot (bsc#972933).\n - Btrfs: qgroup: return EINVAL if level of parent is not higher than\n child's (bsc#972951).\n - Btrfs: teach backref walking about backrefs with underflowed offset\n values (bsc#975371).\n - CacheFiles: Fix incorrect test for in-memory object collision\n (bsc#971049).\n - CacheFiles: Handle object being killed before being set up (bsc#971049).\n - Ceph: Remove racey watch/notify event infrastructure (bsc#964727)\n - Driver: Vmxnet3: set CHECKSUM_UNNECESSARY for IPv6 packets (bsc#976739).\n - FS-Cache: Add missing initialization of ret in cachefiles_write_page()\n (bsc#971049).\n - FS-Cache: Count culled objects and objects rejected due to lack of space\n (bsc#971049).\n - FS-Cache: Fix cancellation of in-progress operation (bsc#971049).\n - FS-Cache: Handle a new operation submitted against a killed object\n (bsc#971049).\n - FS-Cache: Move fscache_report_unexpected_submission() to make it more\n available (bsc#971049).\n - FS-Cache: Out of line fscache_operation_init() (bsc#971049).\n - FS-Cache: Permit fscache_cancel_op() to cancel in-progress operations\n too (bsc#971049).\n - FS-Cache: Put an aborted initialised op so that it is accounted\n correctly (bsc#971049).\n - FS-Cache: Reduce cookie ref count if submit fails (bsc#971049).\n - FS-Cache: Synchronise object death state change vs operation submission\n (bsc#971049).\n - FS-Cache: The operation cancellation method needs calling in more places\n (bsc#971049).\n - FS-Cache: Timeout for releasepage() (bsc#971049).\n - FS-Cache: When submitting an op, cancel it if the target object is dying\n (bsc#971049).\n - FS-Cache: fscache_object_is_dead() has wrong logic, kill it (bsc#971049).\n - Fix cifs_uniqueid_to_ino_t() function for s390x (bsc#944309)\n - Fix kabi issue (bsc#971049).\n - Fix kmalloc overflow in LPFC driver at large core count (bsc#969690).\n - Fix problem with setting ACL on directories (bsc#967251).\n - Input: i8042 - lower log level for &quot;no controller&quot; message (bsc#945345).\n - KVM: SVM: add rdmsr support for AMD event registers (bsc#968448).\n - MM: increase safety margin provided by PF_LESS_THROTTLE (bsc#956491).\n - NFSv4.1: do not use machine credentials for CLOSE when using &quot;sec=sys&quot;\n (bsc#972003).\n - PCI/AER: Fix aer_inject error codes (bsc#931448).\n - PCI/AER: Log actual error causes in aer_inject (bsc#931448).\n - PCI/AER: Log aer_inject error injections (bsc#931448).\n - PCI/AER: Use dev_warn() in aer_inject (bsc#931448).\n - Revert &quot;libata: Align ata_device's id on a cacheline&quot;.\n - Revert &quot;net/ipv6: add sysctl option accept_ra_min_hop_limit&quot;.\n - USB: quirk to stop runtime PM for Intel 7260 (bnc#984456).\n - USB: usbip: fix potential out-of-bounds write (bnc#975945).\n - USB: xhci: Add broken streams quirk for Frescologic device id 1009\n (bnc#982698).\n - Update\n patches.drivers/0001-nvme-fix-max_segments-integer-truncation.patch\n (bsc#979419). Fix reference.\n - Update\n patches.drivers/drm-ast-Initialize-data-needed-to-map-fbdev-memory.patch\n (bnc#880007). Fix refs and upstream status.\n - Update patches.kernel.org/patch-3.12.55-56 references (add bsc#973570).\n - Update patches.suse/kgr-0102-add-TAINT_KGRAFT.patch (bsc#974406).\n - acpi: Disable ACPI table override when UEFI Secure Boot is enabled\n (bsc#970604).\n - acpi: Disable APEI error injection if securelevel is set (bsc#972891).\n - cachefiles: perform test on s_blocksize when opening cache file\n (bsc#971049).\n - cpuset: Fix potential deadlock w/ set_mems_allowed (bsc#960857,\n bsc#974646).\n - dmapi: fix dm_open_by_handle_rvp taking an extra ref to mnt (bsc#967292).\n - drm/core: Preserve the framebuffer after removing it (bsc#968812).\n - drm/mgag200: Add support for a new G200eW3 chipset (bsc#983904).\n - drm/mgag200: Add support for a new rev of G200e (bsc#983904).\n - drm/mgag200: Black screen fix for G200e rev 4 (bsc#983904).\n - drm/mgag200: remove unused variables (bsc#983904).\n - drm/radeon: fix-up some float to fixed conversion thinkos (bsc#968813).\n - drm/radeon: use HDP_MEM_COHERENCY_FLUSH_CNTL for sdma as well\n (bsc#968813).\n - drm: qxl: Workaround for buggy user-space (bsc#981344).\n - efifb: Fix 16 color palette entry calculation (bsc#983318).\n - ehci-pci: enable interrupt on BayTrail (bnc#947337).\n - enic: set netdev-&gt;vlan_features (bsc#966245).\n - ext4: fix races between page faults and hole punching (bsc#972174).\n - ext4: fix races of writeback with punch hole and zero range (bsc#972174).\n - fix: print ext4 mountopt data_err=abort correctly (bsc#969735).\n - fs, seq_file: fallback to vmalloc instead of oom kill processes\n (bnc#968687).\n - fs, seqfile: always allow oom killer (bnc#968687).\n - fs/pipe.c: skip file_update_time on frozen fs (bsc#975488).\n - hid-elo: kill not flush the work (bnc#982354).\n - ibmvscsi: Remove unsupported host config MAD (bsc#973556).\n - ipv6: make fib6 serial number per namespace (bsc#965319).\n - ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs\n (bsc#956852).\n - ipv6: per netns FIB garbage collection (bsc#965319).\n - ipv6: per netns fib6 walkers (bsc#965319).\n - ipv6: replace global gc_args with local variable (bsc#965319).\n - ipvs: count pre-established TCP states as active (bsc#970114).\n - kABI: kgr: fix subtle race with kgr_module_init(), going notifier and\n kgr_modify_kernel().\n - kABI: protect enum enclosure_component_type.\n - kABI: protect function file_open_root.\n - kABI: protect include in evm.\n - kABI: protect struct dm_exception_store_type.\n - kABI: protect struct fib_nh_exception.\n - kABI: protect struct module.\n - kABI: protect struct rq.\n - kABI: protect struct sched_class.\n - kABI: protect struct scm_creds.\n - kABI: protect struct user_struct.\n - kABI: protect struct user_struct.\n - kabi fix for patches.fixes/reduce-m_start-cost (bsc#966573).\n - kabi/severities: Whitelist libceph and rbd (bsc#964727).\n - kabi: kgr, add reserved fields\n - kabi: protect struct fc_rport_priv (bsc#953233, bsc#962846).\n - kabi: protect struct netns_ipv6 after FIB6 GC series (bsc#965319).\n - kgr: add TAINT_KGRAFT\n - kgr: add kgraft annotation to hwrng kthread.\n - kgr: add kgraft annotations to kthreads' wait_event_freezable() API\n calls.\n - kgr: add objname to kgr_patch_fun struct.\n - kgr: add sympos and objname to error and debug messages.\n - kgr: add sympos as disambiguator field to kgr_patch_fun structure.\n - kgr: add sympos to sysfs.\n - kgr: call kgr_init_ftrace_ops() only for loaded objects.\n - kgr: change to kallsyms_on_each_symbol iterator.\n - kgr: define pr_fmt and modify all pr_* messages.\n - kgr: do not print error for !abort_if_missing symbols (bnc#943989).\n - kgr: do not return and print an error only if the object is not loaded.\n - kgr: do not use WQ_MEM_RECLAIM workqueue (bnc#963572).\n - kgr: fix an asymmetric dealing with delayed module loading.\n - kgr: fix redirection on s390x arch (bsc#903279).\n - kgr: fix subtle race with kgr_module_init(), going notifier and\n kgr_modify_kernel().\n - kgr: handle btrfs kthreads (bnc#889207).\n - kgr: kmemleak, really mark the kthread safe after an interrupt.\n - kgr: log when modifying kernel.\n - kgr: mark some more missed kthreads (bnc#962336).\n - kgr: remove abort_if_missing flag.\n - kgr: usb/storage: do not emit thread awakened (bnc#899908).\n - kgraft/gfs2: Do not block livepatching in the log daemon for too long.\n - kgraft/xen: Do not block livepatching in the XEN blkif kthread.\n - libfc: replace 'rp_mutex' with 'rp_lock' (bsc#953233, bsc#962846).\n - memcg: do not hang on OOM when killed by userspace OOM access to memory\n reserves (bnc#969571).\n - mld, igmp: Fix reserved tailroom calculation (bsc#956852).\n - mmc: Allow forward compatibility for eMMC (bnc#966054).\n - mmc: sdhci: Allow for irq being shared (bnc#977582).\n - net/qlge: Avoids recursive EEH error (bsc#954847).\n - net: Account for all vlan headers in skb_mac_gso_segment (bsc#968667).\n - net: Start with correct mac_len in skb_network_protocol (bsc#968667).\n - net: disable fragment reassembly if high_thresh is set to zero\n (bsc#970506).\n - net: fix wrong mac_len calculation for vlans (bsc#968667).\n - net: irda: Fix use-after-free in irtty_open() (bnc#967903).\n - nfs4: treat lock owners as opaque values (bnc#968141).\n - nfs: fix high load average due to callback thread sleeping (bsc#971170).\n - nfsd: fix nfsd_setattr return code for HSM (bsc#969992).\n - nvme: fix max_segments integer truncation (bsc#676471).\n - ocfs2: do not set fs read-only if rec[0] is empty while committing\n truncate (bnc#971947).\n - ocfs2: extend enough credits for freeing one truncate record while\n replaying truncate records (bnc#971947).\n - ocfs2: extend transaction for ocfs2_remove_rightmost_path() and\n ocfs2_update_edge_lengths() before to avoid inconsistency between inode\n and et (bnc#971947).\n - perf, nmi: Fix unknown NMI warning (bsc#968512).\n - pipe: limit the per-user amount of pages allocated in pipes (bsc#970948).\n - rbd: do not log miscompare as an error (bsc#970062).\n - rbd: handle OBJ_REQUEST_SG types for copyup (bsc#983394).\n - rbd: report unsupported features to syslog (bsc#979169).\n - rbd: use GFP_NOIO consistently for request allocations (bsc#971159).\n - reduce m_start() cost.. (bsc#966573).\n - rpm/modprobe-xen.conf: Revert comment change to allow parallel install\n (bsc#957986). This reverts commit\n 6c6d86d3cdc26f7746fe4ba2bef8859b5aeb346c.\n - s390/pageattr: do a single TLB flush for change_page_attr (bsc#940413).\n - sched/x86: Fix up typo in topology detection (bsc#974165).\n - scsi: proper state checking and module refcount handling in\n scsi_device_get (boo#966831).\n - series.conf: move netfilter section at the end of core networking\n - supported.conf: Add bridge.ko for OpenStack (bsc#971600)\n - supported.conf: Add isofs to -base (bsc#969655).\n - supported.conf:Add drivers/infiniband/hw/ocrdma/ocrdma.ko to\n supported.conf (bsc#964461)\n - target/rbd: do not put snap_context twice (bsc#981143).\n - target/rbd: remove caw_mutex usage (bsc#981143).\n - target: Drop incorrect ABORT_TASK put for completed commands\n (bsc#962872).\n - target: Fix LUN_RESET active I/O handling for ACK_KREF (bsc#962872).\n - target: Fix LUN_RESET active TMR descriptor handling (bsc#962872).\n - target: Fix TAS handling for multi-session se_node_acls (bsc#962872).\n - target: Fix race with SCF_SEND_DELAYED_TAS handling (bsc#962872).\n - target: Fix remote-port TMR ABORT + se_cmd fabric stop (bsc#962872).\n - vgaarb: Add more context to error messages (bsc#976868).\n - x86, sched: Add new topology for multi-NUMA-node CPUs (bsc#974165).\n - x86/efi: parse_efi_setup() build fix (bsc#979485).\n - x86: standardize mmap_rnd() usage (bnc#974308).\n - xen/acpi: Disable ACPI table override when UEFI Secure Boot is enabled\n (bsc#970604).\n - xfs/dmapi: drop lock over synchronous XFS_SEND_DATA events (bsc#969993).\n - xfs/dmapi: propertly send postcreate event (bsc#967299).\n\n", "cvss3": {}, "published": "2016-06-27T19:07:57", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-2782", "CVE-2016-5244", "CVE-2016-2053", "CVE-2016-3689", "CVE-2016-2847", "CVE-2016-3139", "CVE-2016-4486", "CVE-2016-2186", "CVE-2016-3156", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-2184", "CVE-2016-3951", "CVE-2016-3137", "CVE-2014-9717", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2143", "CVE-2016-4578", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-4805", "CVE-2016-4565", "CVE-2015-8845", "CVE-2016-3672", "CVE-2016-3134", "CVE-2016-2188"], "modified": "2016-06-27T19:07:57", "id": "SUSE-SU-2016:1690-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00054.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2020-02-05T16:38:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1478)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7472", "CVE-2016-5828", "CVE-2017-7645", "CVE-2017-5967", "CVE-2013-4270", "CVE-2017-16537", "CVE-2016-2544", "CVE-2015-0570", "CVE-2016-4558", "CVE-2017-10911", "CVE-2017-16647", "CVE-2015-5697", "CVE-2017-16643", "CVE-2017-2647", "CVE-2018-12233", "CVE-2014-5207", "CVE-2016-6130", "CVE-2015-8845", "CVE-2013-4299", "CVE-2018-15572"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191478", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1478\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-4270\", \"CVE-2013-4299\", \"CVE-2014-5207\", \"CVE-2015-0570\", \"CVE-2015-5697\", \"CVE-2015-8845\", \"CVE-2016-2544\", \"CVE-2016-4558\", \"CVE-2016-5828\", \"CVE-2016-6130\", \"CVE-2017-10911\", \"CVE-2017-16537\", \"CVE-2017-16643\", \"CVE-2017-16647\", \"CVE-2017-2647\", \"CVE-2017-5967\", \"CVE-2017-7472\", \"CVE-2017-7645\", \"CVE-2018-12233\", \"CVE-2018-15572\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:51:12 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1478)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1478\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1478\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1478 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.(CVE-2018-12233)\n\nThe spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduct userspace-userspace spectreRSB attacks.(CVE-2018-15572)\n\nRace condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a denial of service (use-after-free and system crash) by making an ioctl call at a certain time.(CVE-2016-2544)\n\nA flaw was found in the Linux kernel's implementation of BPF in which systems can application can overflow a 32 bit refcount in both program and map refcount. This refcount can wrap and end up a user after free.(CVE-2016-4558)\n\nInterpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device.(CVE-2013-4299)\n\nThe imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16537)\n\nA vulnerability in the handling of Transactional Memory on powerpc systems was found. An unprivileged local user can crash the kernel by starting a transaction, suspending it, and then calling any of the exec() class system calls.(CVE-2016-5828)\n\nA cross-boundary flaw was discovered in the Linux kernel software raid driver. The driver accessed a disabled bitmap where only the first byte of the buffer was initialized to zero. This meant that the rest of the request (up to 4095 bytes) was left and copied into user space. An attacker could use this flaw to read private information from user space that would not otherwise have been accessible.(CVE-2015-5697)\n\nThe parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643)\n\nRace condition in the ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:57:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-08-30T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2184-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-5244", "CVE-2015-8551", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-4486", "CVE-2014-9904", "CVE-2016-1583", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-5829", "CVE-2016-4997", "CVE-2016-4482", "CVE-2015-7833", "CVE-2016-4578", "CVE-2016-4805", "CVE-2015-8552", "CVE-2016-4470", "CVE-2016-4565", "CVE-2015-8845", "CVE-2016-3672", "CVE-2016-4998"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851388", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851388", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851388\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-08-30 05:44:46 +0200 (Tue, 30 Aug 2016)\");\n script_cve_id(\"CVE-2014-9904\", \"CVE-2015-7833\", \"CVE-2015-8551\", \"CVE-2015-8552\",\n \"CVE-2015-8845\", \"CVE-2016-0758\", \"CVE-2016-1583\", \"CVE-2016-2053\",\n \"CVE-2016-3672\", \"CVE-2016-4470\", \"CVE-2016-4482\", \"CVE-2016-4486\",\n \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4805\",\n \"CVE-2016-4997\", \"CVE-2016-4998\", \"CVE-2016-5244\", \"CVE-2016-5828\",\n \"CVE-2016-5829\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:2184-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 13.1 kernel was updated to 3.12.62 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2014-9904: The snd_compress_check_input function in\n sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel\n did not properly check for an integer overflow, which allowed local\n users to cause a denial of service (insufficient memory allocation) or\n possibly have unspecified other impact via a crafted\n SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).\n\n - CVE-2015-7833: The usbvision driver in the Linux kernel allowed\n physically proximate attackers to cause a denial of service (panic) via\n a nonzero bInterfaceNumber value in a USB device descriptor (bnc#950998).\n\n - CVE-2015-8551: The PCI backend driver in Xen, when running on an x86\n system and using Linux 3.1.x through 4.3.x as the driver domain, allowed\n local guest administrators to hit BUG conditions and cause a denial of\n service (NULL pointer dereference and host OS crash) by leveraging a\n system with access to a passed-through MSI or MSI-X capable physical PCI\n device and a crafted sequence of XEN_PCI_OP_* operations, aka 'Linux\n pciback missing sanity checks (bnc#957990).\n\n - CVE-2015-8552: The PCI backend driver in Xen, when running on an x86\n system and using Linux 3.1.x through 4.3.x as the driver domain, allowed\n local guest administrators to generate a continuous stream of WARN\n messages and cause a denial of service (disk consumption) by leveraging\n a system with access to a passed-through MSI or MSI-X capable physical\n PCI device and XEN_PCI_OP_enable_msi operations, aka 'Linux pciback\n missing sanity checks (bnc#957990).\n\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n did not ensure that TM suspend mode exists before proceeding with a\n tm_reclaim call, which allowed local users to cause a denial of service\n (TM Bad Thing exception and panic) via a crafted application (bnc#975531\n bsc#975533).\n\n - CVE-2016-0758: Integer overflow in lib/asn1_decoder.c in the Linux\n kernel allowed local users to gain privileges via crafted ASN.1 data\n (bnc#979867).\n\n - CVE-2016-1583: The ecryptfs_privileged_open function in\n fs/ecryptfs/kthread.c in the Linux kernel allowed local users to gain\n privileges or cause a denial of service (stack memory consumption) via\n vectors involving crafted mmap calls for /proc pathnames, leading to\n recursive pagefault handling. (bsc#983143)\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attac ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:2184-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.2~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget\", rpm:\"iscsitarget~1.4.20.3~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debuginfo\", rpm:\"iscsitarget-debuginfo~1.4.20.3~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debugsource\", rpm:\"iscsitarget-debugsource~1.4.20.3~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default\", rpm:\"iscsitarget-kmp-default~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default-debuginfo\", rpm:\"iscsitarget-kmp-default-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop\", rpm:\"iscsitarget-kmp-desktop~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop-debuginfo\", rpm:\"iscsitarget-kmp-desktop-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen\", rpm:\"iscsitarget-kmp-xen~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen-debuginfo\", rpm:\"iscsitarget-kmp-xen-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.21.1~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper\", rpm:\"ndiswrapper~1.58~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debuginfo\", rpm:\"ndiswrapper-debuginfo~1.58~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debugsource\", rpm:\"ndiswrapper-debugsource~1.58~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default\", rpm:\"ndiswrapper-kmp-default~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default-debuginfo\", rpm:\"ndiswrapper-kmp-default-debuginfo~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop\", rpm:\"ndiswrapper-kmp-desktop~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop-debuginfo\", rpm:\"ndiswrapper-kmp-desktop-debuginfo~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch\", rpm:\"openvswitch~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-controller\", rpm:\"openvswitch-controller~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-controller-debuginfo\", rpm:\"openvswitch-controller-debuginfo~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-debuginfo\", rpm:\"openvswitch-debuginfo~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-debugsource\", rpm:\"openvswitch-debugsource~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-default\", rpm:\"openvswitch-kmp-default~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-default-debuginfo\", rpm:\"openvswitch-kmp-default-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-desktop\", rpm:\"openvswitch-kmp-desktop~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-desktop-debuginfo\", rpm:\"openvswitch-kmp-desktop-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-xen\", rpm:\"openvswitch-kmp-xen~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-xen-debuginfo\", rpm:\"openvswitch-kmp-xen-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-pki\", rpm:\"openvswitch-pki~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-switch\", rpm:\"openvswitch-switch~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-switch-debuginfo\", rpm:\"openvswitch-switch-debuginfo~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-test\", rpm:\"openvswitch-test~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-openvswitch\", rpm:\"python-openvswitch~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-openvswitch-test\", rpm:\"python-openvswitch-test~1.11.0~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20130607~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-\", rpm:\"vhba-kmp-default~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo-\", rpm:\"vhba-kmp-default-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-\", rpm:\"vhba-kmp-desktop~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-debuginfo-\", rpm:\"vhba-kmp-desktop-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-\", rpm:\"vhba-kmp-xen~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo-\", rpm:\"vhba-kmp-xen-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.3~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.3~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.3~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.12.62~52.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~4.2.36~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools\", rpm:\"xen-xend-tools~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools-debuginfo\", rpm:\"xen-xend-tools-debuginfo~4.3.4_10~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.12.62_52~11.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.2_k3.12.62_52~2.32.7\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.12.62_52~16.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.21.1_k3.12.62_52~2.36.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae\", rpm:\"iscsitarget-kmp-pae~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae-debuginfo\", rpm:\"iscsitarget-kmp-pae-debuginfo~1.4.20.3_k3.12.62_52~13.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae\", rpm:\"ndiswrapper-kmp-pae~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae-debuginfo\", rpm:\"ndiswrapper-kmp-pae-debuginfo~1.58_k3.12.62_52~33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-pae\", rpm:\"openvswitch-kmp-pae~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"openvswitch-kmp-pae-debuginfo\", rpm:\"openvswitch-kmp-pae-debuginfo~1.11.0_k3.12.62_52~0.39.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.12.62_52~258.33.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-\", rpm:\"vhba-kmp-pae~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo-\", rpm:\"vhba-kmp-pae-debuginfo~20130607_k3.12.62_52~2.32.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~4.2.36_k3.12.62_52~2.64.4\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae-debuginfo\", rpm:\"xen-kmp-pae-debuginfo~4.3.4_10_k3.12.62_52~65.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.3_k3.12.62_52~2.31.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.12.62~52.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:35:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-28T00:00:00", "type": "openvas", "title": "SUSE: Security Advisory for kernel (SUSE-SU-2016:1690-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2782", "CVE-2016-5244", "CVE-2016-2053", "CVE-2016-3689", "CVE-2016-2847", "CVE-2016-3139", "CVE-2016-4486", "CVE-2016-2186", "CVE-2016-3156", "CVE-2016-0758", "CVE-2016-4569", "CVE-2016-2184", "CVE-2016-3951", "CVE-2016-3137", "CVE-2014-9717", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2143", "CVE-2016-4578", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-4805", "CVE-2016-4565", "CVE-2015-8845", "CVE-2016-3672", "CVE-2016-3134", "CVE-2016-2188"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851358", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851358", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851358\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-06-28 05:27:13 +0200 (Tue, 28 Jun 2016)\");\n script_cve_id(\"CVE-2014-9717\", \"CVE-2015-8816\", \"CVE-2015-8845\", \"CVE-2016-0758\",\n \"CVE-2016-2053\", \"CVE-2016-2143\", \"CVE-2016-2184\", \"CVE-2016-2185\",\n \"CVE-2016-2186\", \"CVE-2016-2188\", \"CVE-2016-2782\", \"CVE-2016-2847\",\n \"CVE-2016-3134\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3138\",\n \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3156\", \"CVE-2016-3672\",\n \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-4482\", \"CVE-2016-4486\",\n \"CVE-2016-4565\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4805\",\n \"CVE-2016-5244\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for kernel (SUSE-SU-2016:1690-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The SUSE Linux Enterprise 12 kernel was updated to 3.12.60 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2014-9717: fs/namespace.c in the Linux kernel processes MNT_DETACH\n umount2 system called without verifying that the MNT_LOCKED flag is\n unset, which allowed local users to bypass intended access restrictions\n and navigate to filesystem locations beneath a mount by calling umount2\n within a user namespace (bnc#928547).\n\n - CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in\n the Linux kernel did not properly maintain a hub-interface data\n structure, which allowed physically proximate attackers to cause a\n denial of service (invalid memory access and system crash) or possibly\n have unspecified other impact by unplugging a USB hub device\n (bnc#968010).\n\n - CVE-2015-8845: The tm_reclaim_thread function in\n arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms\n did not ensure that TM suspend mode exists before proceeding with a\n tm_reclaim call, which allowed local users to cause a denial of service\n (TM Bad Thing exception and panic) via a crafted application\n (bnc#975533).\n\n - CVE-2016-0758: Fix ASN.1 indefinite length object parsing (bsc#979867).\n\n - CVE-2016-2053: The asn1_ber_decoder function in lib/asn1_decoder.c in\n the Linux kernel allowed attackers to cause a denial of service (panic)\n via an ASN.1 BER file that lacks a public key, leading to mishandling by\n the public_key_verify_signature function in\n crypto/asymmetric_keys/public_key.c (bnc#963762).\n\n - CVE-2016-2143: The fork implementation in the Linux kernel on s390\n platforms mishandled the case of four page-table levels, which allowed\n local users to cause a denial of service (system crash) or possibly have\n unspecified other impact via a crafted application, related to\n arch/s390/include/asm/mmu_context.h and arch/s390/include/asm/pgalloc.h.\n (bnc#970504)\n\n - CVE-2016-2184: The create_fixed_stream_quirk function in\n sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel\n allowed physically proximate attackers to cause a denial of service\n (NULL pointer dereference or double free, and system crash) via a\n crafted endpoints value in a USB device descriptor (bnc#971125).\n\n - CVE-2016-2185: The ati_remote2_probe function in\n drivers/input/misc/ati_remote2.c in the Linux kernel allowed physically\n proximate attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted endpoints value in a USB\n device descriptor (bnc#9711 ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Desktop 12\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"SUSE-SU\", value:\"2016:1690-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(SLED12\\.0SP0|SLES12\\.0SP0)\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLED12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra\", rpm:\"kernel-default-extra~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-extra-debuginfo\", rpm:\"kernel-default-extra-debuginfo~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.60~52.49.1\", rls:\"SLED12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"SLES12.0SP0\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-man\", rpm:\"kernel-default-man~3.12.60~52.49.1\", rls:\"SLES12.0SP0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:09", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-11-04T00:00:00", "type": "openvas", "title": "RedHat Update for kernel RHSA-2016:2574-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2016-4794", "CVE-2016-6480", "CVE-2016-3070", "CVE-2016-2069", "CVE-2016-4581", "CVE-2016-2053", "CVE-2016-5828", "CVE-2016-2847", "CVE-2016-3156", "CVE-2015-8746", "CVE-2016-6136", "CVE-2015-8812", "CVE-2016-4569", "CVE-2015-8543", "CVE-2015-8374", "CVE-2016-3699", "CVE-2016-5829", "CVE-2016-6198", "CVE-2015-8956", "CVE-2013-4312", "CVE-2016-4578", "CVE-2016-5412", "CVE-2016-6327", "CVE-2016-3841", "CVE-2015-8844", "CVE-2016-2117", "CVE-2015-8845"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871708", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871708", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for kernel RHSA-2016:2574-02\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871708\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-04 05:42:52 +0100 (Fri, 04 Nov 2016)\");\n script_cve_id(\"CVE-2013-4312\", \"CVE-2015-8374\", \"CVE-2015-8543\", \"CVE-2015-8746\",\n \"CVE-2015-8812\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-8956\",\n \"CVE-2016-2053\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2384\",\n \"CVE-2016-2847\", \"CVE-2016-3070\", \"CVE-2016-3156\", \"CVE-2016-3699\",\n \"CVE-2016-3841\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-4581\",\n \"CVE-2016-4794\", \"CVE-2016-5412\", \"CVE-2016-5828\", \"CVE-2016-5829\",\n \"CVE-2016-6136\", \"CVE-2016-6198\", \"CVE-2016-6327\", \"CVE-2016-6480\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2016:2574-02\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\n the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * It was found that the Linux kernel's IPv6 implementation mishandled\nsocket options. A local attacker could abuse concurrent access to the\nsocket options to escalate their privileges, or cause a denial of service\n(use-after-free and system crash) via a crafted sendmsg system call.\n(CVE-2016-3841, Important)\n\n * Several Moderate and Low impact security issues were found in the Linux\nkernel. Space precludes documenting each of these issues in this advisory.\nRefer to the CVE links in the References section for a description of each\nof these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543,\nCVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069,\nCVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412,\nCVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327,\nCVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384,\nCVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting\nCVE-2016-2053 Tetsuo Handa for reporting CVE-2016-2847 the Virtuozzo\nkernel team and Solar Designer (Openwall) for reporting CVE-2016-3156\nJustin Yackoski (Cryptonite) for reporting CVE-2016-2117 and Linn Crosetto\n(HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by\nVenkatesh Pottem (Red Hat Engineering) the CVE-2015-8844 and CVE-2015-8845\nissues were discovered by Miroslav Vadkerti (Red Hat Engineering) the\nCVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat) the\nCVE-2016-6198 issue was discovered by CAI Qian (Red Hat) and the\nCVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.3 Release Notes linked from the References section.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2574-02\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-November/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~514.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-04-07T16:53:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2599)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2384", "CVE-2017-5753", "CVE-2015-3332", "CVE-2017-18595", "CVE-2019-0136", "CVE-2019-17666", "CVE-2016-3689", "CVE-2016-3139", "CVE-2015-9289", "CVE-2017-18551", "CVE-2016-2186", "CVE-2016-2187", "CVE-2014-5206", "CVE-2016-4569", "CVE-2016-7425", "CVE-2017-1000379", "CVE-2016-2184", "CVE-2017-1000253", "CVE-2019-17075", "CVE-2015-1350", "CVE-2014-4608", "CVE-2016-6197", "CVE-2018-14617", "CVE-2016-3138", "CVE-2016-3140", "CVE-2017-18509", "CVE-2016-4578", "CVE-2014-5207", "CVE-2015-8816", "CVE-2016-2185", "CVE-2016-6130", "CVE-2015-8844", "CVE-2015-8845", "CVE-2017-13168", "CVE-2019-17133"], "modified": "2020-04-03T00:00:00", "id": "OPENVAS:1361412562311220192599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192599", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2599\");\n script_version(\"2020-04-03T10:35:51+0000\");\n script_cve_id(\"CVE-2014-4608\", \"CVE-2014-5206\", \"CVE-2014-5207\", \"CVE-2015-1350\", \"CVE-2015-3332\", \"CVE-2015-8816\", \"CVE-2015-8844\", \"CVE-2015-8845\", \"CVE-2015-9289\", \"CVE-2016-2184\", \"CVE-2016-2185\", \"CVE-2016-2186\", \"CVE-2016-2187\", \"CVE-2016-2384\", \"CVE-2016-3138\", \"CVE-2016-3139\", \"CVE-2016-3140\", \"CVE-2016-3689\", \"CVE-2016-4569\", \"CVE-2016-4578\", \"CVE-2016-6130\", \"CVE-2016-6197\", \"CVE-2016-7425\", \"CVE-2017-1000253\", \"CVE-2017-1000379\", \"CVE-2017-13168\", \"CVE-2017-18509\", \"CVE-2017-18551\", \"CVE-2017-18595\", \"CVE-2017-5753\", \"CVE-2018-14617\", \"CVE-2019-0136\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-03 10:35:51 +0000 (Fri, 03 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:08:20 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2599)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2599\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2599\");\n script_xref(name:\"URL\", value:\"https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-2599 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says 'the Linux kernel is *not* affected, media hype.'(CVE-2014-4608)\n\nA certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)\n\nAn elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.(CVE-2017-13168)\n\nAn issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)\n\nAn issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.(CVE-2017-18509)\n\nAn issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c.(CVE-2017-18595)\n\nAn issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.(CVE-2018-14617)\n\nAn issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~514.44.5.10.h234\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2023-09-10T12:39:29", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-03T06:07:15", "type": "redhat", "title": "(RHSA-2016:2584) Important: kernel-rt security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2017-13167"], "modified": "2018-04-20T08:55:08", "id": "RHSA-2016:2584", "href": "https://access.redhat.com/errata/RHSA-2016:2584", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-10T12:39:29", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-03T06:07:14", "type": "redhat", "title": "(RHSA-2016:2574) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2018-10-22T15:17:57", "id": "RHSA-2016:2574", "href": "https://access.redhat.com/errata/RHSA-2016:2574", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:50", "description": "- [3.10.0-514.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-514]\n- [mm] remove gup_flags FOLL_WRITE games from __get_user_pages() (Larry Woodman) [1385124] {CVE-2016-5195}\n[3.10.0-513]\n- [md] dm raid: fix compat_features validation (Mike Snitzer) [1383726]\n[3.10.0-512]\n- [fs] revert 'ext4: pre-zero allocated blocks for DAX IO' (Eric Sandeen) [1380571]\n- [fs] nfsd: fix corruption in notifier registration ('J. Bruce Fields') [1378363]\n- [fs] xfs: log recovery tracepoints to track current lsn and buffer submission (Brian Foster) [1362730]\n- [fs] xfs: update metadata LSN in buffers during log recovery (Brian Foster) [1362730]\n- [fs] xfs: dont warn on buffers not being recovered due to LSN (Brian Foster) [1362730]\n- [fs] xfs: pass current lsn to log recovery buffer validation (Brian Foster) [1362730]\n- [fs] xfs: rework log recovery to submit buffers on LSN boundaries (Brian Foster) [1362730]\n- [x86] perf/uncore: Disable uncore on kdump kernel (Jiri Olsa) [1379569]\n- [netdrv] mlx4_core: Fix to clean devlink resources (Kamal Heib) [1379504]\n[3.10.0-511]\n- [net] add recursion limit to GRO (Sabrina Dubroca) [1374191] {CVE-2016-7039}\n- [mm] cgroup: fix hugetlb_cgroup_read() (Jerome Marchand) [1378236]\n- [fs] nfs: change invalidatepage prototype to accept length (Benjamin Coddington) [1366131]\n- [fs] xfs: quiesce the filesystem after recovery on readonly mount (Eric Sandeen) [1375457]\n- [fs] xfs: rework buffer dispose list tracking (Brian Foster) [1349175]\n- [fs] ext4: pre-zero allocated blocks for DAX IO (Eric Sandeen) [1367989]\n- [fs] gfs2: Initialize atime of I_NEW inodes (Andreas Grunbacher) [1379447]\n- [fs] gfs2: Update file times after grabbing glock (Andreas Grunbacher) [1379447]\n- [x86] topology: Handle CPUID bogosity gracefully (Vitaly Kuznetsov) [1377988]\n- [netdrv] sfc: check async completer is !NULL before calling (Jarod Wilson) [1368201]\n- [infiniband] ib/mlx5: Fix iteration overrun in GSI qps (Don Dutile) [1376941]\n[3.10.0-510]\n- [kernel] audit: fix exe_file access in audit_exe_compare (Richard Guy Briggs) [1374478]\n- [kernel] mm: introduce get_task_exe_file (Richard Guy Briggs) [1374478]\n- [kernel] prctl: avoid using mmap_sem for exe_file serialization (Richard Guy Briggs) [1374478]\n- [kernel] mm: rcu-protected get_mm_exe_file() (Richard Guy Briggs) [1374478]\n- [dm] dm-raid: reverse validation of nosync+rebuild flags (Heinz Mauelshagen) [1371717]\n- [x86] kvm: correctly reset dest_map->vector when restoring LAPIC state (Paolo Bonzini) [1367716]\n- [s390] dasd: fix hanging device after clear subchannel (Gustavo Duarte) [1368068]\n- [netdrv] bna: fix crash in bnad_get_strings() (Ivan Vecera) [1376508]\n- [netdrv] bna: add missing per queue ethtool stat (Ivan Vecera) [1376508]\n- [powerpc] kvm: Implement kvm_arch_intc_initialized() for PPC (David Gibson) [1375778]\n- [powerpc] kvm: book3s: Dont crash if irqfd used with no in-kernel XICS emulation (David Gibson) [1375778]\n[3.10.0-509]\n- [mm] sparse: use memblock apis for early memory allocations (Koki Sanagi) [1375453]\n- [mm] memblock: add memblock memory allocation apis (Koki Sanagi) [1375453]\n- [mm] thp: harden the debug kernel with a strict check for thp_mmu_gather (Andrea Arcangeli) [1369365]\n- [mm] thp: initialize thp_mmu_gather for newly allocated migrated pages (Andrea Arcangeli) [1369365]\n- [mm] thp: put_huge_zero_page() with MMU gather #2 (Andrea Arcangeli) [1369365]\n- [fs] nfs: fix BUG() crash in notify_change() with patch to chown_common() ('J. Bruce Fields') [1342695]\n- [net] ipv6: gro: fix forwarding of tunneled packets (Jiri Benc) [1375438]\n- [net] sctp: hold the transport before using it in sctp_hash_cmp (Xin Long) [1368884]\n- [net] sctp: identify chunks that need to be fragmented at IP level (Xin Long) [1371377]\n- [scsi] be2iscsi: revert: _bh for io_sgl_lock and mgmt_sgl_lock (Maurizio Lombardi) [1374223]\n- [block] blk-mq: Allow timeouts to run while queue is freezing (Gustavo Duarte) [1372483]\n- [block] defer timeouts to a workqueue (Gustavo Duarte) [1372483]\n- [netdrv] tg3: Fix for disallow tx coalescing time to be 0 (Ivan Vecera) [1368885]\n- [netdrv] tg3: Fix for diasllow rx coalescing time to be 0 (Ivan Vecera) [1368885]\n- [infiniband] rdma/ocrdma: Support user AH creation for RoCE-v2 (Don Dutile) [1376120]\n- [infiniband] rdma/ocrdma: Support RoCE-v2 in the RC path (Don Dutile) [1376120]\n- [infiniband] rdma/ocrdma: Support RoCE-v2 in the UD path (Don Dutile) [1376120]\n- [infiniband] rdma/ocrdma: Export udp encapsulation capability (Don Dutile) [1376120]\n- [infiniband] ib/mlx5: Fix wrong naming of port_rcv_data counter (Don Dutile) [1374862]\n[3.10.0-508]\n- [drm] i915: Add GEN7_PCODE_MIN_FREQ_TABLE_GT_RATIO_OUT_OF_RANGE to SNB (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: implement missing case for SKL watermarks calculation (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: fix the watermark res_blocks value (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: fix plane_blocks_per_line on watermarks calculations (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: minimum scanlines for Y tile is not always 4 (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: fix the WaWmMemoryReadLatency implementation (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Dont try to update plane watermarks if they havent changed (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Update DDB values atomically with wms/plane attrs (Lyude Paul) [1341633 1355776]\n- [drm] i915: Move CRTC updating in atomic_commit into its own hook (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Ensure pipes with changed wms get added to the state (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Update plane watermarks atomically during plane updates (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: Only copy WM results for changed pipes to skl_hw (Lyude Paul) [1341633 1355776]\n- [drm] i915/skl: Add support for the SAGV, fix underrun hangs (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen6+: Interpret mailbox error flags (Lyude Paul) [1341633 1355776]\n- [drm] i915/gen9: Only copy WM results for changed pipes to skl_hw (Lyude Paul) [1341633 1355776]\n[3.10.0-507]\n- [netdrv] ixgbe: fix spoofed packets with macvlans (Ken Cox) [1324631]\n- [tools] perf mem: Fix -t store option for record command (Jiri Olsa) [1357531 1357543]\n- [x86] clock: Fix kvm guest tsc initialization (Prarit Bhargava) [1372759]\n- [x86] tsc: Enumerate BXT tsc_khz via CPUID (Prarit Bhargava) [1372759]\n- [drm] i915: Enable polling when we dont have hpd (Lyude Paul) [1277863]\n- [drm] i915/vlv: Disable HPD in valleyview_crt_detect_hotplug() (Lyude Paul) [1277863]\n- [drm] i915/vlv: Reset the ADPA in vlv_display_power_well_init() (Lyude Paul) [1277863]\n- [drm] i915/vlv: Make intel_crt_reset() per-encoder (Lyude Paul) [1277863]\n- [fs] Fix NULL pointer dereference in bl_free_device() (Benjamin Coddington) [1356796]\n- [fs] nfs/blocklayout: support RH/Fedora dm-mpath device nodes (Benjamin Coddington) [1356796]\n- [fs] nfs/blocklayout: refactor open-by-wwn (Benjamin Coddington) [1356796]\n- [fs] nfs/blocklayout: use proper fmode for opening block devices (Benjamin Coddington) [1356796]\n- [fs] sunrpc: fix UDP memory accounting (Paolo Abeni) [1298899]\n[3.10.0-506]\n- [kernel] timekeeping: Cap adjustments so they dont exceed the maxadj value (Marcelo Tosatti) [1246218]\n- [kernel] fork: allocate idle task for a CPU always on its local node (Oleg Nesterov) [1339635]\n- [kernel] sys: do_sysinfo() use get_monotonic_boottime() (Milos Vyletel) [1373224]\n- [fs] proc/uptime: uptime_proc_show() use get_monotonic_boottime() (Milos Vyletel) [1373224]\n- [fs] exec: de_thread: mt-exec should update ->real_start_time (Milos Vyletel) [1373224]\n- [fs] ovl: clear nlink on rmdir (Miklos Szeredi) [1373787]\n- [fs] ovl: share inode for hard link (Miklos Szeredi) [1373787]\n- [fs] ovl: use generic_delete_inode (Miklos Szeredi) [1373787]\n- [fs] ovl: handle umask and posix_acl_default correctly on creation (Miklos Szeredi) [1351863]\n- [fs] ovl: fix sgid on directory (Miklos Szeredi) [1351863]\n- [fs] ovl: copyattr after setting POSIX ACL (Miklos Szeredi) [1371638]\n- [fs] ovl: Switch to generic_removexattr (Miklos Szeredi) [1371651]\n- [fs] ovl: Get rid of ovl_xattr_noacl_handlers array (Miklos Szeredi) [1371651]\n- [fs] ext4: print ext4 mount option data_err=abort correctly (Lukas Czerner) [1342403]\n- [fs] nfs4: Avoid migration loops (Benjamin Coddington) [1355977]\n- [fs] nfs: dont create zero-length requests (Benjamin Coddington) [1324635]\n- [fs] xfs: dont assert fail on non-async buffers on ioacct decrement (Brian Foster) [1363822]\n- [fs] btrfs: set S_IOPS_WRAPPER consistently (Eric Sandeen) [1182456]\n- [fs] xfs: prevent dropping ioend completions during buftarg wait (Brian Foster) [1370177]\n- [fs] gfs2: Fix extended attribute readahead optimization (Robert S Peterson) [1256539]\n- [mm] page_alloc: dont re-init pageset in zone_pcp_update() (Yasuaki Ishimatsu) [1374114]\n- [mm] readahead: Move readahead limit outside of readahead, and advisory syscalls (Kyle Walker) [1351353]\n- [net] veth: sctp: add NETIF_F_SCTP_CRC to device features (Xin Long) [1367105]\n- [net] veth: Update features to include all tunnel GSO types (Xin Long) [1367105]\n- [tty] serial: 8250_dw: add ability to handle the peripheral clock (Prarit Bhargava) [1367476]\n- [x86] mm: Fix regression panic at boot time seen on some NUMA systems (Larry Woodman) [1372047]\n- [x86] mm: non-linear virtual memory fix for KNL4 erratum (Larry Woodman) [1372047]\n- [x86] tsc: Add rdtscll() merge helper (Mitsuhiro Tanino) [1372398]\n- [x86] kvm: Expose more Intel AVX512 feature to guest (Paolo Bonzini) [1369038]\n- [s390] pci: remove iomap sanity checks (Jason Wang) [1373503]\n- [nvme] Add device IDs with stripe quirk (David Milburn) [1371642]\n- [scsi] mpt3sas: Fix panic when aer correct error occurred (Frank Ramsay) [1374745]\n- [iommu] vt-d: Disable passthrough mode on Kexec kernel (Myron Stowe) [1367621]\n- [netdrv] ixgbe: Eliminate useless message and improve logic (Ken Cox) [1369519]\n- [netdrv] sfc: check MTU against minimum threshold (Jarod Wilson) [1363683]\n[3.10.0-505]\n- [hv] balloon: replace ha_region_mutex with spinlock (Vitaly Kuznetsov) [1361245]\n- [hv] balloon: dont wait for ol_waitevent when memhp_auto_online is enabled (Vitaly Kuznetsov) [1361245]\n- [hv] balloon: account for gaps in hot add regions (Vitaly Kuznetsov) [1361245]\n- [hv] balloon: keep track of where ha_region starts (Vitaly Kuznetsov) [1361245]\n- [mm] memory-hotplug: add hot-added memory ranges to memblock before allocate node_data for a node (Yasuaki Ishimatsu) [1365766]\n- [mm] memory-hotplug: fix wrong edge when hot add a new node (Yasuaki Ishimatsu) [1365766]\n- [rtc] rtc-rx8581: Mark tech preview (Prarit Bhargava) [1362164]\n- [rtc] rtc-rx8581.c: add SMBus-only adapters support (Prarit Bhargava) [1362164]\n- [rtc] rtc-rx8581.c: remove empty function (Prarit Bhargava) [1362164]\n- [pci] Restore original checksums of pci symbols (Stanislav Kozina) [1370477]\n- [net] reserve kABI fields in struct packet_type (Jiri Benc) [1358738]\n- [net] openvswitch: Ignore negative headroom value (Jakub Sitnicki) [1369642]\n- [scsi] qla2xxx: Update the driver version to 8.07.00.33.07.3-k1 (Chad Dupuis) [1367530]\n- [scsi] qla2xxx: Set FLOGI retry in additional firmware options for P2P (N2N) mode (Chad Dupuis) [1361279]\n- [scsi] qla2xxx: prevent board_disable from running during EEH (Chad Dupuis) [1367530]\n- [kernel] sched/fair: Fix typo in sync_throttle() (Xunlei Pang) [1341003]\n- [kernel] sched/fair: Rework throttle_count sync (Xunlei Pang) [1341003]\n- [kernel] sched/fair: Do not announce throttled next buddy in dequeue_task_fair() (Xunlei Pang) [1341003]\n- [kernel] sched/fair: Initialize throttle_count for new task-groups lazily (Xunlei Pang) [1341003]\n- [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359306] {CVE-2016-6136}\n- [powerpc] revert 'pci: Assign fixed PHB number based on device-tree properties' (Gustavo Duarte) [1360353 1373109]\n- [powerpc] revert 'pci: Fix endian bug in fixed PHB numbering' (Gustavo Duarte) [1360353 1373109]\n- [infiniband] rdma/ocrdma: Fix the max_sge reported from FW (Honggang Li) [1369540]\n[3.10.0-504]\n- [fs] dax: disable dax on ext2 and ext3 (Jeff Moyer) [1369900]\n- [fs] dax: mark tech preview (Jeff Moyer) [1369825]\n- [fs] pmem: disable dax mounting in the prsence of media errors (Jeff Moyer) [1367132]\n- [fs] xfs: Add alignment check for DAX mount (Jeff Moyer) [1367132]\n- [fs] ext4: Add alignment check for DAX mount (Jeff Moyer) [1367132]\n- [fs] block: Add bdev_dax_supported() for dax mount checks (Jeff Moyer) [1367132]\n- [fs] block: Add vfs_msg() interface (Jeff Moyer) [1367132]\n- [tools] x86/insn: remove pcommit (Jeff Moyer) [1350153]\n- [x86] revert 'kvm: x86: add pcommit support' (Jeff Moyer) [1350153]\n- [tools] pmem: kill __pmem address space (Jeff Moyer) [1350153]\n- [kernel] pmem: kill wmb_pmem() (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm, pmem: use nvdimm_flush() for namespace I/O writes (Jeff Moyer) [1350153]\n- [fs] dax: remove wmb_pmem() (Jeff Moyer) [1350153]\n- [kernel] libnvdimm, pmem: flush posted-write queues on shutdown (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm, pmem: use REQ_FUA, REQ_FLUSH for nvdimm_flush() (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm: cycle flush hints (Jeff Moyer) [1350153]\n- [kernel] libnvdimm: introduce nvdimm_flush() and nvdimm_has_flush() (Jeff Moyer) [1350153]\n- [nvdimm] libnvdimm: keep region data alive over namespace removal (Jeff Moyer) [1350153]\n- [tools] testing/nvdimm: simulate multiple flush hints per-dimm (Jeff Moyer) [1350153]\n- [kernel] libnvdimm, nfit: move flush hint mapping to region-device driver-data (Jeff Moyer) [1350153]\n- [kernel] libnvdimm, nfit: remove nfit_spa_map() infrastructure (Jeff Moyer) [1350153]\n- [kernel] libnvdimm: introduce devm_nvdimm_memremap(), convert nfit_spa_map() users (Jeff Moyer) [1350153]\n- [acpi] nfit: dont override return value of nfit_mem_init (Jeff Moyer) [1350153]\n- [acpi] nfit: always associate flush hints (Jeff Moyer) [1350153]\n- [tools] testing/nvdimm: remove __wrap_devm_memremap_pages placeholder (Jeff Moyer) [1350153]\n- [kernel] devm: add helper devm_add_action_or_reset() (Jeff Moyer) [1350153]\n[3.10.0-503]\n- [scsi] sas: remove is_sas_attached() (Ewan Milne) [1370231]\n- [scsi] ses: use scsi_is_sas_rphy instead of is_sas_attached (Ewan Milne) [1370231]\n- [scsi] sas: provide stub implementation for scsi_is_sas_rphy (Ewan Milne) [1370231]\n- [target] lio: assume a maximum of 1024 iovecs (Andy Grover) [1367597]\n- [scsi] smartpqi: bump driver version (Scott Benesh) [1370631]\n- [scsi] smartpqi: add smartpqi.txt (Scott Benesh) [1370631]\n- [scsi] smartpqi: update maintainers (Scott Benesh) [1370631]\n- [scsi] smartpqi: update Kconfig (Scott Benesh) [1370631]\n- [scsi] smartpqi: remove timeout for cache flush operations (Scott Benesh) [1370631]\n- [scsi] smartpqi: scsi queuecommand cleanup (Scott Benesh) [1370631]\n- [scsi] smartpqi: minor tweaks to update time support (Scott Benesh) [1370631]\n- [scsi] smartpqi: minor function reformating (Scott Benesh) [1370631]\n- [scsi] smartpqi: correct event acknowledgement timeout issue (Scott Benesh) [1370631]\n- [scsi] smartpqi: correct controller offline issue (Scott Benesh) [1370631]\n- [scsi] smartpqi: add kdump support (Scott Benesh) [1370631]\n- [scsi] smartpqi: enhance reset logic (Scott Benesh) [1370631]\n- [scsi] smartpqi: enhance drive offline informational message (Scott Benesh) [1370631]\n- [scsi] smartpqi: simplify spanning (Scott Benesh) [1370631]\n- [scsi] smartpqi: change tmf macro names (Scott Benesh) [1370631]\n- [scsi] smartpqi: change aio sg processing (Scott Benesh) [1370631]\n[3.10.0-502]\n- [fs] rbd: add force close option (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'config_info' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'snap_id' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'cluster_fsid' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: add 'client_addr' sysfs rbd device attribute (Ilya Dryomov) [1196119]\n- [fs] rbd: print capacity in decimal and features in hex (Ilya Dryomov) [1196119]\n- [fs] rbd: support for exclusive-lock feature (Ilya Dryomov) [1196119]\n- [fs] rbd: retry watch re-registration periodically (Ilya Dryomov) [1196119]\n- [fs] rbd: introduce a per-device ordered workqueue (Ilya Dryomov) [1196119]\n- [fs] libceph: rename ceph_client_id() -> ceph_client_gid() (Ilya Dryomov) [1196119]\n- [fs] libceph: support for blacklisting clients (Ilya Dryomov) [1196119]\n- [fs] libceph: support for lock.lock_info (Ilya Dryomov) [1196119]\n- [fs] libceph: support for advisory locking on RADOS objects (Ilya Dryomov) [1196119]\n- [fs] libceph: add ceph_osdc_call() single-page helper (Ilya Dryomov) [1196119]\n- [fs] libceph: support for CEPH_OSD_OP_LIST_WATCHERS (Ilya Dryomov) [1196119]\n- [fs] libceph: rename ceph_entity_name_encode() -> ceph_auth_entity_name_encode() (Ilya Dryomov) [1196119]\n- [fs] libceph: make cancel_generic_request() static (Ilya Dryomov) [1196119]\n- [fs] libceph: fix return value check in alloc_msg_with_page_vector() (Ilya Dryomov) [1196119]\n- [fs] ceph: fix symbol versioning for ceph_monc_do_statfs (Ilya Dryomov) [1196119]\n- [fs] libceph: add start en/decoding block helpers (Ilya Dryomov) [1196119]\n- [fs] libceph: add an ONSTACK initializer for oids (Ilya Dryomov) [1196119]\n- [fs] libceph: fix some missing includes (Ilya Dryomov) [1196119]\n- [mm] swap: flush lru pvecs on compound page arrival (Jerome Marchand) [1341766 1343920]\n- [md] raid1/raid10: slow down resync if there is non-resync activity pending (Jes Sorensen) [1371545]\n- [x86] hibernate: Use hlt_play_dead() when resuming from hibernation (Lenny Szubowicz) [1229590]\n- [x86] Mark Intel Purley 2 socket processor as supported (Steve Best) [1362645]\n- [i2c] i801: Add support for Kaby Lake PCH-H (David Arcari) [1310953]\n- [mfd] lpss: Add Intel Kaby Lake PCH-H PCI IDs (David Arcari) [1310953]\n- [usb] dwc3: pci: add Intel Kabylake PCI ID (David Arcari) [1310953]\n- [edac] sb_edac: Fix channel reporting on Knights Landing (Aristeu Rozanski) [1367330]\n- [include] bluetooth: Fix kabi breakage in struct hci_core (Don Zickus) [1370583]\n- [powerpc] pci: Fix endian bug in fixed PHB numbering (Gustavo Duarte) [1360353]\n- [powerpc] pci: Assign fixed PHB number based on device-tree properties (Gustavo Duarte) [1360353]\n[3.10.0-501]\n- [netdrv] sfc: work around TRIGGER_INTERRUPT command not working on SFC9140 (Jarod Wilson) [1368201]\n- [netdrv] sfc: remove duplicate assignment (Jarod Wilson) [1368201]\n- [netdrv] sfc: include size-binned TX stats on sfn8542q (Jarod Wilson) [1368201]\n- [netdrv] sfc: fix potential stack corruption from running past stat bitmask (Jarod Wilson) [1368201]\n- [netdrv] sfc: avoid division by zero (Jarod Wilson) [1368201]\n- [netdrv] sfc: get timer configuration from adapter (Jarod Wilson) [1368201]\n- [netdrv] sfc: set interrupt moderation via MCDI (Jarod Wilson) [1368201]\n- [netdrv] sfc: use new performance based event queue init (Jarod Wilson) [1368201]\n- [netdrv] sfc: retrieve second word of datapath capabilities (Jarod Wilson) [1368201]\n- [netdrv] sfc: allow asynchronous MCDI without completion function (Jarod Wilson) [1368201]\n- [netdrv] sfc: update MCDI protocol headers (Jarod Wilson) [1368201]\n- [netdrv] sfc: avoid -Wtype-limits warning (Jarod Wilson) [1368201]\n- [netdrv] sfc: Fix VLAN filtering feature if vPort has VLAN_RESTRICT flag (Jarod Wilson) [1368201]\n- [netdrv] sfc: Update MCDI protocol definitions (Jarod Wilson) [1368201]\n- [netdrv] sfc: Disable VLAN filtering by default if not strictly required (Jarod Wilson) [1368201]\n- [netdrv] sfc: VLAN filters must only be created if the firmware supports this (Jarod Wilson) [1368201]\n- [netdrv] sfc: Fix dup unknown multicast/unicast filters after datapath reset (Jarod Wilson) [1368201]\n- [netdrv] sfc: Refactor checks for invalid filter ID (Jarod Wilson) [1368201]\n- [netdrv] sfc: Take mac_lock before calling efx_ef10_filter_table_probe (Jarod Wilson) [1368201]\n- [netdrv] sfc: Implement ndo_vlan_rx_{add, kill}_vid() callbacks (Jarod Wilson) [1368201]\n- [netdrv] sfc: Implement list of VLANs added over interface (Jarod Wilson) [1368201]\n- [netdrv] sfc: Make EF10 filter management helper functions VLAN-aware (Jarod Wilson) [1368201]\n- [netdrv] sfc: Store unicast and multicast promisc flag with address cache (Jarod Wilson) [1368201]\n- [netdrv] sfc: Move filter IDs to per-VLAN data structure (Jarod Wilson) [1368201]\n- [netdrv] sfc: Forget filter ID when the filter is marked old (Jarod Wilson) [1368201]\n- [netdrv] sfc: Assert filter_sem write locked when required (Jarod Wilson) [1368201]\n- [netdrv] sfc: Add efx_nic member with fixed netdev features (Jarod Wilson) [1368201]\n- [netdrv] sfc: Move last mc_promisc flag to EF10 filter table state (Jarod Wilson) [1368201]\n- [netdrv] sfc: Define macro with EF10 offload feature (Jarod Wilson) [1368201]\n- [netdrv] sfc: on MC reset, clear PIO buffer linkage in TXQs (Jarod Wilson) [1368201]\n- [netdrv] sfc: disable RSS when unsupported (Jarod Wilson) [1368201]\n- [netdrv] sfc: implement IPv6 NFC (and IPV4_USER_FLOW) (Jarod Wilson) [1368201]\n- [netdrv] i40iw: Receive notification events correctly (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Update hw_iwarp_state (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Send last streaming mode message for loopback connections (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Avoid writing to freed memory (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Fix double free of allocated_buffer (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Add missing NULL check for MPA private data (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Add missing check for interface already open (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Protect req_resource_num update (Stefan Assmann) [1371734]\n- [netdrv] i40iw: Change mem_resources pointer to a u8 (Stefan Assmann) [1371734]\n- [netdrv] hv_netvsc: fix bonding devices check in netvsc_netdev_event() (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: protect module refcount by checking net_device_ctx->vf_netdev (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: reset vf_inject on VF removal (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: avoid deadlocks between rtnl lock and vf_use_cnt wait (Vitaly Kuznetsov) [1364333]\n- [netdrv] hv_netvsc: dont lose VF information (Vitaly Kuznetsov) [1364333]\n- [netdrv] mlx4_en: Add resilience in low memory systems (kamal heib) [1367818]\n- [netdrv] net/mlx4_en: Move filters cleanup to a proper location (kamal heib) [1367818]\n[3.10.0-500]\n- [drm] amdgpu: Disable RPM helpers while reprobing connectors on resume (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Kabylake uses the same GMS values as Skylake (Rob Clark) [1348329 1349064]\n- [drm] i915/bxt: Broxton uses the same GMS values as Skylake (Rob Clark) [1348329 1349064]\n- [drm] i915/skl: Add the additional graphics stolen sizes (Rob Clark) [1348329 1349064]\n- [drm] x86/gpu: Sprinkle const, __init and __initconst to stolen memory quirks (Rob Clark) [1348329 1349064]\n- [drm] x86/gpu: Implement stolen memory size early quirk for CHV (Rob Clark) [1348329 1349064]\n- [drm] x86/gpu: Fix sign extension issue in Intel graphics stolen memory quirks (Rob Clark) [1348329 1349064]\n- [drm] makefile: update DRM version (Rob Clark) [1348329 1349064]\n- [drm] i915: Revert DisplayPort fast link training feature (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Fix error paths when mapping framebuffer (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Fix corner case screen target management (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Delay pinning fbdev framebuffer until after mode set (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Check pin count before attempting to move a buffer (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Work around mode set failure in 2D VMs (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Add an option to change assumed FB bpp (Rob Clark) [1348329 1349064]\n- [drm] ttm: Make ttm_bo_mem_compat available (Rob Clark) [1348329 1349064]\n- [drm] atomic: Make drm_atomic_legacy_backoff reset crtc->acquire_ctx (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: fix incorrect voltage table value for tonga (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: incorrectly use of the function return value (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: fix logic error (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: need to notify system bios pcie device ready (Rob Clark) [1348329 1349064]\n- [drm] amd/powerplay: fix bug that function parameter was incorect (Rob Clark) [1348329 1349064]\n- [drm] make drm_atomic_set_mode_prop_for_crtc() more reliable (Rob Clark) [1348329 1349064]\n- [drm] add missing drm_mode_set_crtcinfo call (Rob Clark) [1348329 1349064]\n- [drm] i915: Refresh cached DP port register value on resume (Rob Clark) [1348329 1349064]\n- [drm] i915/ilk: Dont disable SSC source if its in use (Rob Clark) [1348329 1349064]\n- [drm] nouveau/disp/sor/gf119: select correct sor when poking training pattern (Rob Clark) [1348329 1349064]\n- [drm] nouveau: fix for disabled fbdev emulation (Rob Clark) [1348329 1349064]\n- [drm] nouveau/ltc/gm107-: fix typo in the address of NV_PLTCG_LTC0_LTS0_INTR (Rob Clark) [1348329 1349064]\n- [drm] nouveau/gr/gf100-: update sm error decoding from gk20a nvgpu headers (Rob Clark) [1348329 1349064]\n- [drm] nouveau/bios/disp: fix handling of 'match any protocol' entries (Rob Clark) [1348329 1349064]\n- [drm] dp/mst: Always clear proposed vcpi table for port (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: initialize amdgpu_cgs_acpi_eval_object result value (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: fix num_rbs exposed to userspace (v2) (Rob Clark) [1348329 1349064]\n- [drm] amdgpu/gfx7: fix broken condition check (Rob Clark) [1348329 1349064]\n- [drm] radeon: fix asic initialization for virtualized environments (Rob Clark) [1348329 1349064]\n- [drm] i915: Removing PCI IDs that are no longer listed as Kabylake (Rob Clark) [1348329 1349064]\n- [drm] i915: Add more Kabylake PCI IDs (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Introduce the first official DMC for Kabylake (Rob Clark) [1348329 1349064]\n- [drm] i915/bxt: Reject DMC firmware versions with known bugs (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: implement WaConextSwitchWithConcurrentTLBInvalidate (Rob Clark) [1348329 1349064]\n- [drm] i915: implement WaClearTdlStateAckDirtyBits (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaClearSlmSpaceAtContextSwitch (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableSbeCacheDispatchPortSharing (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableGafsUnitClkGating (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaForGAMHang (Rob Clark) [1348329 1349064]\n- [drm] i915: Add WaInsertDummyPushConstP for bxt and kbl (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableDynamicCreditSharing (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableLSQCROPERFforOCL (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaDisableFenceDestinationToSLM for A0 (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaEnableGapsTsvCreditFix (Rob Clark) [1348329 1349064]\n- [drm] i915: Mimic skl with WaForceEnableNonCoherent (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: Always apply WaForceContextSaveRestoreNonCoherent (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add WaSkipStolenMemoryFirstPage for A0 (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Add REVID macro (Rob Clark) [1348329 1349064]\n- [drm] i915/kbl: Init gen9 workarounds (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: implement WaEnableSamplerGPGPUPreemptionSupport (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: add WaClearFlowControlGpgpuContextSave (Rob Clark) [1348329 1349064]\n- [drm] i915/skl: Add WaDisableGafsUnitClkGating (Rob Clark) [1348329 1349064]\n- [drm] i915/gen9: Add WaVFEStateAfterPipeControlwithMediaStateClear (Rob Clark) [1348329 1349064]\n- [drm] i915: Introduce Kabypoint PCH for Kabylake H/DT (Rob Clark) [1348329 1349064]\n- [drm] revert 'drm/i915: Exit cherryview_irq_handler() after one pass' (Rob Clark) [1348329 1349064]\n- [drm] core: Do not preserve framebuffer on rmfb, v4 (Rob Clark) [1348329 1349064]\n- [drm] i915: Pass the correct crtc state to .update_plane() (Rob Clark) [1348329 1349064]\n- [drm] Add helper for DP++ adaptors (Rob Clark) [1348329 1349064]\n- [drm] i915: Fix watermarks for VLV/CHV (Rob Clark) [1348329 1349064]\n- [drm] i915: Dont leave old junk in ilk active watermarks on readout (Rob Clark) [1348329 1349064]\n- [drm] i915: Enable/disable TMDS output buffers in DP++ adaptor as needed (Rob Clark) [1348329 1349064]\n- [drm] i915: Respect DP++ adaptor TMDS clock limit (Rob Clark) [1348329 1349064]\n- [drm] i915/psr: Try to program link training times correctly (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: Fix hdmi deep color support (Rob Clark) [1348329 1349064]\n- [drm] amdgpu: use drm_mode_vrefresh() rather than mode->vrefresh (Rob Clark) [1348329 1349064]\n- [drm] vmwgfx: Kill some lockdep warnings (Rob Clark) [1348329 1349064]\n- [drm] gma500: Fix possible out of bounds read (Rob Clark) [1348329 1349064]\n[3.10.0-499]\n- [drm] i915/hsw: Disable PSR by default (Lyude Paul) [1367930]\n- [x86] nmi: Enable nested do_nmi() handling for 64-bit kernels (Jiri Olsa) [1365704]\n- [net] ipv4: igmp: Allow removing groups from a removed interface (Jiri Benc) [1369427]\n- [net] netfilter: ebtables: put module reference when an incorrect extension is found (Sabrina Dubroca) [1369325]\n- [net] sctp: linearize early if its not GSO (Marcelo Leitner) [1058148]\n- [net] sctp_diag: Respect ss adding TCPF_CLOSE to idiag_states (Phil Sutter) [1361728]\n- [net] sctp_diag: Fix T3_rtx timer export (Phil Sutter) [1361728]\n- [net] sctp: Export struct sctp_info to userspace (Phil Sutter) [1361728]\n- [net] macsec: ensure rx_sa is set when validation is disabled (Sabrina Dubroca) [1368429]\n- [net] macsec: use after free when deleting the underlying device (Sabrina Dubroca) [1368429]\n- [target] target/user: Fix failure to unlock a spinlock upon function return (Andy Grover) [1367873]\n- [target] target/user: Fix comments to not refer to data ring (Andy Grover) [1367873]\n- [target] target/user: Return an error if cmd data size is too large (Andy Grover) [1367873]\n- [target] target/user: Use sense_reason_t in tcmu_queue_cmd_ring (Andy Grover) [1367873]\n- [target] Backport tcm-user from 4.6 (Andy Grover) [1367873]\n- [uio] Export definition of struct uio_device (Andy Grover) [1367873]\n- [netdrv] i40iw: Add NULL check for puda buffer (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Change dup_ack_thresh to u8 (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Remove unnecessary check for moving CQ head (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Simplify code to set fragments in SQ WQE (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Remove unnecessary parameter to i40iw_cq_poll_completion (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Do not access pointer after free (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Correct and use size parameter to i40iw_reg_phys_mr (Stefan Assmann) [1367425]\n- [netdrv] i40iw: Fix return codes (Stefan Assmann) [1367425]\n- [netdrv] i40e: Correcting mutex usage in client code (Stefan Assmann) [1367425]\n- [netdrv] i40e: Initialize pointer in client_release function (Stefan Assmann) [1367425]\n- [netdrv] i40e: Check client is open before calling client ops (Stefan Assmann) [1367425]\n- [netdrv] i40e: Force register writes to mitigate sync issues with iwarp VF driver (Stefan Assmann) [1367425]\n- [netdrv] i40e: Move the mutex lock in i40e_client_unregister (Stefan Assmann) [1367425]\n- [infiniband] ib/uverbs: Initialize ib_qp_init_attr with zeros (Honggang Li) [1365720]\n[3.10.0-498]\n- [scsi] aacraid: Check size values after double-fetch from user (Maurizio Lombardi) [1369771] {CVE-2016-6480}\n- [fs] block_dev.c: Remove WARN_ON() when inode writeback fails (Eric Sandeen) [1229014]\n- [fs] ext4: call sync_blockdev() before invalidate_bdev() in put_super() (Eric Sandeen) [1229014]\n- [mm] page_alloc: rename setup_pagelist_highmark() to match naming of pageset_set_batch() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: in zone_pcp_update(), uze zone_pageset_init() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: factor zone_pageset_init() out of setup_zone_pageset() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: relocate comment to be directly above code it refers to (Pankaj Gupta) [1320834]\n- [mm] page_alloc: factor setup_pageset() into pageset_init() and pageset_set_batch() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: when handling percpu_pagelist_fraction, dont unneedly recalulate high (Pankaj Gupta) [1320834]\n- [mm] page_alloc: convert zone_pcp_update() to rely on memory barriers instead of stop_machine() (Pankaj Gupta) [1320834]\n- [mm] page_alloc: protect pcp->batch accesses with ACCESS_ONCE (Pankaj Gupta) [1320834]\n- [mm] page_alloc: insert memory barriers to allow async update of pcp batch and high (Pankaj Gupta) [1320834]\n- [mm] page_alloc: prevent concurrent updaters of pcp ->batch and ->high (Pankaj Gupta) [1320834]\n- [mm] page_alloc: factor out setting of pcp->high and pcp->batch (Pankaj Gupta) [1320834]\n- [hid] i2c-hid: Fix suspend/resume when already runtime suspended (David Arcari) [1361625]\n- [hid] i2c-hid: Only disable irq wake if it was successfully enabled during suspend (David Arcari) [1361625]\n- [hid] i2c-hid: Call device suspend callback before disabling irq (David Arcari) [1361625]\n- [hid] i2c-hid: call the hid drivers suspend and resume callbacks (David Arcari) [1361625]\n- [hid] i2c-hid: add runtime PM support (David Arcari) [1361625]\n- [hid] i2c-hid: disable interrupt on suspend (David Arcari) [1361625]\n- [lib] rhashtable-test: calculate max_entries value by default (Phil Sutter) [1238749]\n- [x86] tsc: Enumerate SKL cpu_khz and tsc_khz via CPUID (Prarit Bhargava) [1366396]\n- [x86] Block HPET on Purley 4S (Prarit Bhargava) [1365997]\n- [base] regmap: Skip read-only registers in regcache_sync() (Jaroslav Kysela) [1365905 1367789]\n- [tools] perf: Add sample_reg_mask to include all perf_regs (Steve Best) [1368934]\n- [netdrv] i40e: Change some init flow for the client (Stefan Assmann) [1369275]\n- [netdrv] mlx5e: Log link state changes (kamal heib) [1367822]\n[3.10.0-497]\n- [kernel] ftrace: fix traceoff_on_warning handling on boot command line ('Luis Claudio R. Goncalves') [1367650]\n- [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1364896]\n- [netdrv] cxgb4/cxgb4vf: Fixes regression in perf when tx vlan offload is disabled (Sai Vemuri) [1319437]\n- [netdrv] cxgb4/cxgb4vf: Add link mode mask API to cxgb4 and cxgb4vf (Sai Vemuri) [1365689]\n- [netdrv] cxgb4: Dont assume FW_PORT_CMD reply is always port info msg (Sai Vemuri) [1365689]\n- [netdrv] ethtool: add support for 25G/50G/100G speed modes (Sai Vemuri) [1365689]\n- [netdrv] i40e: use configured RSS key and lookup table in i40e_vsi_config_rss (Stefan Assmann) [1359439]\n- [netdrv] i40e: fix broken i40e_config_rss_aq function (Stefan Assmann) [1359439]\n- [netdrv] i40e: move i40e_vsi_config_rss below i40e_get_rss_aq (Stefan Assmann) [1359439]\n- [netdrv] i40e: Remove redundant memset (Stefan Assmann) [1359439]\n- [netdrv] brcmfmac: restore stopping netdev queue when bus clogs up (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: add new 8265 (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: add new 8260 PCI IDs (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: pcie: fix a race in firmware loading flow (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: pcie: enable interrupts before releasing the NICs CPU (Stanislaw Gruszka) [1365575]\n- [net] mac80211: fix purging multicast PS buffer queue (Stanislaw Gruszka) [1365575]\n- [net] cfg80211: handle failed skb allocation (Stanislaw Gruszka) [1365575]\n- [net] nl80211: Move ACL parsing later to avoid a possible memory leak (Stanislaw Gruszka) [1365575]\n- [net] cfg80211: fix proto in ieee80211_data_to_8023 for frames without LLC header (Stanislaw Gruszka) [1365575]\n- [net] mac80211: Fix mesh estab_plinks counting in STA removal case (Stanislaw Gruszka) [1365575]\n- [netdrv] ath9k: fix GPIO mask for AR9462 and AR9565 (Stanislaw Gruszka) [1365575]\n- [netdrv] ath10k: fix deadlock while processing rx_in_ord_ind (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: fix a few firmware capability checks (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: set the encryption type of an IGTK key (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: fix potential NULL-dereference in iwl_mvm_reorder() (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: fix RCU splat in TKIPs update_key (Stanislaw Gruszka) [1365575]\n- [netdrv] iwlwifi: mvm: increase scan timeout to 20 seconds (Stanislaw Gruszka) [1365575]\n- [net] cfg80211: remove get/set antenna and tx power warnings (Stanislaw Gruszka) [1365575]\n- [netdrv] ath10k: fix crash related to printing features (Stanislaw Gruszka) [1365575]\n- [netdrv] ath10k: fix deadlock when peer cannot be created (Stanislaw Gruszka) [1365575]\n- [net] mac80211: fix fast_tx header alignment (Stanislaw Gruszka) [1365575]\n- [net] mac80211: mesh: flush mesh paths unconditionally (Stanislaw Gruszka) [1365575]\n- [netdrv] rtlwifi: Fix scheduling while atomic error from commit 49f86ec21c01 (Stanislaw Gruszka) [1365575]\n- [netdrv] brcmfmac: add fallback for devices that do not report per-chain values (Stanislaw Gruszka) [1365575]\n[3.10.0-496]\n- [infiniband] rdma/ocrdma: display ocrdma tech preview status (Honggang Li) [1334675]\n- [infiniband] ib/rdma_cm: fix panic when trying access default_roce_mode configfs (kamal heib) [1360276]\n- [infiniband] ib/hfi1: Fix mm_struct use after free (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add cache evict LRU list (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix memory leak during unexpected shutdown (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unneeded mm argument in remove function (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Consistently call ops->remove outside spinlock (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use evict mmu rb operation (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add evict operation to the mmu rb handler (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix TID caching actions (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Make the cache handler own its rb tree root (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Make use of mm consistent (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix user SDMA racy user request claim (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix error condition that needs to clean up (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Release node on insert failure (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Validate SDMA user iovector count (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Validate SDMA user request index (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use the same capability state for all shared contexts (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Prevent null pointer dereference (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Rename TID mmu_rb_* functions (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unneeded empty check in hfi1_mmu_rb_unregister() (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Restructure hfi1_file_open (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Make iovec loop index easy to understand (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use 'false' not 0 (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unused sub-context parameter (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Consolidate __mmu_rb_remove and hfi1_mmu_rb_remove (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Always expect ops functions (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add parameter names to callback declarations (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Add parameter names to function declarations (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unused function hfi1_mmu_rb_search (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove unused uctxt->subpid and uctxt->pid (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Fix minor format error (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Remove TWSI references (Alex Estrin) [1360929]\n- [infiniband] ib/hfi1: Use built-in i2c bit-shift bus adapter (Alex Estrin) [1360929]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-09T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5195", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7039"], "modified": "2016-11-09T00:00:00", "id": "ELSA-2016-2574", "href": "http://linux.oracle.com/errata/ELSA-2016-2574.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2023-08-23T20:45:55", "description": "**CentOS Errata and Security Advisory** CESA-2016:2574\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was found that the Linux kernel's IPv6 implementation mishandled socket options. A local attacker could abuse concurrent access to the socket options to escalate their privileges, or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841, Important)\n\n* Several Moderate and Low impact security issues were found in the Linux kernel. Space precludes documenting each of these issues in this advisory. Refer to the CVE links in the References section for a description of each of these vulnerabilities. (CVE-2013-4312, CVE-2015-8374, CVE-2015-8543, CVE-2015-8812, CVE-2015-8844, CVE-2015-8845, CVE-2016-2053, CVE-2016-2069, CVE-2016-2847, CVE-2016-3156, CVE-2016-4581, CVE-2016-4794, CVE-2016-5412, CVE-2016-5828, CVE-2016-5829, CVE-2016-6136, CVE-2016-6198, CVE-2016-6327, CVE-2016-6480, CVE-2015-8746, CVE-2015-8956, CVE-2016-2117, CVE-2016-2384, CVE-2016-3070, CVE-2016-3699, CVE-2016-4569, CVE-2016-4578)\n\nRed Hat would like to thank Philip Pettersson (Samsung) for reporting CVE-2016-2053; Tetsuo Handa for reporting CVE-2016-2847; the Virtuozzo kernel team and Solar Designer (Openwall) for reporting CVE-2016-3156; Justin Yackoski (Cryptonite) for reporting CVE-2016-2117; and Linn Crosetto (HP) for reporting CVE-2016-3699. The CVE-2015-8812 issue was discovered by Venkatesh Pottem (Red Hat Engineering); the CVE-2015-8844 and CVE-2015-8845 issues were discovered by Miroslav Vadkerti (Red Hat Engineering); the CVE-2016-4581 issue was discovered by Eric W. Biederman (Red Hat); the CVE-2016-6198 issue was discovered by CAI Qian (Red Hat); and the CVE-2016-3070 issue was discovered by Jan Stancek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2016-November/023189.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2574", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-25T15:59:02", "type": "centos", "title": "kernel, perf, python security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-4312", "CVE-2015-8374", "CVE-2015-8543", "CVE-2015-8746", "CVE-2015-8812", "CVE-2015-8844", "CVE-2015-8845", "CVE-2015-8956", "CVE-2016-2053", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2384", "CVE-2016-2847", "CVE-2016-3044", "CVE-2016-3070", "CVE-2016-3156", "CVE-2016-3699", "CVE-2016-3841", "CVE-2016-4569", "CVE-2016-4578", "CVE-2016-4581", "CVE-2016-4794", "CVE-2016-5412", "CVE-2016-5828", "CVE-2016-5829", "CVE-2016-6136", "CVE-2016-6198", "CVE-2016-6327", "CVE-2016-6480", "CVE-2016-7914", "CVE-2016-7915", "CVE-2016-9794", "CVE-2017-13167", "CVE-2018-16597"], "modified": "2016-11-25T15:59:02", "id": "CESA-2016:2574", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2016-November/023189.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}