ID UB:CVE-2018-16276 Type ubuntucve Reporter ubuntu.com Modified 2018-08-31T00:00:00
Description
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the
Linux kernel before 4.17.7. Local attackers could use user access
read/writes with incorrect bounds checking in the yurex USB driver to crash
the kernel or potentially escalate privileges.
{"redhatcve": [{"lastseen": "2022-04-07T06:15:35", "description": "An out-of-bounds access issue was discovered in yurex_read() in drivers/usb/misc/yurex.c in the Linux kernel. A local attacker could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-01T21:48:54", "type": "redhatcve", "title": "CVE-2018-16276", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16276"], "modified": "2021-03-18T17:01:56", "id": "RH:CVE-2018-16276", "href": "https://access.redhat.com/security/cve/cve-2018-16276", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-07T06:12:22", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16276. Reason: This candidate is a reservation duplicate of CVE-2018-16276. Notes: All CVE users should reference CVE-2018-16276 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-03T08:05:51", "type": "redhatcve", "title": "CVE-2018-19270", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16276", "CVE-2018-19270"], "modified": "2021-03-18T18:13:00", "id": "RH:CVE-2018-19270", "href": "https://access.redhat.com/security/cve/cve-2018-19270", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T14:00:32", "description": "An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-31T16:29:00", "type": "cve", "title": "CVE-2018-16276", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16276"], "modified": "2019-03-08T17:06:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:canonical:ubuntu_linux:12.04"], "id": "CVE-2018-16276", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16276", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T15:14:58", "description": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-16276. Reason: This candidate is a reservation duplicate of CVE-2018-16276. Notes: All CVE users should reference CVE-2018-16276 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.", "cvss3": {}, "published": "2018-11-14T11:29:00", "type": "cve", "title": "CVE-2018-19270", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2018-16276", "CVE-2018-19270"], "modified": "2018-11-14T16:29:00", "cpe": [], "id": "CVE-2018-19270", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19270", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "debiancve": [{"lastseen": "2022-05-11T23:36:22", "description": "An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-31T16:29:00", "type": "debiancve", "title": "CVE-2018-16276", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16276"], "modified": "2018-08-31T16:29:00", "id": "DEBIANCVE:CVE-2018-16276", "href": "https://security-tracker.debian.org/tracker/CVE-2018-16276", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "f5": [{"lastseen": "2020-04-06T22:40:30", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-31T21:21:00", "type": "f5", "title": "yurex USB driver vulnerability CVE-2018-16276", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-16276"], "modified": "2019-01-31T21:21:00", "id": "F5:K14652952", "href": "https://support.f5.com/csp/article/K14652952", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "photon": [{"lastseen": "2022-05-12T18:07:39", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-31T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0169", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10322", "CVE-2018-13405", "CVE-2018-16276"], "modified": "2018-07-31T00:00:00", "id": "PHSA-2018-0169", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-169", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:29:46", "description": "Updates of ['linux-aws', 'linux-secure', 'vim', 'linux-esx', 'linux', 'blktrace', 'systemd'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.1, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-07-27T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2018-0076", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000382", "CVE-2018-1049", "CVE-2018-10689", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10881", "CVE-2018-13405", "CVE-2018-13406", "CVE-2018-16276", "CVE-2018-18559"], "modified": "2018-07-27T00:00:00", "id": "PHSA-2018-0076", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-76", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:30:14", "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bnc#1107829).\n\nCVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870).\n\nCVE-2018-16276: An issue was discovered in yurex_read in drivers/usb/misc/yurex.c where local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095).\n\nCVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-06T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3618-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12896", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-16276"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-3618-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118747", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3618-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118747);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-12896\", \"CVE-2018-14617\", \"CVE-2018-14633\", \"CVE-2018-16276\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3618-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14633: A security flaw was found in the\nchap_server_compute_md5() function in the ISCSI target code in a way\nan authentication request from an ISCSI initiator is processed. An\nunauthenticated remote attacker can cause a stack-based buffer\noverflow and smash up to 17 bytes of the stack. The attack requires\nthe iSCSI target to be enabled on the victim host. Depending on how\nthe target's code was built (i.e. depending on a compiler, compile\nflags and hardware architecture) an attack may lead to a system crash\nand thus to a denial-of-service or possibly to a non-authorized access\nto data exported by an iSCSI target. Due to the nature of the flaw,\nprivilege escalation cannot be fully ruled out, although we believe it\nis highly unlikely. (bnc#1107829).\n\nCVE-2018-14617: There is a NULL pointer dereference and panic in\nhfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is\npurportedly a hard link) in an hfs+ filesystem that has malformed\ncatalog data, and is mounted read-only without a metadata directory\n(bnc#1102870).\n\nCVE-2018-16276: An issue was discovered in yurex_read in\ndrivers/usb/misc/yurex.c where local attackers could use user access\nread/writes with incorrect bounds checking in the yurex USB driver to\ncrash the kernel or potentially escalate privileges (bnc#1106095).\n\nCVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in\nthe POSIX timer code is caused by the way the overrun accounting\nworks. Depending on interval and expiry time values, the overrun can\nbe larger than INT_MAX, but the accounting is int based. This\nbasically made the accounting values, which are visible to user space\nvia timer_getoverrun(2) and siginfo::si_overrun, random. For example,\na local user can cause a denial of service (signed integer overflow)\nvia crafted mmap, futex, timer_create, and timer_settime system calls\n(bnc#1099922).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108227\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14617/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16276/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183618-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?307a4573\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-kernel-source-13855=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-source-13855=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-kernel-source-13855=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-kernel-source-13855=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-base-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-base-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-devel-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-source-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-syms-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-base-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-devel-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.106.56.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.106.56.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-05-04T15:40:02", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-16597: Incorrect access checking in overlayfs mounts could have been used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512).\n\nCVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, caused by a lack of block group item validation in check_leaf_item (bsc#1102896)\n\nCVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870)\n\nCVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095)\n\nCVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536)\n\nCVE-2018-7480: The blkcg_init_queue function allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bsc#1082863).\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-05T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3003-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14613", "CVE-2018-14617", "CVE-2018-16276", "CVE-2018-16597", "CVE-2018-17182", "CVE-2018-7480", "CVE-2018-7757"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3003-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117933", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3003-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117933);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2018-14613\", \"CVE-2018-14617\", \"CVE-2018-16276\", \"CVE-2018-16597\", \"CVE-2018-17182\", \"CVE-2018-7480\", \"CVE-2018-7757\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3003-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-16597: Incorrect access checking in overlayfs mounts could\nhave been used by local attackers to modify or truncate files in the\nunderlying filesystem (bnc#1106512).\n\nCVE-2018-14613: Prevent invalid pointer dereference in\nio_ctl_map_page() when mounting and operating a crafted btrfs image,\ncaused by a lack of block group item validation in check_leaf_item\n(bsc#1102896)\n\nCVE-2018-14617: Prevent NULL pointer dereference and panic in\nhfsplus_lookup() when opening a file (that is purportedly a hard link)\nin an hfs+ filesystem that has malformed catalog data, and is mounted\nread-only without a metadata directory (bsc#1102870)\n\nCVE-2018-16276: Incorrect bounds checking in the yurex USB driver in\nyurex_read allowed local attackers to use user access read/writes to\ncrash the kernel or potentially escalate privileges (bsc#1106095)\n\nCVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/libsas/sas_expander.c allowed local users to cause a\ndenial of service (memory consumption) via many read accesses to files\nin the /sys/class/sas_phy directory, as demonstrated by the\n/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536)\n\nCVE-2018-7480: The blkcg_init_queue function allowed local users to\ncause a denial of service (double free) or possibly have unspecified\nother impact by triggering a creation failure (bsc#1082863).\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\nmishandled sequence number overflows. An attacker can trigger a\nuse-after-free (and possibly gain privileges) via certain thread\ncreation, map, unmap, invalidation, and dereference operations\n(bnc#1108399).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091815\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14613/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14617/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16276/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16597/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17182/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7757/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183003-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?339cccf9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-2135=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2135=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2135=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2018-2135=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2135=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.156-94.57.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.156-94.57.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:29:41", "description": "It was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3847-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18445", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3847-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119827", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3847-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119827);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_xref(name:\"USN\", value:\"3847-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3847-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a race condition existed in the raw MIDI driver\nfor the Linux kernel, leading to a double free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in\nthe Infiniband implementation in the Linux kernel. An attacker could\nuse this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux\nkernel did not properly restrict user space reads or writes. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS\nfile system in the Linux kernel in certain situations could cause an\nerror condition to occur. A local attacker could use this to cause a\ndenial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in\nthe CDROM driver of the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3847-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3847-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1026-gcp\", pkgver:\"4.15.0-1026.27\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1028-kvm\", pkgver:\"4.15.0-1028.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1030-oem\", pkgver:\"4.15.0-1030.35\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1030-raspi2\", pkgver:\"4.15.0-1030.32\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1031-aws\", pkgver:\"4.15.0-1031.33\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1036-azure\", pkgver:\"4.15.0-1036.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-43-generic\", pkgver:\"4.15.0-43.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-43-generic-lpae\", pkgver:\"4.15.0-43.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-43-lowlatency\", pkgver:\"4.15.0-43.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-43-snapdragon\", pkgver:\"4.15.0-43.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1031.30\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1036.36\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1026.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.43.45\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.43.45\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1026.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1028.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.43.45\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1030.35\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1030.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.43.45\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-azure / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:29:58", "description": "USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux kernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3847-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18445", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3847-3.NASL", "href": "https://www.tenable.com/plugins/nessus/119829", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3847-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119829);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_xref(name:\"USN\", value:\"3847-3\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3847-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nkernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver\nfor the Linux kernel, leading to a double free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in\nthe Infiniband implementation in the Linux kernel. An attacker could\nuse this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux\nkernel did not properly restrict user space reads or writes. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS\nfile system in the Linux kernel in certain situations could cause an\nerror condition to occur. A local attacker could use this to cause a\ndenial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in\nthe CDROM driver of the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3847-3/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.15-azure and / or linux-image-azure\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3847-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.15.0-1036-azure\", pkgver:\"4.15.0-1036.38~14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1036.23\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-azure / linux-image-azure\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:29:51", "description": "USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3847-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18445", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3847-2.NASL", "href": "https://www.tenable.com/plugins/nessus/119828", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3847-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119828);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_xref(name:\"USN\", value:\"3847-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3847-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver\nfor the Linux kernel, leading to a double free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in\nthe Infiniband implementation in the Linux kernel. An attacker could\nuse this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux\nkernel did not properly restrict user space reads or writes. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS\nfile system in the Linux kernel in certain situations could cause an\nerror condition to occur. A local attacker could use this to cause a\ndenial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in\nthe CDROM driver of the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3847-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3847-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1026-gcp\", pkgver:\"4.15.0-1026.27~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1031-aws\", pkgver:\"4.15.0-1031.33~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1036-azure\", pkgver:\"4.15.0-1036.38~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-43-generic\", pkgver:\"4.15.0-43.46~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-43-generic-lpae\", pkgver:\"4.15.0-43.46~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-43-lowlatency\", pkgver:\"4.15.0-43.46~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1031.32\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1036.41\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1026.40\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.43.64\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.43.64\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1026.40\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.43.64\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-azure / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:29:48", "description": "It was discovered that a NULL pointer dereference existed in the keyring subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-2647)\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nTetsuo Handa discovered a logic error in the TTY subsystem of the Linux kernel. A local attacker with access to pseudo terminal devices could use this to cause a denial of service. (CVE-2018-18386)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3849-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-2647", "CVE-2018-10902", "CVE-2018-12896", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3849-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119832", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3849-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119832);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-2647\", \"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_xref(name:\"USN\", value:\"3849-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3849-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that a NULL pointer dereference existed in the\nkeyring subsystem of the Linux kernel. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2017-2647)\n\nIt was discovered that a race condition existed in the raw MIDI driver\nfor the Linux kernel, leading to a double free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in\nthe Infiniband implementation in the Linux kernel. An attacker could\nuse this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux\nkernel did not properly restrict user space reads or writes. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nTetsuo Handa discovered a logic error in the TTY subsystem of the\nLinux kernel. A local attacker with access to pseudo terminal devices\ncould use this to cause a denial of service. (CVE-2018-18386)\n\nKanda Motohiro discovered that writing extended attributes to an XFS\nfile system in the Linux kernel in certain situations could cause an\nerror condition to occur. A local attacker could use this to cause a\ndenial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in\nthe CDROM driver of the Linux kernel. A local attacker could use this\nto expose sensitive information (kernel memory). (CVE-2018-18710).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3849-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-2647\", \"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\", \"CVE-2018-16276\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3849-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-164-generic\", pkgver:\"3.13.0-164.214\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-164-generic-lpae\", pkgver:\"3.13.0-164.214\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-164-lowlatency\", pkgver:\"3.13.0-164.214\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.164.174\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.164.174\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.164.174\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-04T15:39:43", "description": "USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information.\n(CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash).\n(CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2018-10-02T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3776-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18216", "CVE-2018-10902", "CVE-2018-14633", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555"], "modified": "2022-02-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3776-2.NASL", "href": "https://www.tenable.com/plugins/nessus/117871", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3776-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117871);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/17\");\n\n script_cve_id(\"CVE-2017-18216\", \"CVE-2018-10902\", \"CVE-2018-14633\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n script_xref(name:\"USN\", value:\"3776-2\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3776-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly\nhandle sequence number overflows, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of\nservice (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the\nLinux kernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution\nand prediction of return addresses via Return Stack Buffer (RSB) may\nallow unauthorized memory reads via sidechannel attacks. An attacker\ncould use this to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered\nin the OCFS2 file system implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver\nfor the Linux kernel, leading to a double free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the\niSCSI target implementation of the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux\nkernel did not properly restrict user space reads or writes. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the\nIRDA implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-6555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3776-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-lts-xenial\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2022 Canonical, Inc. / NASL script (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18216\", \"CVE-2018-10902\", \"CVE-2018-14633\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3776-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-1031-aws\", pkgver:\"4.4.0-1031.34\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-137-generic\", pkgver:\"4.4.0-137.163~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-137-generic-lpae\", pkgver:\"4.4.0-137.163~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.4.0-137-lowlatency\", pkgver:\"4.4.0-137.163~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1031.31\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae-lts-xenial\", pkgver:\"4.4.0.137.117\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lts-xenial\", pkgver:\"4.4.0.137.117\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency-lts-xenial\", pkgver:\"4.4.0.137.117\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-05-04T15:40:00", "description": "Jann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information.\n(CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash).\n(CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2018-10-02T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3776-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18216", "CVE-2018-10902", "CVE-2018-14633", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555"], "modified": "2022-02-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3776-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117870", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3776-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117870);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/17\");\n\n script_cve_id(\"CVE-2017-18216\", \"CVE-2018-10902\", \"CVE-2018-14633\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n script_xref(name:\"USN\", value:\"3776-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3776-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jann Horn discovered that the vmacache subsystem did not properly\nhandle sequence number overflows, leading to a use-after-free\nvulnerability. A local attacker could use this to cause a denial of\nservice (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the\nLinux kernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A\nlocal attacker could use this to expose sensitive information.\n(CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution\nand prediction of return addresses via Return Stack Buffer (RSB) may\nallow unauthorized memory reads via sidechannel attacks. An attacker\ncould use this to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered\nin the OCFS2 file system implementation in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver\nfor the Linux kernel, leading to a double free vulnerability. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the\niSCSI target implementation of the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux\nkernel did not properly restrict user space reads or writes. A\nphysically proximate attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of\nthe Linux kernel. A local attacker could use this to cause a denial of\nservice (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the\nIRDA implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-6555).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3776-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2022 Canonical, Inc. / NASL script (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18216\", \"CVE-2018-10902\", \"CVE-2018-14633\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3776-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1035-kvm\", pkgver:\"4.4.0-1035.41\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1069-aws\", pkgver:\"4.4.0-1069.79\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1098-raspi2\", pkgver:\"4.4.0-1098.106\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1102-snapdragon\", pkgver:\"4.4.0-1102.107\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-137-generic\", pkgver:\"4.4.0-137.163\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-137-generic-lpae\", pkgver:\"4.4.0-137.163\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-137-lowlatency\", pkgver:\"4.4.0-137.163\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1069.71\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.137.143\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.137.143\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1035.34\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.137.143\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1098.98\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1102.94\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-05-16T16:51:58", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870).\n\nCVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095).\n\nCVE-2018-15594: Ensure correct handling of indirect calls, to prevent attackers for conducting Spectre-v2 attacks against paravirtual guests (bsc#1105348).\n\nCVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912)\n\nCVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922)\n\nCVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)\n\nCVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689)\n\nCVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511)\n\nCVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509)\n\nCVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517)\n\nCVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322)\n\nCVE-2018-14734: ucma_leave_multicast accessed a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bsc#1103119)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-28T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2879-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2018-10940", "CVE-2018-12896", "CVE-2018-14617", "CVE-2018-14634", "CVE-2018-14734", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-6554", "CVE-2018-6555"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-2879-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117820", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2879-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117820);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-10940\", \"CVE-2018-12896\", \"CVE-2018-14617\", \"CVE-2018-14634\", \"CVE-2018-14734\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2879-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14617: Prevent NULL pointer dereference and panic in\nhfsplus_lookup() when opening a file (that is purportedly a hard link)\nin an hfs+ filesystem that has malformed catalog data, and is mounted\nread-only without a metadata directory (bsc#1102870).\n\nCVE-2018-16276: Incorrect bounds checking in the yurex USB driver in\nyurex_read allowed local attackers to use user access read/writes to\ncrash the kernel or potentially escalate privileges (bsc#1106095).\n\nCVE-2018-15594: Ensure correct handling of indirect calls, to prevent\nattackers for conducting Spectre-v2 attacks against paravirtual guests\n(bsc#1105348).\n\nCVE-2018-14634: Prevent integer overflow in create_elf_tables that\nallowed a local attacker to exploit this vulnerability via a SUID-root\nbinary and obtain full root privileges (bsc#1108912)\n\nCVE-2018-12896: Prevent integer overflow in the POSIX timer code that\nwas caused by the way the overrun accounting works. Depending on\ninterval and expiry time values, the overrun can be larger than\nINT_MAX, but the accounting is int based. This basically made the\naccounting values, which are visible to user space via\ntimer_getoverrun(2) and siginfo::si_overrun, random. This allowed a\nlocal user to cause a denial of service (signed integer overflow) via\ncrafted mmap, futex, timer_create, and timer_settime system calls\n(bnc#1099922)\n\nCVE-2018-10940: The cdrom_ioctl_media_changed function allowed local\nattackers to use a incorrect bounds check in the CDROM driver\nCDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)\n\nCVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status\nthat could have been used by local attackers to read kernel memory\n(bnc#1107689)\n\nCVE-2018-6555: The irda_setsockopt function allowed local users to\ncause a denial of service (ias_object use-after-free and system crash)\nor possibly have unspecified other impact via an AF_IRDA socket\n(bnc#1106511)\n\nCVE-2018-6554: Prevent memory leak in the irda_bind function that\nallowed local users to cause a denial of service (memory consumption)\nby repeatedly binding an AF_IRDA socket (bnc#1106509)\n\nCVE-2018-15572: The spectre_v2_select_mitigation function did not\nalways fill RSB upon a context switch, which made it easier for\nattackers to conduct userspace-userspace spectreRSB attacks\n(bnc#1102517)\n\nCVE-2018-10902: Protect against concurrent access to prevent double\nrealloc (double free) in snd_rawmidi_input_params() and\nsnd_rawmidi_output_status(). A malicious local attacker could have\nused this for privilege escalation (bnc#1105322)\n\nCVE-2018-14734: ucma_leave_multicast accessed a certain data structure\nafter a cleanup step in ucma_process_join, which allowed attackers to\ncause a denial of service (use-after-free) (bsc#1103119)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1037441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048185\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060245\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080157\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087081\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103119\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103884\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104684\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104901\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106206\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106212\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107064\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107071\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107650\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10902/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14617/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14734/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15594/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16276/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-6554/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-6555/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182879-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?76d91930\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-13796=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-13796=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-13796=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-13796=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-108.71.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-108.71.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-10T13:06:57", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.(CVE-2018-5803)\n\n - Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.(CVE-2018-1000026)\n\n - The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic.(CVE-2018-1092)\n\n - In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the aEUR~ie_lenaEURtm argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-5848)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)\n\n - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial of service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.(CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking.(CVE-2018-16658)\n\n - In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE operations with conversion of an attr from short to long form.(CVE-2018-18690)\n\n - It was found that paravirt_patch_call/jump() functions in the arch/x86/kernel/paravirt.c in the Linux kernel mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtualized guests.(CVE-2018-15594)\n\n - A security flaw was found in the Linux kernel in drivers/tty/n_tty.c which allows local attackers (ones who are able to access pseudo terminals) to lock them up and block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ handler.(CVE-2018-18386)\n\n - An out-of-bounds access issue was discovered in yurex_read() in drivers/usb/misc/yurex.c in the Linux kernel. A local attacker could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.(CVE-2018-16276)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2018-12-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1432)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000026", "CVE-2018-10878", "CVE-2018-10881", "CVE-2018-1092", "CVE-2018-14633", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-5803", "CVE-2018-5848"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1432.NASL", "href": "https://www.tenable.com/plugins/nessus/119921", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119921);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-1000026\",\n \"CVE-2018-10878\",\n \"CVE-2018-10881\",\n \"CVE-2018-1092\",\n \"CVE-2018-14633\",\n \"CVE-2018-15594\",\n \"CVE-2018-16276\",\n \"CVE-2018-16658\",\n \"CVE-2018-18386\",\n \"CVE-2018-18690\",\n \"CVE-2018-5803\",\n \"CVE-2018-5848\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1432)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In the Linux Kernel before version 4.15.8, 4.14.25,\n 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the\n '_sctp_make_chunk()' function\n (net/sctp/sm_make_chunk.c) when handling SCTP packets\n length can be exploited to cause a kernel\n crash.(CVE-2018-5803)\n\n - Linux Linux kernel version at least v4.8 onwards,\n probably well before contains a Insufficient input\n validation vulnerability in bnx2x network card driver\n that can result in DoS: Network card firmware assertion\n takes card off-line. This attack appear to be\n exploitable via An attacker on a must pass a very\n large, specially crafted packet to the bnx2x card. This\n can be done from an untrusted guest\n VM.(CVE-2018-1000026)\n\n - The Linux kernel is vulnerable to a NULL pointer\n dereference in the\n ext4/mballoc.c:ext4_process_freed_data() function. An\n attacker could trick a legitimate user or a privileged\n attacker could exploit this by mounting a crafted ext4\n image to cause a kernel panic.(CVE-2018-1092)\n\n - In the function wmi_set_ie() in the Linux kernel the\n length validation code does not handle unsigned integer\n overflow properly. As a result, a large value of the\n aEUR~ie_lenaEURtm argument can cause a buffer overflow and\n thus a memory corruption leading to a system crash or\n other or unspecified impact. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2018-5848)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.(CVE-2018-10881)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image.(CVE-2018-10878)\n\n - A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target\n code in the Linux kernel in a way an authentication\n request from an ISCSI initiator is processed. An\n unauthenticated remote attacker can cause a stack\n buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on\n the victim host. Depending on how the target's code was\n built (i.e. depending on a compiler, compile flags and\n hardware architecture) an attack may lead to a system\n crash and thus to a denial of service or possibly to a\n non-authorized access to data exported by an iSCSI\n target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is highly unlikely.(CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before\n 4.18.6. An information leak in cdrom_ioctl_drive_status\n in drivers/cdrom/cdrom.c could be used by local\n attackers to read kernel memory because a cast from\n unsigned long to int interferes with bounds\n checking.(CVE-2018-16658)\n\n - In the Linux kernel before 4.17, a local attacker able\n to set attributes on an xfs filesystem could make this\n filesystem non-operational until the next mount by\n triggering an unchecked error condition during an xfs\n attribute change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE\n operations with conversion of an attr from short to\n long form.(CVE-2018-18690)\n\n - It was found that paravirt_patch_call/jump() functions\n in the arch/x86/kernel/paravirt.c in the Linux kernel\n mishandles certain indirect calls, which makes it\n easier for attackers to conduct Spectre-v2 attacks\n against paravirtualized guests.(CVE-2018-15594)\n\n - A security flaw was found in the Linux kernel in\n drivers/tty/n_tty.c which allows local attackers (ones\n who are able to access pseudo terminals) to lock them\n up and block further usage of any pseudo terminal\n devices due to an EXTPROC versus ICANON confusion in\n TIOCINQ handler.(CVE-2018-18386)\n\n - An out-of-bounds access issue was discovered in\n yurex_read() in drivers/usb/misc/yurex.c in the Linux\n kernel. A local attacker could use user access\n read/writes with incorrect bounds checking in the yurex\n USB driver to crash the kernel or potentially escalate\n privileges.(CVE-2018-16276)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1432\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dbf3082\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h120\",\n \"kernel-debug-3.10.0-327.62.59.83.h120\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h120\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h120\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h120\",\n \"kernel-devel-3.10.0-327.62.59.83.h120\",\n \"kernel-headers-3.10.0-327.62.59.83.h120\",\n \"kernel-tools-3.10.0-327.62.59.83.h120\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h120\",\n \"perf-3.10.0-327.62.59.83.h120\",\n \"python-perf-3.10.0-327.62.59.83.h120\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-05-04T15:39:44", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.159 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-13096: A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image (bnc#1100062).\n\n - CVE-2018-13097: There is an out-of-bounds read or a divide-by-zero error for an incorrect user_block_count in a corrupted f2fs image, leading to a denial of service (BUG) (bnc#1100061).\n\n - CVE-2018-13098: A denial of service (slab out-of-bounds read and BUG) can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode (bnc#1100060).\n\n - CVE-2018-13099: A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr (bnc#1100059).\n\n - CVE-2018-13100: An issue was discovered in fs/f2fs/super.c which did not properly validate secs_per_zone in a corrupted f2fs image, as demonstrated by a divide-by-zero error (bnc#1100056).\n\n - CVE-2018-14613: There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c (bnc#1102896).\n\n - CVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870).\n\n - CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable (bnc#1107829).\n\n - CVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095).\n\n - CVE-2018-16597: Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512).\n\n - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399).\n\n - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863).\n\n - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).\n\nThe following non-security bugs were fixed :\n\n - alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bnc#1012382).\n\n - alsa: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bnc#1012382).\n\n - alsa: hda - Fix cancel_work_sync() stall from jackpoll work (bnc#1012382).\n\n - alsa: msnd: Fix the default sample sizes (bnc#1012382).\n\n - alsa: pcm: Fix snd_interval_refine first/last with open min/max (bnc#1012382).\n\n - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro (bnc#1012382).\n\n - arc: [plat-axs*]: Enable SWAP (bnc#1012382).\n\n - arm64: bpf: jit JMP_JSET_(X,K) (bsc#1110613).\n\n - arm64: Correct type for PUD macros (bsc#1110600).\n\n - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger (bnc#1012382).\n\n - arm64: fix erroneous __raw_read_system_reg() cases (bsc#1110606).\n\n - arm64: Fix potential race with hardware DBM in ptep_set_access_flags() (bsc#1110605).\n\n - arm64: fpsimd: Avoid FPSIMD context leakage for the init task (bsc#1110603).\n\n - arm64: kasan: avoid bad virt_to_pfn() (bsc#1110612).\n\n - arm64: kasan: avoid pfn_to_nid() before page array is initialized (bsc#1110619).\n\n - arm64/kasan: do not allocate extra shadow memory (bsc#1110611).\n\n - arm64: kernel: Update kerneldoc for cpu_suspend() rename (bsc#1110602).\n\n - arm64: kgdb: handle read-only text / modules (bsc#1110604).\n\n - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow (bsc#1110618).\n\n - arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails (bsc#1110601).\n\n - arm64: supported.conf: mark armmmci as not supported\n\n - arm64 Update config files. (bsc#1110468) Set MMC_QCOM_DML to build-in and delete driver from supported.conf\n\n - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1110614).\n\n - arm: exynos: Clear global variable on init error path (bnc#1012382).\n\n - arm: hisi: check of_iomap and fix missing of_node_put (bnc#1012382).\n\n - arm: hisi: fix error handling and missing of_node_put (bnc#1012382).\n\n - arm: hisi: handle of_iomap and fix missing of_node_put (bnc#1012382).\n\n - asm/sections: add helpers to check for section data (bsc#1063026).\n\n - asoc: cs4265: fix MMTLR Data switch control (bnc#1012382).\n\n - asoc: wm8994: Fix missing break in switch (bnc#1012382).\n\n - ata: libahci: Correct setting of DEVSLP register (bnc#1012382).\n\n - ath10k: disable bundle mgmt tx completion event support (bnc#1012382).\n\n - ath10k: prevent active scans on potential unusable channels (bnc#1012382).\n\n - audit: fix use-after-free in audit_add_watch (bnc#1012382).\n\n - autofs: fix autofs_sbi() does not check super block type (bnc#1012382).\n\n - binfmt_elf: Respect error return from `regset->active' (bnc#1012382).\n\n - block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979).\n\n - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bnc#1012382).\n\n - Bluetooth: hidp: Fix handling of strncpy for hid->name information (bnc#1012382).\n\n - bpf: fix overflow in prog accounting (bsc#1012382).\n\n - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bnc#1012382).\n\n - btrfs: replace: Reset on-disk dev stats value after replace (bnc#1012382).\n\n - btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096).\n\n - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: use correct compare function of dirty_metadata_bytes (bnc#1012382).\n\n - btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - cfq: Give a chance for arming slice idle timer in case of group_idle (bnc#1012382).\n\n - cifs: check if SMB2 PDU size has been padded and suppress the warning (bnc#1012382).\n\n - cifs: fix wrapping bugs in num_entries() (bnc#1012382).\n\n - cifs: integer overflow in in SMB2_ioctl() (bsc#1012382).\n\n - cifs: prevent integer overflow in nxt_dir_entry() (bnc#1012382).\n\n - clk: imx6ul: fix missing of_node_put() (bnc#1012382).\n\n - coresight: Handle errors in finding input/output ports (bnc#1012382).\n\n - coresight: tpiu: Fix disabling timeouts (bnc#1012382).\n\n - cpu/hotplug: Fix SMT supported evaluation (bsc#1089343).\n\n - crypto: clarify licensing of OpenSSL asm code ().\n\n - crypto: sharah - Unregister correct algorithms for SAHARA 3 (bnc#1012382).\n\n - crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes).\n\n - debugobjects: Make stack check warning more informative (bnc#1012382).\n\n - Define early_radix_enabled() (bsc#1094244).\n\n - Delete patches.fixes/slab-__GFP_ZERO-is-incompatible-with-a-con structor.patch (bnc#1110297) we still have a code which uses both __GFP_ZERO and constructors. The code seems to be correct and the warning does more harm than good so revert for the the meantime until we catch offenders.\n\n - dmaengine: pl330: fix irq race with terminate_all (bnc#1012382).\n\n - dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382).\n\n - dm-mpath: do not try to access NULL rq (bsc#1110337).\n\n - dm-mpath: finally fixup cmd_flags (bsc#1110930).\n\n - drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac config (bnc#1012382).\n\n - drivers: net: cpsw: fix segfault in case of bad phy-handle (bnc#1012382).\n\n - drm/amdkfd: Fix error codes in kfd_get_process (bnc#1012382).\n\n - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in connector_detect() (bnc#1012382).\n\n - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bnc#1012382).\n\n - EDAC: Fix memleak in module init error path (bsc#1109441).\n\n - EDAC, i7core: Fix memleaks and use-after-free on probe and remove (1109441).\n\n - ethernet: ti: davinci_emac: add missing of_node_put after calling of_parse_phandle (bnc#1012382).\n\n - ethtool: Remove trailing semicolon for static inline (bnc#1012382).\n\n - ext4: avoid divide by zero fault when deleting corrupted inline directories (bnc#1012382).\n\n - ext4: do not mark mmp buffer head dirty (bnc#1012382).\n\n - ext4: fix online resize's handling of a too-small final block group (bnc#1012382).\n\n - ext4: fix online resizing for bigalloc file systems with a 1k block size (bnc#1012382).\n\n - ext4: recalucate superblock checksum after updating free blocks/inodes (bnc#1012382).\n\n - f2fs: do not set free of current section (bnc#1012382).\n\n - f2fs: fix to do sanity check with (sit,nat)_ver_bitmap_bytesize (bnc#1012382).\n\n - fat: validate ->i_start before using (bnc#1012382).\n\n - fbdev: Distinguish between interlaced and progressive modes (bnc#1012382).\n\n - fbdev/via: fix defined but not used warning (bnc#1012382).\n\n - Follow-up fix for patches.arch/01-jump_label-reduce-the-size-of-struct-sta tic_key-kabi.patch. (bsc#1108803)\n\n - fork: do not copy inconsistent signal handler state to child (bnc#1012382).\n\n - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (bnc#1012382).\n\n - fs/eventpoll: loosen irq-safety when possible (bsc#1096052).\n\n - genirq: Delay incrementing interrupt count if it's disabled/pending (bnc#1012382).\n\n - gfs2: Special-case rindex for gfs2_grow (bnc#1012382).\n\n - gpiolib: Mark gpio_suffixes array with __maybe_unused (bnc#1012382).\n\n - gpio: ml-ioh: Fix buffer underwrite on probe error path (bnc#1012382).\n\n - gpio: tegra: Move driver registration to subsys_init level (bnc#1012382).\n\n - gso_segment: Reset skb->mac_len after modifying network header (bnc#1012382).\n\n - hfsplus: do not return 0 when fill_super() failed (bnc#1012382).\n\n - hfs: prevent crash on exit from failed search (bnc#1012382).\n\n - HID: sony: Support DS4 dongle (bnc#1012382).\n\n - HID: sony: Update device ids (bnc#1012382).\n\n - i2c: i801: fix DNV's SMBCTRL register offset (bnc#1012382).\n\n - i2c: xiic: Make the start and the byte count write atomic (bnc#1012382).\n\n - i2c: xlp9xx: Add support for SMBAlert (bsc#1103308).\n\n - i2c: xlp9xx: Fix case where SSIF read transaction completes early (bsc#1103308).\n\n - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1103308).\n\n - i2c: xlp9xx: Make sure the transfer size is not more than I2C_SMBUS_BLOCK_SIZE (bsc#1103308).\n\n - ib/ipoib: Avoid a race condition between start_xmit and cm_rep_handler (bnc#1012382).\n\n - ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562).\n\n - input: atmel_mxt_ts - only use first T9 instance (bnc#1012382).\n\n - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105).\n\n - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register (bnc#1012382).\n\n - iommu/ipmmu-vmsa: Fix allocation in atomic context (bnc#1012382).\n\n - ipmi:ssif: Add support for multi-part transmit messages > 2 parts (bsc#1103308).\n\n - ipv6: fix possible use-after-free in ip6_xmit() (bnc#1012382).\n\n - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bnc#1012382).\n\n - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bnc#1012382).\n\n - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() (bnc#1012382).\n\n - iw_cxgb4: only allow 1 flush on user qps (bnc#1012382).\n\n - KABI: move the new handler to end of machdep_calls and hide it from genksyms (bsc#1094244).\n\n - kabi protect hnae_ae_ops (bsc#1107924).\n\n - kbuild: add .DELETE_ON_ERROR special target (bnc#1012382).\n\n - kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382).\n\n - kernel/params.c: downgrade warning for unsafe parameters (bsc#1050549).\n\n - kprobes/x86: Release insn_slot in failure path (bsc#1110006).\n\n - kthread: fix boot hang (regression) on MIPS/OpenRISC (bnc#1012382).\n\n - kthread: Fix use-after-free if kthread fork fails (bnc#1012382).\n\n - kvm: nVMX: Do not expose MPX VMX controls when guest MPX disabled (bsc#1106240).\n\n - kvm: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240).\n\n - kvm: x86: Do not re-(try,execute) after failed emulation in L2 (bsc#1106240).\n\n - kvm: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240).\n\n - kvm: x86: fix APIC page invalidation (bsc#1106240).\n\n - kvm/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240).\n\n - kvm: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (bsc#1106240).\n\n - l2tp: cast l2tp traffic counter to unsigned (bsc#1099810).\n\n - locking/osq_lock: Fix osq_lock queue corruption (bnc#1012382).\n\n - locking/rwsem-xadd: Fix missed wakeup due to reordering of load (bnc#1012382).\n\n - lpfc: fixup crash in lpfc_els_unsol_buffer() (bsc#1107318).\n\n - mac80211: restrict delayed tailroom needed decrement (bnc#1012382).\n\n - macintosh/via-pmu: Add missing mmio accessors (bnc#1012382).\n\n - md/raid1: exit sync request if MD_RECOVERY_INTR is set (git-fixes).\n\n - md/raid5: fix data corruption of replacements after originals dropped (bnc#1012382).\n\n - media: videobuf2-core: check for q->error in vb2_core_qbuf() (bnc#1012382).\n\n - mei: bus: type promotion bug in mei_nfc_if_version() (bnc#1012382).\n\n - mei: me: allow runtime pm for platform with D0i3 (bnc#1012382).\n\n - mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382).\n\n - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bnc#1012382).\n\n - misc: hmc6352: fix potential Spectre v1 (bnc#1012382).\n\n - misc: mic: SCIF Fix scif_get_new_port() error handling (bnc#1012382).\n\n - misc: ti-st: Fix memory leak in the error path of probe() (bnc#1012382).\n\n - mmc: mmci: stop building qcom dml as module (bsc#1110468).\n\n - mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382).\n\n - mm: fix devmem_is_allowed() for sub-page System RAM intersections (bsc#1110006).\n\n - mm: get rid of vmacache_flush_all() entirely (bnc#1012382).\n\n - mm: shmem.c: Correctly annotate new inodes for lockdep (bnc#1012382).\n\n - mtdchar: fix overflows in adjustment of `count` (bnc#1012382).\n\n - mtd/maps: fix solutionengine.c printk format warnings (bnc#1012382).\n\n - neighbour: confirm neigh entries when ARP packet is received (bnc#1012382).\n\n - net/9p: fix error path of p9_virtio_probe (bnc#1012382).\n\n - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (bnc#1012382).\n\n - net: bcmgenet: use MAC link status for fixed phy (bnc#1012382).\n\n - net: dcb: For wild-card lookups, use priority -1, not 0 (bnc#1012382).\n\n - net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108240).\n\n - net: ena: fix device destruction to gracefully free resources (bsc#1108240).\n\n - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240).\n\n - net: ena: fix incorrect usage of memory barriers (bsc#1108240).\n\n - net: ena: fix missing calls to READ_ONCE (bsc#1108240).\n\n - net: ena: fix missing lock during device destruction (bsc#1108240).\n\n - net: ena: fix potential double ena_destroy_device() (bsc#1108240).\n\n - net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108240).\n\n - net: ethernet: mvneta: Fix napi structure mixup on armada 3700 (bsc#1110616).\n\n - net: ethernet: ti: cpsw: fix mdio device reference leak (bnc#1012382).\n\n - netfilter: x_tables: avoid stack-out-of-bounds read in xt_copy_counters_from_user (bnc#1012382).\n\n - net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924).\n\n - net: hns: add the code for cleaning pkt in chip (bsc#1107924).\n\n - net: hp100: fix always-true check for link up state (bnc#1012382).\n\n - net: mvneta: fix mtu change on port without link (bnc#1012382).\n\n - net: mvneta: fix mvneta_config_rss on armada 3700 (bsc#1110615).\n\n - nfc: Fix possible memory corruption when handling SHDLC I-Frame commands (bnc#1012382).\n\n - nfc: Fix the number of pipes (bnc#1012382).\n\n - nfs: Use an appropriate work queue for direct-write completion (bsc#1082519).\n\n - nfsv4.0 fix client reference leak in callback (bnc#1012382).\n\n - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189).\n\n - nvmet: fixup crash on NULL device path (bsc#1082979).\n\n - ocfs2: fix ocfs2 read block panic (bnc#1012382).\n\n - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512)\n\n - ovl: proper cleanup of workdir (bnc#1012382).\n\n - ovl: rename is_merge to is_lowest (bnc#1012382).\n\n - parport: sunbpp: fix error return code (bnc#1012382).\n\n - partitions/aix: append null character to print data from disk (bnc#1012382).\n\n - partitions/aix: fix usage of uninitialized lv_info and lvname structures (bnc#1012382).\n\n - PCI: altera: Fix bool initialization in tlp_read_packet() (bsc#1109806).\n\n - PCI: designware: Fix I/O space page leak (bsc#1109806).\n\n - PCI: designware: Fix pci_remap_iospace() failure path (bsc#1109806).\n\n - PCI: mvebu: Fix I/O space end address calculation (bnc#1012382).\n\n - PCI: OF: Fix I/O space page leak (bsc#1109806).\n\n - PCI: pciehp: Fix unprotected list iteration in IRQ handler (bsc#1109806).\n\n - PCI: shpchp: Fix AMD POGO identification (bsc#1109806).\n\n - PCI: Supply CPU physical address (not bus address) to iomem_is_exclusive() (bsc#1109806).\n\n - PCI: versatile: Fix I/O space page leak (bsc#1109806).\n\n - PCI: versatile: Fix pci_remap_iospace() failure path (bsc#1109806).\n\n - PCI: xgene: Fix I/O space page leak (bsc#1109806).\n\n - PCI: xilinx: Add missing of_node_put() (bsc#1109806).\n\n - perf powerpc: Fix callchain ip filtering (bnc#1012382).\n\n - perf powerpc: Fix callchain ip filtering when return address is in a register (bnc#1012382).\n\n - perf tools: Allow overriding MAX_NR_CPUS at compile time (bnc#1012382).\n\n - phy: qcom-ufs: add MODULE_LICENSE tag (bsc#1110468).\n\n - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant (bnc#1012382).\n\n - pipe: actually allow root to exceed the pipe buffer limit (git-fixes).\n\n - platform/x86: alienware-wmi: Correct a memory leak (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bnc#1012382).\n\n - platform/x86: toshiba_acpi: Fix defined but not used build warnings (bnc#1012382).\n\n - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244).\n\n - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244).\n\n - powerpc/book3s: Fix MCE console messages for unrecoverable MCE (bsc#1094244).\n\n - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269).\n\n - powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823).\n\n - powerpc: Fix size calculation using resource_size() (bnc#1012382).\n\n - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244).\n\n - powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244).\n\n - powerpc/numa: Use associativity if VPHN hcall is successful (bsc#1110363).\n\n - powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check (git-fixes).\n\n - powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1066223).\n\n - powerpc/powernv: opal_put_chars partial write fix (bnc#1012382).\n\n - powerpc/powernv: Rename machine_check_pSeries_early() to powernv (bsc#1094244).\n\n - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bnc#1012382).\n\n - powerpc/pseries: Defer the logging of rtas error to irq work queue (bsc#1094244).\n\n - powerpc/pseries: Define MCE error event section (bsc#1094244).\n\n - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223).\n\n - powerpc/pseries: Display machine check error details (bsc#1094244).\n\n - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244).\n\n - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244).\n\n - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337).\n\n - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337).\n\n - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333).\n\n - powerpc/tm: Fix userspace r13 corruption (bsc#1109333).\n\n - printk: do not spin in printk when in nmi (bsc#1094244).\n\n - pstore: Fix incorrect persistent ram buffer mapping (bnc#1012382).\n\n - rdma/cma: Do not ignore net namespace for unbound cm_id (bnc#1012382).\n\n - rdma/cma: Protect cma dev list with lock (bnc#1012382).\n\n - rdma/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header (bsc#1082979).\n\n - reiserfs: change j_timestamp type to time64_t (bnc#1012382).\n\n - Revert 'ARM: imx_v6_v7_defconfig: Select ULPI support' (bnc#1012382).\n\n - Revert 'dma-buf/sync-file: Avoid enable fence signaling if poll(.timeout=0)' (bsc#1111363).\n\n - Revert 'Drop kernel trampoline stack.' This reverts commit 85dead31706c1c1755adff90405ff9861c39c704.\n\n - Revert 'kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)' This reverts commit edde1f21880e3bfe244c6f98a3733b05b13533dc.\n\n - Revert 'mm: get rid of vmacache_flush_all() entirely' (kabi).\n\n - Revert 'NFC: Fix the number of pipes' (kabi).\n\n - ring-buffer: Allow for rescheduling when removing pages (bnc#1012382).\n\n - rtc: bq4802: add error handling for devm_ioremap (bnc#1012382).\n\n - s390/dasd: fix hanging offline processing due to canceled worker (bnc#1012382).\n\n - s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT (bnc#1108315, LTC#171326).\n\n - s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382 bnc#1106934).\n\n - s390/qeth: fix race in used-buffer accounting (bnc#1012382).\n\n - s390/qeth: reset layer2 attribute on layer switch (bnc#1012382).\n\n - s390/qeth: use vzalloc for QUERY OAT buffer (bnc#1108315, LTC#171527).\n\n - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes).\n\n - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup (Git-fixes).\n\n - sch_hhf: fix NULL pointer dereference on init failure (bnc#1012382).\n\n - sch_htb: fix crash on init failure (bnc#1012382).\n\n - sch_multiq: fix double free on init failure (bnc#1012382).\n\n - sch_netem: avoid NULL pointer deref on init failure (bnc#1012382).\n\n - sch_tbf: fix two NULL pointer dereferences on init failure (bnc#1012382).\n\n - scripts: modpost: check memory allocation results (bnc#1012382).\n\n - scsi: 3ware: fix return 0 on the error path of probe (bnc#1012382).\n\n - scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382).\n\n - scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336).\n\n - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427).\n\n - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427).\n\n - scsi: qla2xxx: Add longer window for chip reset (bsc#1094555).\n\n - scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555).\n\n - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427).\n\n - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555).\n\n - scsi: qla2xxx: correctly shift host byte (bsc#1094555).\n\n - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555).\n\n - scsi: qla2xxx: Delete session for nport id change (bsc#1094555).\n\n - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427).\n\n - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555).\n\n - scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555).\n\n - scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555).\n\n - scsi: qla2xxx: fix error message on <qla2400 (bsc#1094555).\n\n - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427).\n\n - scsi: qla2xxx: Fix function argument descriptions (bsc#1094555).\n\n - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode (bsc#1094555).\n\n - scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() (bsc#1094555).\n\n - scsi: qla2xxx: Fix login retry count (bsc#1094555).\n\n - scsi: qla2xxx: Fix Management Server NPort handle reservation logic (bsc#1094555).\n\n - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1094555).\n\n - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084427).\n\n - scsi: qla2xxx: Fix N2N link re-connect (bsc#1094555).\n\n - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion (bsc#1094555).\n\n - scsi: qla2xxx: Fix race between switch cmd completion and timeout (bsc#1094555).\n\n - scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (bsc#1094555).\n\n - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1094555).\n\n - scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427).\n\n - scsi: qla2xxx: Fix Rport and session state getting out of sync (bsc#1094555).\n\n - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1094555).\n\n - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1094555).\n\n - scsi: qla2xxx: Fix stalled relogin (bsc#1094555).\n\n - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1094555).\n\n - scsi: qla2xxx: Fix unintended Logout (bsc#1094555).\n\n - scsi: qla2xxx: Fix unintialized List head crash (bsc#1094555).\n\n - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1094555).\n\n - scsi: qla2xxx: fx00 copypaste typo (bsc#1094555).\n\n - scsi: qla2xxx: Migrate NVME N2N handling into state machine (bsc#1094555).\n\n - scsi: qla2xxx: Move GPSC and GFPNID out of session management (bsc#1094555).\n\n - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1094555).\n\n - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1094555).\n\n - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1094555).\n\n - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1094555).\n\n - scsi: qla2xxx: Remove nvme_done_list (bsc#1084427).\n\n - scsi: qla2xxx: Remove stale debug value for login_retry flag (bsc#1094555).\n\n - scsi: qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe (bsc#1084427).\n\n - scsi: qla2xxx: Restore ZIO threshold setting (bsc#1084427).\n\n - scsi: qla2xxx: Return busy if rport going away (bsc#1084427).\n\n - scsi: qla2xxx: Save frame payload size from ICB (bsc#1094555).\n\n - scsi: qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote() (bsc#1084427).\n\n - scsi: qla2xxx: Silent erroneous message (bsc#1094555).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1094555).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1094555).\n\n - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1094555).\n\n - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function (bsc#1094555).\n\n - scsi: target: fix __transport_register_session locking (bnc#1012382).\n\n - selftests/powerpc: Kill child processes on SIGINT (bnc#1012382).\n\n - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock adjustments are in progress (bnc#1012382).\n\n - selinux: use GFP_NOWAIT in the AVC kmem_caches (bnc#1012382).\n\n - smb3: fix reset of bytes read and written stats (bnc#1012382).\n\n - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS (bnc#1012382).\n\n - srcu: Allow use of Tiny/Tree SRCU from both process and interrupt context (bsc#1050549).\n\n - staging: android: ion: fix ION_IOC_(MAP,SHARE) use-after-free (bnc#1012382).\n\n - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bnc#1012382).\n\n - staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page (bnc#1012382).\n\n - staging/rts5208: Fix read overflow in memcpy (bnc#1012382).\n\n - stop_machine: Atomically queue and wake stopper threads (git-fixes).\n\n - tcp: do not restart timewait timer on rst reception (bnc#1012382).\n\n - Tools: hv: Fix a bug in the key delete code (bnc#1012382).\n\n - tty: Drop tty->count on tty_reopen() failure (bnc#1105428). As this depends on earlier tty patches, they were moved to the sorted section too.\n\n - tty: rocket: Fix possible buffer overwrite on register_PCI (bnc#1012382).\n\n - tty: vt_ioctl: fix potential Spectre v1 (bnc#1012382).\n\n - uio: potential double frees if __uio_register_device() fails (bnc#1012382).\n\n - Update patches.suse/dm-Always-copy-cmd_flags-when-cloning-a-req uest.patch (bsc#1088087, bsc#1103156).\n\n - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB controller (bnc#1012382).\n\n - USB: Add quirk to support DJI CineSSD (bnc#1012382).\n\n - usb: Avoid use-after-free by flushing endpoints early in usb_set_interface() (bnc#1012382).\n\n - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt() (bnc#1012382).\n\n - usb: Do not die twice if PCI xhci host is not responding in resume (bnc#1012382).\n\n - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in u132_get_frame() (bnc#1012382).\n\n - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547).\n\n - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bnc#1012382).\n\n - USB: net2280: Fix erroneous synchronization change (bnc#1012382).\n\n - USB: serial: io_ti: fix array underflow in completion handler (bnc#1012382).\n\n - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler (bnc#1012382).\n\n - USB: yurex: Fix buffer over-read in yurex_write() (bnc#1012382).\n\n - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405).\n\n - video: goldfishfb: fix memory leak on driver remove (bnc#1012382).\n\n - vmw_balloon: include asm/io.h (bnc#1012382).\n\n - vti6: remove !skb->ignore_df check from vti6_xmit() (bnc#1012382).\n\n - watchdog: w83627hf: Added NCT6102D support (bsc#1106434).\n\n - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).\n\n - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump (bsc#1110006).\n\n - x86/apic: Split disable_IO_APIC() into two functions to fix CONFIG_KEXEC_JUMP=y (bsc#1110006).\n\n - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC() (bsc#1110006).\n\n - x86/boot: Fix 'run_size' calculation (bsc#1110006).\n\n - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).\n\n - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597).\n\n - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bnc#1012382).\n\n - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006).\n\n - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bnc#1012382).\n\n - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382).\n\n - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006).\n\n - x86/vdso: Fix vDSO build if a retpoline is emitted (bsc#1110006).\n\n - x86/vdso: Fix vDSO syscall fallback asm constraint regression (bsc#1110006).\n\n - x86/vdso: Only enable vDSO retpolines when enabled and supported (bsc#1110006).\n\n - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).\n\n - xen/blkfront: correct purging of persistent grants (bnc#1065600).\n\n - xen: issue warning message when out of grant maptrack entries (bsc#1105795).\n\n - xen/netfront: do not bug in case of too many frags (bnc#1012382).\n\n - xen-netfront: fix queue name setting (bnc#1012382).\n\n - xen/netfront: fix waiting for xenbus state change (bnc#1012382).\n\n - xen-netfront: fix warn message as irq device name has '/' (bnc#1012382).\n\n - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling code (bnc#1012382).\n\n - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344).\n\n - xfs: add asserts for the mmap lock in xfs_(insert,collapse)_file_space (bsc#1095344).\n\n - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).\n\n - xfs: add a xfs_iext_update_extent helper (bsc#1095344).\n\n - xfs: add comments documenting the rebalance algorithm (bsc#1095344).\n\n - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344).\n\n - xfs: add xfs_trim_extent (bsc#1095344).\n\n - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344).\n\n - xfs: borrow indirect blocks from freed extent when available (bsc#1095344).\n\n - xfs: cleanup xfs_bmap_last_before (bsc#1095344).\n\n - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344).\n\n - xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344).\n\n - xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344).\n\n - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344).\n\n - xfs: during btree split, save new block key & ptr for future insertion (bsc#1095344).\n\n - xfs: factor out a helper to initialize a local format inode fork (bsc#1095344).\n\n - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344).\n\n - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344).\n\n - xfs: fix transaction allocation deadlock in IO path (bsc#1090535).\n\n - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344).\n\n - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344).\n\n - xfs: improve kmem_realloc (bsc#1095344).\n\n - xfs: inline xfs_shift_file_space into callers (bsc#1095344).\n\n - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344).\n\n - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344).\n\n - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344).\n\n - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344).\n\n - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344).\n\n - xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344).\n\n - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344).\n\n - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344).\n\n - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344).\n\n - xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344).\n\n - xfs: new inode extent list lookup helpers (bsc#1095344).\n\n - xfs: only run torn log write detection on dirty logs (bsc#1095753).\n\n - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344).\n\n - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344).\n\n - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344).\n\n - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344).\n\n - xfs: provide helper for counting extents from if_bytes (bsc#1095344).\n\n - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344).\n\n - xfs: refactor delalloc indlen reservation split into helper (bsc#1095344).\n\n - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344).\n\n - xfs: refactor in-core log state update to helper (bsc#1095753).\n\n - xfs: refactor unmount record detection into helper (bsc#1095753).\n\n - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344).\n\n - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344).\n\n - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344).\n\n - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344).\n\n - xfs: refactor xfs_bunmapi_cow (bsc#1095344).\n\n - xfs: refactor xfs_del_extent_real (bsc#1095344).\n\n - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344).\n\n - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344).\n\n - xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344).\n\n - xfs: remove if_rdev (bsc#1095344).\n\n - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344).\n\n - xfs: remove support for inlining data/extents into the inode fork (bsc#1095344).\n\n - xfs: remove the never fully implemented UUID fork format (bsc#1095344).\n\n - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344).\n\n - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344).\n\n - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).\n\n - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).\n\n - xfs: remove xfs_bmbt_get_state (bsc#1095344).\n\n - xfs: remove xfs_bmse_shift_one (bsc#1095344).\n\n - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).\n\n - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344).\n\n - xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344).\n\n - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344).\n\n - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344).\n\n - xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344).\n\n - xfs: separate log head record discovery from verification (bsc#1095753).\n\n - xfs: simplify the xfs_getbmap interface (bsc#1095344).\n\n - xfs: simplify validation of the unwritten extent bit (bsc#1095344).\n\n - xfs: split indlen reservations fairly when under reserved (bsc#1095344).\n\n - xfs: split xfs_bmap_shift_extents (bsc#1095344).\n\n - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344).\n\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344).\n\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344).\n\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344).\n\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344).\n\n - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344).\n\n - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344).\n\n - xfs: update freeblocks counter after extent deletion (bsc#1095344).\n\n - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344).\n\n - xfs: use a b+tree for the in-core extent list (bsc#1095344).\n\n - xfs: use correct state defines in xfs_bmap_del_extent_(cow,delay) (bsc#1095344).\n\n - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344).\n\n - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344).\n\n - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344).\n\n - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344).\n\n - xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344).\n\n - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344).\n\n - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344).\n\n - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344).\n\n - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344).\n\n - xfrm: fix 'passing zero to ERR_PTR()' warning (bnc#1012382).", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-18T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2018-1184)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14613", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-16276", "CVE-2018-16597", "CVE-2018-17182", "CVE-2018-7480", "CVE-2018-7757"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1184.NASL", "href": "https://www.tenable.com/plugins/nessus/118194", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1184.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118194);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-13096\", \"CVE-2018-13097\", \"CVE-2018-13098\", \"CVE-2018-13099\", \"CVE-2018-13100\", \"CVE-2018-14613\", \"CVE-2018-14617\", \"CVE-2018-14633\", \"CVE-2018-16276\", \"CVE-2018-16597\", \"CVE-2018-17182\", \"CVE-2018-7480\", \"CVE-2018-7757\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2018-1184)\");\n script_summary(english:\"Check for the openSUSE-2018-1184 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to 4.4.159 to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-13096: A denial of service (out-of-bounds\n memory access and BUG) can occur upon encountering an\n abnormal bitmap size when mounting a crafted f2fs image\n (bnc#1100062).\n\n - CVE-2018-13097: There is an out-of-bounds read or a\n divide-by-zero error for an incorrect user_block_count\n in a corrupted f2fs image, leading to a denial of\n service (BUG) (bnc#1100061).\n\n - CVE-2018-13098: A denial of service (slab out-of-bounds\n read and BUG) can occur for a modified f2fs filesystem\n image in which FI_EXTRA_ATTR is set in an inode\n (bnc#1100060).\n\n - CVE-2018-13099: A denial of service (out-of-bounds\n memory access and BUG) can occur for a modified f2fs\n filesystem image in which an inline inode contains an\n invalid reserved blkaddr (bnc#1100059).\n\n - CVE-2018-13100: An issue was discovered in\n fs/f2fs/super.c which did not properly validate\n secs_per_zone in a corrupted f2fs image, as demonstrated\n by a divide-by-zero error (bnc#1100056).\n\n - CVE-2018-14613: There is an invalid pointer dereference\n in io_ctl_map_page() when mounting and operating a\n crafted btrfs image, because of a lack of block group\n item validation in check_leaf_item in\n fs/btrfs/tree-checker.c (bnc#1102896).\n\n - CVE-2018-14617: There is a NULL pointer dereference and\n panic in hfsplus_lookup() in fs/hfsplus/dir.c when\n opening a file (that is purportedly a hard link) in an\n hfs+ filesystem that has malformed catalog data, and is\n mounted read-only without a metadata directory\n (bnc#1102870).\n\n - CVE-2018-14633: A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target\n code in the Linux kernel in a way an authentication\n request from an ISCSI initiator is processed. An\n unauthenticated remote attacker can cause a stack-based\n buffer overflow and smash up to 17 bytes of the stack.\n The attack requires the iSCSI target to be enabled on\n the victim host. Depending on how the target's code was\n built (i.e. depending on a compiler, compile flags and\n hardware architecture) an attack may lead to a system\n crash and thus to a denial-of-service or possibly to a\n non-authorized access to data exported by an iSCSI\n target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is highly unlikely. Kernel versions 4.18.x,\n 4.14.x and 3.10.x are believed to be vulnerable\n (bnc#1107829).\n\n - CVE-2018-16276: Local attackers could use user access\n read/writes with incorrect bounds checking in the yurex\n USB driver to crash the kernel or potentially escalate\n privileges (bnc#1106095).\n\n - CVE-2018-16597: Incorrect access checking in overlayfs\n mounts could be used by local attackers to modify or\n truncate files in the underlying filesystem\n (bnc#1106512).\n\n - CVE-2018-17182: The vmacache_flush_all function in\n mm/vmacache.c mishandled sequence number overflows. An\n attacker can trigger a use-after-free (and possibly gain\n privileges) via certain thread creation, map, unmap,\n invalidation, and dereference operations (bnc#1108399).\n\n - CVE-2018-7480: The blkcg_init_queue function in\n block/blk-cgroup.c allowed local users to cause a denial\n of service (double free) or possibly have unspecified\n other impact by triggering a creation failure\n (bnc#1082863).\n\n - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events\n function in drivers/scsi/libsas/sas_expander.c allowed\n local users to cause a denial of service (memory\n consumption) via many read accesses to files in the\n /sys/class/sas_phy directory, as demonstrated by the\n /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file\n (bnc#1084536).\n\nThe following non-security bugs were fixed :\n\n - alsa: bebob: use address returned by kmalloc() instead\n of kernel stack for streaming DMA mapping (bnc#1012382).\n\n - alsa: emu10k1: fix possible info leak to userspace on\n SNDRV_EMU10K1_IOCTL_INFO (bnc#1012382).\n\n - alsa: hda - Fix cancel_work_sync() stall from jackpoll\n work (bnc#1012382).\n\n - alsa: msnd: Fix the default sample sizes (bnc#1012382).\n\n - alsa: pcm: Fix snd_interval_refine first/last with open\n min/max (bnc#1012382).\n\n - alsa: usb-audio: Fix multiple definitions in\n AU0828_DEVICE() macro (bnc#1012382).\n\n - arc: [plat-axs*]: Enable SWAP (bnc#1012382).\n\n - arm64: bpf: jit JMP_JSET_(X,K) (bsc#1110613).\n\n - arm64: Correct type for PUD macros (bsc#1110600).\n\n - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger\n (bnc#1012382).\n\n - arm64: fix erroneous __raw_read_system_reg() cases\n (bsc#1110606).\n\n - arm64: Fix potential race with hardware DBM in\n ptep_set_access_flags() (bsc#1110605).\n\n - arm64: fpsimd: Avoid FPSIMD context leakage for the init\n task (bsc#1110603).\n\n - arm64: kasan: avoid bad virt_to_pfn() (bsc#1110612).\n\n - arm64: kasan: avoid pfn_to_nid() before page array is\n initialized (bsc#1110619).\n\n - arm64/kasan: do not allocate extra shadow memory\n (bsc#1110611).\n\n - arm64: kernel: Update kerneldoc for cpu_suspend() rename\n (bsc#1110602).\n\n - arm64: kgdb: handle read-only text / modules\n (bsc#1110604).\n\n - arm64/mm/kasan: do not use vmemmap_populate() to\n initialize shadow (bsc#1110618).\n\n - arm64: ptrace: Avoid setting compat FP[SC]R to garbage\n if get_user fails (bsc#1110601).\n\n - arm64: supported.conf: mark armmmci as not supported\n\n - arm64 Update config files. (bsc#1110468) Set\n MMC_QCOM_DML to build-in and delete driver from\n supported.conf\n\n - arm64: vdso: fix clock_getres for 4GiB-aligned res\n (bsc#1110614).\n\n - arm: exynos: Clear global variable on init error path\n (bnc#1012382).\n\n - arm: hisi: check of_iomap and fix missing of_node_put\n (bnc#1012382).\n\n - arm: hisi: fix error handling and missing of_node_put\n (bnc#1012382).\n\n - arm: hisi: handle of_iomap and fix missing of_node_put\n (bnc#1012382).\n\n - asm/sections: add helpers to check for section data\n (bsc#1063026).\n\n - asoc: cs4265: fix MMTLR Data switch control\n (bnc#1012382).\n\n - asoc: wm8994: Fix missing break in switch (bnc#1012382).\n\n - ata: libahci: Correct setting of DEVSLP register\n (bnc#1012382).\n\n - ath10k: disable bundle mgmt tx completion event support\n (bnc#1012382).\n\n - ath10k: prevent active scans on potential unusable\n channels (bnc#1012382).\n\n - audit: fix use-after-free in audit_add_watch\n (bnc#1012382).\n\n - autofs: fix autofs_sbi() does not check super block type\n (bnc#1012382).\n\n - binfmt_elf: Respect error return from `regset->active'\n (bnc#1012382).\n\n - block: bvec_nr_vecs() returns value for wrong slab\n (bsc#1082979).\n\n - Bluetooth: h5: Fix missing dependency on\n BT_HCIUART_SERDEV (bnc#1012382).\n\n - Bluetooth: hidp: Fix handling of strncpy for hid->name\n information (bnc#1012382).\n\n - bpf: fix overflow in prog accounting (bsc#1012382).\n\n - btrfs: Add checker for EXTENT_CSUM (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: Add sanity check for EXTENT_DATA when reading out\n leaf (bsc#1102882, bsc#1102896, bsc#1102879,\n bsc#1102877, bsc#1102875,).\n\n - btrfs: Check if item pointer overlaps with the item\n itself (bsc#1102882, bsc#1102896, bsc#1102879,\n bsc#1102877, bsc#1102875,).\n\n - btrfs: Check that each block group has corresponding\n chunk at mount time (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: Introduce mount time chunk <-> dev extent mapping\n check (bsc#1102882, bsc#1102896, bsc#1102879,\n bsc#1102877, bsc#1102875,).\n\n - btrfs: Move leaf and node validation checker to\n tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879,\n bsc#1102877, bsc#1102875,).\n\n - btrfs: relocation: Only remove reloc rb_trees if reloc\n control has been initialized (bnc#1012382).\n\n - btrfs: replace: Reset on-disk dev stats value after\n replace (bnc#1012382).\n\n - btrfs: scrub: Do not use inode page cache in\n scrub_handle_errored_block() (bsc#1108096).\n\n - btrfs: tree-checker: Add checker for dir item\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,\n bsc#1102875,).\n\n - btrfs: tree-checker: Detect invalid and empty essential\n trees (bsc#1102882, bsc#1102896, bsc#1102879,\n bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: Enhance btrfs_check_node output\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,\n bsc#1102875,).\n\n - btrfs: tree-checker: Enhance output for btrfs_check_leaf\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,\n bsc#1102875,).\n\n - btrfs: tree-checker: Enhance output for check_csum_item\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,\n bsc#1102875,).\n\n - btrfs: tree-checker: Enhance output for\n check_extent_data_item (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - btrfs: tree-checker: Fix false panic for sanity test\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,\n bsc#1102875,).\n\n - btrfs: tree-checker: Replace root parameter with fs_info\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,\n bsc#1102875,).\n\n - btrfs: tree-checker: use %zu format string for size_t\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,\n bsc#1102875,).\n\n - btrfs: tree-checker: use %zu format string for size_t\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,\n bsc#1102875,).\n\n - btrfs: tree-checker: Verify block_group_item\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877,\n bsc#1102875,).\n\n - btrfs: use correct compare function of\n dirty_metadata_bytes (bnc#1012382).\n\n - btrfs: Verify that every chunk has corresponding block\n group at mount time (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n\n - cfq: Give a chance for arming slice idle timer in case\n of group_idle (bnc#1012382).\n\n - cifs: check if SMB2 PDU size has been padded and\n suppress the warning (bnc#1012382).\n\n - cifs: fix wrapping bugs in num_entries() (bnc#1012382).\n\n - cifs: integer overflow in in SMB2_ioctl() (bsc#1012382).\n\n - cifs: prevent integer overflow in nxt_dir_entry()\n (bnc#1012382).\n\n - clk: imx6ul: fix missing of_node_put() (bnc#1012382).\n\n - coresight: Handle errors in finding input/output ports\n (bnc#1012382).\n\n - coresight: tpiu: Fix disabling timeouts (bnc#1012382).\n\n - cpu/hotplug: Fix SMT supported evaluation (bsc#1089343).\n\n - crypto: clarify licensing of OpenSSL asm code ().\n\n - crypto: sharah - Unregister correct algorithms for\n SAHARA 3 (bnc#1012382).\n\n - crypto: vmx - Remove overly verbose printk from AES XTS\n init (git-fixes).\n\n - debugobjects: Make stack check warning more informative\n (bnc#1012382).\n\n - Define early_radix_enabled() (bsc#1094244).\n\n - Delete\n patches.fixes/slab-__GFP_ZERO-is-incompatible-with-a-con\n structor.patch (bnc#1110297) we still have a code which\n uses both __GFP_ZERO and constructors. The code seems to\n be correct and the warning does more harm than good so\n revert for the the meantime until we catch offenders.\n\n - dmaengine: pl330: fix irq race with terminate_all\n (bnc#1012382).\n\n - dm kcopyd: avoid softlockup in run_complete_job\n (bnc#1012382).\n\n - dm-mpath: do not try to access NULL rq (bsc#1110337).\n\n - dm-mpath: finally fixup cmd_flags (bsc#1110930).\n\n - drivers: net: cpsw: fix parsing of phy-handle DT\n property in dual_emac config (bnc#1012382).\n\n - drivers: net: cpsw: fix segfault in case of bad\n phy-handle (bnc#1012382).\n\n - drm/amdkfd: Fix error codes in kfd_get_process\n (bnc#1012382).\n\n - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume()\n in connector_detect() (bnc#1012382).\n\n - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping\n (bnc#1012382).\n\n - EDAC: Fix memleak in module init error path\n (bsc#1109441).\n\n - EDAC, i7core: Fix memleaks and use-after-free on probe\n and remove (1109441).\n\n - ethernet: ti: davinci_emac: add missing of_node_put\n after calling of_parse_phandle (bnc#1012382).\n\n - ethtool: Remove trailing semicolon for static inline\n (bnc#1012382).\n\n - ext4: avoid divide by zero fault when deleting corrupted\n inline directories (bnc#1012382).\n\n - ext4: do not mark mmp buffer head dirty (bnc#1012382).\n\n - ext4: fix online resize's handling of a too-small final\n block group (bnc#1012382).\n\n - ext4: fix online resizing for bigalloc file systems with\n a 1k block size (bnc#1012382).\n\n - ext4: recalucate superblock checksum after updating free\n blocks/inodes (bnc#1012382).\n\n - f2fs: do not set free of current section (bnc#1012382).\n\n - f2fs: fix to do sanity check with\n (sit,nat)_ver_bitmap_bytesize (bnc#1012382).\n\n - fat: validate ->i_start before using (bnc#1012382).\n\n - fbdev: Distinguish between interlaced and progressive\n modes (bnc#1012382).\n\n - fbdev/via: fix defined but not used warning\n (bnc#1012382).\n\n - Follow-up fix for\n patches.arch/01-jump_label-reduce-the-size-of-struct-sta\n tic_key-kabi.patch. (bsc#1108803)\n\n - fork: do not copy inconsistent signal handler state to\n child (bnc#1012382).\n\n - fs/dcache.c: fix kmemcheck splat at\n take_dentry_name_snapshot() (bnc#1012382).\n\n - fs/eventpoll: loosen irq-safety when possible\n (bsc#1096052).\n\n - genirq: Delay incrementing interrupt count if it's\n disabled/pending (bnc#1012382).\n\n - gfs2: Special-case rindex for gfs2_grow (bnc#1012382).\n\n - gpiolib: Mark gpio_suffixes array with __maybe_unused\n (bnc#1012382).\n\n - gpio: ml-ioh: Fix buffer underwrite on probe error path\n (bnc#1012382).\n\n - gpio: tegra: Move driver registration to subsys_init\n level (bnc#1012382).\n\n - gso_segment: Reset skb->mac_len after modifying network\n header (bnc#1012382).\n\n - hfsplus: do not return 0 when fill_super() failed\n (bnc#1012382).\n\n - hfs: prevent crash on exit from failed search\n (bnc#1012382).\n\n - HID: sony: Support DS4 dongle (bnc#1012382).\n\n - HID: sony: Update device ids (bnc#1012382).\n\n - i2c: i801: fix DNV's SMBCTRL register offset\n (bnc#1012382).\n\n - i2c: xiic: Make the start and the byte count write\n atomic (bnc#1012382).\n\n - i2c: xlp9xx: Add support for SMBAlert (bsc#1103308).\n\n - i2c: xlp9xx: Fix case where SSIF read transaction\n completes early (bsc#1103308).\n\n - i2c: xlp9xx: Fix issue seen when updating receive length\n (bsc#1103308).\n\n - i2c: xlp9xx: Make sure the transfer size is not more\n than I2C_SMBUS_BLOCK_SIZE (bsc#1103308).\n\n - ib/ipoib: Avoid a race condition between start_xmit and\n cm_rep_handler (bnc#1012382).\n\n - ib_srp: Remove WARN_ON in srp_terminate_io()\n (bsc#1094562).\n\n - input: atmel_mxt_ts - only use first T9 instance\n (bnc#1012382).\n\n - iommu/amd: Return devid as alias for ACPI HID devices\n (bsc#1106105).\n\n - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer\n register (bnc#1012382).\n\n - iommu/ipmmu-vmsa: Fix allocation in atomic context\n (bnc#1012382).\n\n - ipmi:ssif: Add support for multi-part transmit messages\n > 2 parts (bsc#1103308).\n\n - ipv6: fix possible use-after-free in ip6_xmit()\n (bnc#1012382).\n\n - ipvs: fix race between ip_vs_conn_new() and\n ip_vs_del_dest() (bnc#1012382).\n\n - irqchip/bcm7038-l1: Hide cpu offline callback when\n building for !SMP (bnc#1012382).\n\n - irqchip/gic-v3: Add missing barrier to 32bit version of\n gic_read_iar() (bnc#1012382).\n\n - iw_cxgb4: only allow 1 flush on user qps (bnc#1012382).\n\n - KABI: move the new handler to end of machdep_calls and\n hide it from genksyms (bsc#1094244).\n\n - kabi protect hnae_ae_ops (bsc#1107924).\n\n - kbuild: add .DELETE_ON_ERROR special target\n (bnc#1012382).\n\n - kbuild: make missing $DEPMOD a Warning instead of an\n Error (bnc#1012382).\n\n - kernel/params.c: downgrade warning for unsafe parameters\n (bsc#1050549).\n\n - kprobes/x86: Release insn_slot in failure path\n (bsc#1110006).\n\n - kthread: fix boot hang (regression) on MIPS/OpenRISC\n (bnc#1012382).\n\n - kthread: Fix use-after-free if kthread fork fails\n (bnc#1012382).\n\n - kvm: nVMX: Do not expose MPX VMX controls when guest MPX\n disabled (bsc#1106240).\n\n - kvm: nVMX: Do not flush TLB when vmcs12 uses VPID\n (bsc#1106240).\n\n - kvm: x86: Do not re-(try,execute) after failed emulation\n in L2 (bsc#1106240).\n\n - kvm: x86: Do not use kvm_x86_ops->mpx_supported()\n directly (bsc#1106240).\n\n - kvm: x86: fix APIC page invalidation (bsc#1106240).\n\n - kvm/x86: remove WARN_ON() for when vm_munmap() fails\n (bsc#1106240).\n\n - kvm: x86: SVM: Call x86_spec_ctrl_set_guest/host() with\n interrupts disabled (bsc#1106240).\n\n - l2tp: cast l2tp traffic counter to unsigned\n (bsc#1099810).\n\n - locking/osq_lock: Fix osq_lock queue corruption\n (bnc#1012382).\n\n - locking/rwsem-xadd: Fix missed wakeup due to reordering\n of load (bnc#1012382).\n\n - lpfc: fixup crash in lpfc_els_unsol_buffer()\n (bsc#1107318).\n\n - mac80211: restrict delayed tailroom needed decrement\n (bnc#1012382).\n\n - macintosh/via-pmu: Add missing mmio accessors\n (bnc#1012382).\n\n - md/raid1: exit sync request if MD_RECOVERY_INTR is set\n (git-fixes).\n\n - md/raid5: fix data corruption of replacements after\n originals dropped (bnc#1012382).\n\n - media: videobuf2-core: check for q->error in\n vb2_core_qbuf() (bnc#1012382).\n\n - mei: bus: type promotion bug in mei_nfc_if_version()\n (bnc#1012382).\n\n - mei: me: allow runtime pm for platform with D0i3\n (bnc#1012382).\n\n - mfd: sm501: Set coherent_dma_mask when creating\n subdevices (bnc#1012382).\n\n - mfd: ti_am335x_tscadc: Fix struct clk memory leak\n (bnc#1012382).\n\n - misc: hmc6352: fix potential Spectre v1 (bnc#1012382).\n\n - misc: mic: SCIF Fix scif_get_new_port() error handling\n (bnc#1012382).\n\n - misc: ti-st: Fix memory leak in the error path of\n probe() (bnc#1012382).\n\n - mmc: mmci: stop building qcom dml as module\n (bsc#1110468).\n\n - mm/fadvise.c: fix signed overflow UBSAN complaint\n (bnc#1012382).\n\n - mm: fix devmem_is_allowed() for sub-page System RAM\n intersections (bsc#1110006).\n\n - mm: get rid of vmacache_flush_all() entirely\n (bnc#1012382).\n\n - mm: shmem.c: Correctly annotate new inodes for lockdep\n (bnc#1012382).\n\n - mtdchar: fix overflows in adjustment of `count`\n (bnc#1012382).\n\n - mtd/maps: fix solutionengine.c printk format warnings\n (bnc#1012382).\n\n - neighbour: confirm neigh entries when ARP packet is\n received (bnc#1012382).\n\n - net/9p: fix error path of p9_virtio_probe (bnc#1012382).\n\n - net/appletalk: fix minor pointer leak to userspace in\n SIOCFINDIPDDPRT (bnc#1012382).\n\n - net: bcmgenet: use MAC link status for fixed phy\n (bnc#1012382).\n\n - net: dcb: For wild-card lookups, use priority -1, not 0\n (bnc#1012382).\n\n - net: ena: Eliminate duplicate barriers on weakly-ordered\n archs (bsc#1108240).\n\n - net: ena: fix device destruction to gracefully free\n resources (bsc#1108240).\n\n - net: ena: fix driver when PAGE_SIZE == 64kB\n (bsc#1108240).\n\n - net: ena: fix incorrect usage of memory barriers\n (bsc#1108240).\n\n - net: ena: fix missing calls to READ_ONCE (bsc#1108240).\n\n - net: ena: fix missing lock during device destruction\n (bsc#1108240).\n\n - net: ena: fix potential double ena_destroy_device()\n (bsc#1108240).\n\n - net: ena: fix surprise unplug NULL dereference kernel\n crash (bsc#1108240).\n\n - net: ethernet: mvneta: Fix napi structure mixup on\n armada 3700 (bsc#1110616).\n\n - net: ethernet: ti: cpsw: fix mdio device reference leak\n (bnc#1012382).\n\n - netfilter: x_tables: avoid stack-out-of-bounds read in\n xt_copy_counters_from_user (bnc#1012382).\n\n - net: hns: add netif_carrier_off before change speed and\n duplex (bsc#1107924).\n\n - net: hns: add the code for cleaning pkt in chip\n (bsc#1107924).\n\n - net: hp100: fix always-true check for link up state\n (bnc#1012382).\n\n - net: mvneta: fix mtu change on port without link\n (bnc#1012382).\n\n - net: mvneta: fix mvneta_config_rss on armada 3700\n (bsc#1110615).\n\n - nfc: Fix possible memory corruption when handling SHDLC\n I-Frame commands (bnc#1012382).\n\n - nfc: Fix the number of pipes (bnc#1012382).\n\n - nfs: Use an appropriate work queue for direct-write\n completion (bsc#1082519).\n\n - nfsv4.0 fix client reference leak in callback\n (bnc#1012382).\n\n - nvme_fc: add 'nvme_discovery' sysfs attribute to fc\n transport device (bsc#1044189).\n\n - nvmet: fixup crash on NULL device path (bsc#1082979).\n\n - ocfs2: fix ocfs2 read block panic (bnc#1012382).\n\n - ovl: modify ovl_permission() to do checks on two inodes\n (bsc#1106512)\n\n - ovl: proper cleanup of workdir (bnc#1012382).\n\n - ovl: rename is_merge to is_lowest (bnc#1012382).\n\n - parport: sunbpp: fix error return code (bnc#1012382).\n\n - partitions/aix: append null character to print data from\n disk (bnc#1012382).\n\n - partitions/aix: fix usage of uninitialized lv_info and\n lvname structures (bnc#1012382).\n\n - PCI: altera: Fix bool initialization in\n tlp_read_packet() (bsc#1109806).\n\n - PCI: designware: Fix I/O space page leak (bsc#1109806).\n\n - PCI: designware: Fix pci_remap_iospace() failure path\n (bsc#1109806).\n\n - PCI: mvebu: Fix I/O space end address calculation\n (bnc#1012382).\n\n - PCI: OF: Fix I/O space page leak (bsc#1109806).\n\n - PCI: pciehp: Fix unprotected list iteration in IRQ\n handler (bsc#1109806).\n\n - PCI: shpchp: Fix AMD POGO identification (bsc#1109806).\n\n - PCI: Supply CPU physical address (not bus address) to\n iomem_is_exclusive() (bsc#1109806).\n\n - PCI: versatile: Fix I/O space page leak (bsc#1109806).\n\n - PCI: versatile: Fix pci_remap_iospace() failure path\n (bsc#1109806).\n\n - PCI: xgene: Fix I/O space page leak (bsc#1109806).\n\n - PCI: xilinx: Add missing of_node_put() (bsc#1109806).\n\n - perf powerpc: Fix callchain ip filtering (bnc#1012382).\n\n - perf powerpc: Fix callchain ip filtering when return\n address is in a register (bnc#1012382).\n\n - perf tools: Allow overriding MAX_NR_CPUS at compile time\n (bnc#1012382).\n\n - phy: qcom-ufs: add MODULE_LICENSE tag (bsc#1110468).\n\n - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to\n be compliant (bnc#1012382).\n\n - pipe: actually allow root to exceed the pipe buffer\n limit (git-fixes).\n\n - platform/x86: alienware-wmi: Correct a memory leak\n (bnc#1012382).\n\n - platform/x86: asus-nb-wmi: Add keymap entry for lid flip\n action on UX360 (bnc#1012382).\n\n - platform/x86: toshiba_acpi: Fix defined but not used\n build warnings (bnc#1012382).\n\n - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER\n (bsc#1094244).\n\n - powerpc/64s: move machine check SLB flushing to mm/slb.c\n (bsc#1094244).\n\n - powerpc/book3s: Fix MCE console messages for\n unrecoverable MCE (bsc#1094244).\n\n - powerpc/fadump: cleanup crash memory ranges support\n (bsc#1103269).\n\n - powerpc/fadump: re-register firmware-assisted dump if\n already registered (bsc#1108170, bsc#1108823).\n\n - powerpc: Fix size calculation using resource_size()\n (bnc#1012382).\n\n - powerpc/mce: Fix SLB rebolting during MCE recovery path\n (bsc#1094244).\n\n - powerpc/mce: Move 64-bit machine check code into mce.c\n (bsc#1094244).\n\n - powerpc/numa: Use associativity if VPHN hcall is\n successful (bsc#1110363).\n\n - powerpc/perf/hv-24x7: Fix off-by-one error in\n request_buffer check (git-fixes).\n\n - powerpc/powernv/ioda2: Reduce upper limit for DMA window\n size (bsc#1066223).\n\n - powerpc/powernv: opal_put_chars partial write fix\n (bnc#1012382).\n\n - powerpc/powernv: Rename machine_check_pSeries_early() to\n powernv (bsc#1094244).\n\n - powerpc/pseries: Avoid using the size greater than\n RTAS_ERROR_LOG_MAX (bnc#1012382).\n\n - powerpc/pseries: Defer the logging of rtas error to irq\n work queue (bsc#1094244).\n\n - powerpc/pseries: Define MCE error event section\n (bsc#1094244).\n\n - powerpc/pseries: Disable CPU hotplug across migrations\n (bsc#1066223).\n\n - powerpc/pseries: Display machine check error details\n (bsc#1094244).\n\n - powerpc/pseries: Dump the SLB contents on SLB MCE errors\n (bsc#1094244).\n\n - powerpc/pseries: Flush SLB contents on SLB MCE errors\n (bsc#1094244).\n\n - powerpc/pseries: Remove prrn_work workqueue\n (bsc#1102495, bsc#1109337).\n\n - powerpc/pseries: Remove unneeded uses of dlpar work\n queue (bsc#1102495, bsc#1109337).\n\n - powerpc/tm: Avoid possible userspace r1 corruption on\n reclaim (bsc#1109333).\n\n - powerpc/tm: Fix userspace r13 corruption (bsc#1109333).\n\n - printk: do not spin in printk when in nmi (bsc#1094244).\n\n - pstore: Fix incorrect persistent ram buffer mapping\n (bnc#1012382).\n\n - rdma/cma: Do not ignore net namespace for unbound cm_id\n (bnc#1012382).\n\n - rdma/cma: Protect cma dev list with lock (bnc#1012382).\n\n - rdma/rw: Fix rdma_rw_ctx_signature_init() kernel-doc\n header (bsc#1082979).\n\n - reiserfs: change j_timestamp type to time64_t\n (bnc#1012382).\n\n - Revert 'ARM: imx_v6_v7_defconfig: Select ULPI support'\n (bnc#1012382).\n\n - Revert 'dma-buf/sync-file: Avoid enable fence signaling\n if poll(.timeout=0)' (bsc#1111363).\n\n - Revert 'Drop kernel trampoline stack.' This reverts\n commit 85dead31706c1c1755adff90405ff9861c39c704.\n\n - Revert 'kabi/severities: Ignore missing cpu_tss_tramp\n (bsc#1099597)' This reverts commit\n edde1f21880e3bfe244c6f98a3733b05b13533dc.\n\n - Revert 'mm: get rid of vmacache_flush_all() entirely'\n (kabi).\n\n - Revert 'NFC: Fix the number of pipes' (kabi).\n\n - ring-buffer: Allow for rescheduling when removing pages\n (bnc#1012382).\n\n - rtc: bq4802: add error handling for devm_ioremap\n (bnc#1012382).\n\n - s390/dasd: fix hanging offline processing due to\n canceled worker (bnc#1012382).\n\n - s390/facilites: use stfle_fac_list array size for\n MAX_FACILITY_BIT (bnc#1108315, LTC#171326).\n\n - s390/lib: use expoline for all bcr instructions\n (LTC#171029 bnc#1012382 bnc#1106934).\n\n - s390/qeth: fix race in used-buffer accounting\n (bnc#1012382).\n\n - s390/qeth: reset layer2 attribute on layer switch\n (bnc#1012382).\n\n - s390/qeth: use vzalloc for QUERY OAT buffer\n (bnc#1108315, LTC#171527).\n\n - sched/fair: Fix bandwidth timer clock drift condition\n (Git-fixes).\n\n - sched/fair: Fix vruntime_normalized() for remote\n non-migration wakeup (Git-fixes).\n\n - sch_hhf: fix NULL pointer dereference on init failure\n (bnc#1012382).\n\n - sch_htb: fix crash on init failure (bnc#1012382).\n\n - sch_multiq: fix double free on init failure\n (bnc#1012382).\n\n - sch_netem: avoid NULL pointer deref on init failure\n (bnc#1012382).\n\n - sch_tbf: fix two NULL pointer dereferences on init\n failure (bnc#1012382).\n\n - scripts: modpost: check memory allocation results\n (bnc#1012382).\n\n - scsi: 3ware: fix return 0 on the error path of probe\n (bnc#1012382).\n\n - scsi: aic94xx: fix an error code in aic94xx_init()\n (bnc#1012382).\n\n - scsi: ipr: System hung while dlpar adding primary ipr\n adapter back (bsc#1109336).\n\n - scsi: qla2xxx: Add changes for devloss timeout in driver\n (bsc#1084427).\n\n - scsi: qla2xxx: Add FC-NVMe abort processing\n (bsc#1084427).\n\n - scsi: qla2xxx: Add longer window for chip reset\n (bsc#1094555).\n\n - scsi: qla2xxx: Avoid double completion of abort command\n (bsc#1094555).\n\n - scsi: qla2xxx: Cleanup code to improve FC-NVMe error\n handling (bsc#1084427).\n\n - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555).\n\n - scsi: qla2xxx: correctly shift host byte (bsc#1094555).\n\n - scsi: qla2xxx: Correct setting of\n SAM_STAT_CHECK_CONDITION (bsc#1094555).\n\n - scsi: qla2xxx: Delete session for nport id change\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan\n (bsc#1084427).\n\n - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix double free bug after firmware\n timeout (bsc#1094555).\n\n - scsi: qla2xxx: Fix driver unload by shutting down chip\n (bsc#1094555).\n\n - scsi: qla2xxx: fix error message on <qla2400\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset\n (bsc#1084427).\n\n - scsi: qla2xxx: Fix function argument descriptions\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix Inquiry command being dropped in\n Target mode (bsc#1094555).\n\n - scsi: qla2xxx: Fix issue reported by static checker for\n qla2x00_els_dcmd2_sp_done() (bsc#1094555).\n\n - scsi: qla2xxx: Fix login retry count (bsc#1094555).\n\n - scsi: qla2xxx: Fix Management Server NPort handle\n reservation logic (bsc#1094555).\n\n - scsi: qla2xxx: Fix memory leak for allocating abort IOCB\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on\n PDB change (bsc#1084427).\n\n - scsi: qla2xxx: Fix N2N link re-connect (bsc#1094555).\n\n - scsi: qla2xxx: Fix NPIV deletion by calling\n wait_for_sess_deletion (bsc#1094555).\n\n - scsi: qla2xxx: Fix race between switch cmd completion\n and timeout (bsc#1094555).\n\n - scsi: qla2xxx: Fix race condition between iocb timeout\n and initialisation (bsc#1094555).\n\n - scsi: qla2xxx: Fix redundant fc_rport registration\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix retry for PRLI RJT with reason of\n BUSY (bsc#1084427).\n\n - scsi: qla2xxx: Fix Rport and session state getting out\n of sync (bsc#1094555).\n\n - scsi: qla2xxx: Fix sending ADISC command for login\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix session state stuck in Get Port DB\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix stalled relogin (bsc#1094555).\n\n - scsi: qla2xxx: Fix TMF and Multi-Queue config\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix unintended Logout (bsc#1094555).\n\n - scsi: qla2xxx: Fix unintialized List head crash\n (bsc#1094555).\n\n - scsi: qla2xxx: Flush mailbox commands on chip reset\n (bsc#1094555).\n\n - scsi: qla2xxx: fx00 copypaste typo (bsc#1094555).\n\n - scsi: qla2xxx: Migrate NVME N2N handling into state\n machine (bsc#1094555).\n\n - scsi: qla2xxx: Move GPSC and GFPNID out of session\n management (bsc#1094555).\n\n - scsi: qla2xxx: Prevent relogin loop by removing stale\n code (bsc#1094555).\n\n - scsi: qla2xxx: Prevent sysfs access when chip is down\n (bsc#1094555).\n\n - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs\n (bsc#1094555).\n\n - scsi: qla2xxx: remove irq save in qla2x00_poll()\n (bsc#1094555).\n\n - scsi: qla2xxx: Remove nvme_done_list (bsc#1084427).\n\n - scsi: qla2xxx: Remove stale debug value for login_retry\n flag (bsc#1094555).\n\n - scsi: qla2xxx: Remove unneeded message and minor cleanup\n for FC-NVMe (bsc#1084427).\n\n - scsi: qla2xxx: Restore ZIO threshold setting\n (bsc#1084427).\n\n - scsi: qla2xxx: Return busy if rport going away\n (bsc#1084427).\n\n - scsi: qla2xxx: Save frame payload size from ICB\n (bsc#1094555).\n\n - scsi: qla2xxx: Set IIDMA and fcport state before\n qla_nvme_register_remote() (bsc#1084427).\n\n - scsi: qla2xxx: Silent erroneous message (bsc#1094555).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.06-k\n (bsc#1084427).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.07-k\n (bsc#1094555).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.08-k\n (bsc#1094555).\n\n - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1094555).\n\n - scsi: qla2xxx: Use predefined get_datalen_for_atio()\n inline function (bsc#1094555).\n\n - scsi: target: fix __transport_register_session locking\n (bnc#1012382).\n\n - selftests/powerpc: Kill child processes on SIGINT\n (bnc#1012382).\n\n - selftest: timers: Tweak raw_skew to SKIP when\n ADJ_OFFSET/other clock adjustments are in progress\n (bnc#1012382).\n\n - selinux: use GFP_NOWAIT in the AVC kmem_caches\n (bnc#1012382).\n\n - smb3: fix reset of bytes read and written stats\n (bnc#1012382).\n\n - SMB3: Number of requests sent should be displayed for\n SMB3 not just CIFS (bnc#1012382).\n\n - srcu: Allow use of Tiny/Tree SRCU from both process and\n interrupt context (bsc#1050549).\n\n - staging: android: ion: fix ION_IOC_(MAP,SHARE)\n use-after-free (bnc#1012382).\n\n - staging: comedi: ni_mio_common: fix subdevice flags for\n PFI subdevice (bnc#1012382).\n\n - staging: rt5208: Fix a sleep-in-atomic bug in\n xd_copy_page (bnc#1012382).\n\n - staging/rts5208: Fix read overflow in memcpy\n (bnc#1012382).\n\n - stop_machine: Atomically queue and wake stopper threads\n (git-fixes).\n\n - tcp: do not restart timewait timer on rst reception\n (bnc#1012382).\n\n - Tools: hv: Fix a bug in the key delete code\n (bnc#1012382).\n\n - tty: Drop tty->count on tty_reopen() failure\n (bnc#1105428). As this depends on earlier tty patches,\n they were moved to the sorted section too.\n\n - tty: rocket: Fix possible buffer overwrite on\n register_PCI (bnc#1012382).\n\n - tty: vt_ioctl: fix potential Spectre v1 (bnc#1012382).\n\n - uio: potential double frees if __uio_register_device()\n fails (bnc#1012382).\n\n - Update\n patches.suse/dm-Always-copy-cmd_flags-when-cloning-a-req\n uest.patch (bsc#1088087, bsc#1103156).\n\n - USB: add quirk for WORLDE Controller KS49 or Prodipe\n MIDI 49C USB controller (bnc#1012382).\n\n - USB: Add quirk to support DJI CineSSD (bnc#1012382).\n\n - usb: Avoid use-after-free by flushing endpoints early in\n usb_set_interface() (bnc#1012382).\n\n - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in\n service_outstanding_interrupt() (bnc#1012382).\n\n - usb: Do not die twice if PCI xhci host is not responding\n in resume (bnc#1012382).\n\n - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug\n in u132_get_frame() (bnc#1012382).\n\n - usbip: vhci_sysfs: fix potential Spectre v1\n (bsc#1096547).\n\n - usb: misc: uss720: Fix two sleep-in-atomic-context bugs\n (bnc#1012382).\n\n - USB: net2280: Fix erroneous synchronization change\n (bnc#1012382).\n\n - USB: serial: io_ti: fix array underflow in completion\n handler (bnc#1012382).\n\n - USB: serial: ti_usb_3410_5052: fix array underflow in\n completion handler (bnc#1012382).\n\n - USB: yurex: Fix buffer over-read in yurex_write()\n (bnc#1012382).\n\n - VFS: do not test owner for NFS in set_posix_acl()\n (bsc#1103405).\n\n - video: goldfishfb: fix memory leak on driver remove\n (bnc#1012382).\n\n - vmw_balloon: include asm/io.h (bnc#1012382).\n\n - vti6: remove !skb->ignore_df check from vti6_xmit()\n (bnc#1012382).\n\n - watchdog: w83627hf: Added NCT6102D support\n (bsc#1106434).\n\n - watchdog: w83627hf_wdt: Add quirk for Inves system\n (bsc#1106434).\n\n - x86/apic: Fix restoring boot IRQ mode in reboot and\n kexec/kdump (bsc#1110006).\n\n - x86/apic: Split disable_IO_APIC() into two functions to\n fix CONFIG_KEXEC_JUMP=y (bsc#1110006).\n\n - x86/apic: Split out restore_boot_irq_mode() from\n disable_IO_APIC() (bsc#1110006).\n\n - x86/boot: Fix 'run_size' calculation (bsc#1110006).\n\n - x86/entry/64: Remove %ebx handling from error_entry/exit\n (bnc#1102715).\n\n - x86/kaiser: Avoid loosing NMIs when using trampoline\n stack (bsc#1106293 bsc#1099597).\n\n - x86/mm: Remove in_nmi() warning from vmalloc_fault()\n (bnc#1012382).\n\n - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE\n defines (bsc#1110006).\n\n - x86/pae: use 64 bit atomic xchg function in\n native_ptep_get_and_clear (bnc#1012382).\n\n - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE\n (bnc#1012382).\n\n - x86/vdso: Fix asm constraints on vDSO syscall fallbacks\n (bsc#1110006).\n\n - x86/vdso: Fix vDSO build if a retpoline is emitted\n (bsc#1110006).\n\n - x86/vdso: Fix vDSO syscall fallback asm constraint\n regression (bsc#1110006).\n\n - x86/vdso: Only enable vDSO retpolines when enabled and\n supported (bsc#1110006).\n\n - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).\n\n - xen/blkfront: correct purging of persistent grants\n (bnc#1065600).\n\n - xen: issue warning message when out of grant maptrack\n entries (bsc#1105795).\n\n - xen/netfront: do not bug in case of too many frags\n (bnc#1012382).\n\n - xen-netfront: fix queue name setting (bnc#1012382).\n\n - xen/netfront: fix waiting for xenbus state change\n (bnc#1012382).\n\n - xen-netfront: fix warn message as irq device name has\n '/' (bnc#1012382).\n\n - xen/x86/vpmu: Zero struct pt_regs before calling into\n sample handling code (bnc#1012382).\n\n - xfs: add a new xfs_iext_lookup_extent_before helper\n (bsc#1095344).\n\n - xfs: add asserts for the mmap lock in\n xfs_(insert,collapse)_file_space (bsc#1095344).\n\n - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).\n\n - xfs: add a xfs_iext_update_extent helper (bsc#1095344).\n\n - xfs: add comments documenting the rebalance algorithm\n (bsc#1095344).\n\n - xfs: add some comments to\n xfs_iext_insert/xfs_iext_insert_node (bsc#1095344).\n\n - xfs: add xfs_trim_extent (bsc#1095344).\n\n - xfs: allow unaligned extent records in\n xfs_bmbt_disk_set_all (bsc#1095344).\n\n - xfs: borrow indirect blocks from freed extent when\n available (bsc#1095344).\n\n - xfs: cleanup xfs_bmap_last_before (bsc#1095344).\n\n - xfs: do not create overlapping extents in\n xfs_bmap_add_extent_delay_real (bsc#1095344).\n\n - xfs: do not rely on extent indices in\n xfs_bmap_collapse_extents (bsc#1095344).\n\n - xfs: do not rely on extent indices in\n xfs_bmap_insert_extents (bsc#1095344).\n\n - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi\n (bsc#1095344).\n\n - xfs: during btree split, save new block key & ptr for\n future insertion (bsc#1095344).\n\n - xfs: factor out a helper to initialize a local format\n inode fork (bsc#1095344).\n\n - xfs: fix memory leak in xfs_iext_free_last_leaf\n (bsc#1095344).\n\n - xfs: fix number of records handling in\n xfs_iext_split_leaf (bsc#1095344).\n\n - xfs: fix transaction allocation deadlock in IO path\n (bsc#1090535).\n\n - xfs: handle indlen shortage on delalloc extent merge\n (bsc#1095344).\n\n - xfs: handle zero entries case in xfs_iext_rebalance_leaf\n (bsc#1095344).\n\n - xfs: improve kmem_realloc (bsc#1095344).\n\n - xfs: inline xfs_shift_file_space into callers\n (bsc#1095344).\n\n - xfs: introduce the xfs_iext_cursor abstraction\n (bsc#1095344).\n\n - xfs: iterate over extents in xfs_bmap_extents_to_btree\n (bsc#1095344).\n\n - xfs: iterate over extents in xfs_iextents_copy\n (bsc#1095344).\n\n - xfs: make better use of the 'state' variable in\n xfs_bmap_del_extent_real (bsc#1095344).\n\n - xfs: merge xfs_bmap_read_extents into xfs_iread_extents\n (bsc#1095344).\n\n - xfs: move pre/post-bmap tracing into\n xfs_iext_update_extent (bsc#1095344).\n\n - xfs: move some code around inside xfs_bmap_shift_extents\n (bsc#1095344).\n\n - xfs: move some more code into xfs_bmap_del_extent_real\n (bsc#1095344).\n\n - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h\n (bsc#1095344).\n\n - xfs: move xfs_iext_insert tracepoint to report useful\n information (bsc#1095344).\n\n - xfs: new inode extent list lookup helpers (bsc#1095344).\n\n - xfs: only run torn log write detection on dirty logs\n (bsc#1095753).\n\n - xfs: pass an on-disk extent to xfs_bmbt_validate_extent\n (bsc#1095344).\n\n - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq\n (bsc#1095344).\n\n - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update\n (bsc#1095344).\n\n - xfs: pass struct xfs_bmbt_irec to\n xfs_bmbt_validate_extent (bsc#1095344).\n\n - xfs: provide helper for counting extents from if_bytes\n (bsc#1095344).\n\n - xfs: refactor delalloc accounting in\n xfs_bmap_add_extent_delay_real (bsc#1095344).\n\n - xfs: refactor delalloc indlen reservation split into\n helper (bsc#1095344).\n\n - xfs: refactor dir2 leaf readahead shadow buffer\n cleverness (bsc#1095344).\n\n - xfs: refactor in-core log state update to helper\n (bsc#1095753).\n\n - xfs: refactor unmount record detection into helper\n (bsc#1095753).\n\n - xfs: refactor xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n\n - xfs: refactor xfs_bmap_add_extent_hole_delay\n (bsc#1095344).\n\n - xfs: refactor xfs_bmap_add_extent_hole_real\n (bsc#1095344).\n\n - xfs: refactor xfs_bmap_add_extent_unwritten_real\n (bsc#1095344).\n\n - xfs: refactor xfs_bunmapi_cow (bsc#1095344).\n\n - xfs: refactor xfs_del_extent_real (bsc#1095344).\n\n - xfs: remove a duplicate assignment in\n xfs_bmap_add_extent_delay_real (bsc#1095344).\n\n - xfs: remove all xfs_bmbt_set_* helpers except for\n xfs_bmbt_set_all (bsc#1095344).\n\n - xfs: remove a superflous assignment in\n xfs_iext_remove_node (bsc#1095344).\n\n - xfs: remove if_rdev (bsc#1095344).\n\n - xfs: remove prev argument to xfs_bmapi_reserve_delalloc\n (bsc#1095344).\n\n - xfs: remove support for inlining data/extents into the\n inode fork (bsc#1095344).\n\n - xfs: remove the never fully implemented UUID fork format\n (bsc#1095344).\n\n - xfs: remove the nr_extents argument to xfs_iext_insert\n (bsc#1095344).\n\n - xfs: remove the nr_extents argument to xfs_iext_remove\n (bsc#1095344).\n\n - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).\n\n - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).\n\n - xfs: remove xfs_bmbt_get_state (bsc#1095344).\n\n - xfs: remove xfs_bmse_shift_one (bsc#1095344).\n\n - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).\n\n - xfs: replace xfs_bmbt_lookup_ge with\n xfs_bmbt_lookup_first (bsc#1095344).\n\n - xfs: replace xfs_qm_get_rtblks with a direct call to\n xfs_bmap_count_leaves (bsc#1095344).\n\n - xfs: rewrite getbmap using the xfs_iext_* helpers\n (bsc#1095344).\n\n - xfs: rewrite xfs_bmap_count_leaves using\n xfs_iext_get_extent (bsc#1095344).\n\n - xfs: rewrite xfs_bmap_first_unused to make better use of\n xfs_iext_get_extent (bsc#1095344).\n\n - xfs: separate log head record discovery from\n verification (bsc#1095753).\n\n - xfs: simplify the xfs_getbmap interface (bsc#1095344).\n\n - xfs: simplify validation of the unwritten extent bit\n (bsc#1095344).\n\n - xfs: split indlen reservations fairly when under\n reserved (bsc#1095344).\n\n - xfs: split xfs_bmap_shift_extents (bsc#1095344).\n\n - xfs: switch xfs_bmap_local_to_extents to use\n xfs_iext_insert (bsc#1095344).\n\n - xfs: treat idx as a cursor in\n xfs_bmap_add_extent_delay_real (bsc#1095344).\n\n - xfs: treat idx as a cursor in\n xfs_bmap_add_extent_hole_delay (bsc#1095344).\n\n - xfs: treat idx as a cursor in\n xfs_bmap_add_extent_hole_real (bsc#1095344).\n\n - xfs: treat idx as a cursor in\n xfs_bmap_add_extent_unwritten_real (bsc#1095344).\n\n - xfs: treat idx as a cursor in xfs_bmap_collapse_extents\n (bsc#1095344).\n\n - xfs: treat idx as a cursor in xfs_bmap_del_extent_*\n (bsc#1095344).\n\n - xfs: update freeblocks counter after extent deletion\n (bsc#1095344).\n\n - xfs: update got in xfs_bmap_shift_update_extent\n (bsc#1095344).\n\n - xfs: use a b+tree for the in-core extent list\n (bsc#1095344).\n\n - xfs: use correct state defines in\n xfs_bmap_del_extent_(cow,delay) (bsc#1095344).\n\n - xfs: use new extent lookup helpers in xfs_bmapi_read\n (bsc#1095344).\n\n - xfs: use new extent lookup helpers in xfs_bmapi_write\n (bsc#1095344).\n\n - xfs: use new extent lookup helpers in __xfs_bunmapi\n (bsc#1095344).\n\n - xfs: use the state defines in xfs_bmap_del_extent_real\n (bsc#1095344).\n\n - xfs: use xfs_bmap_del_extent_delay for the data fork as\n well (bsc#1095344).\n\n - xfs: use xfs_iext_*_extent helpers in\n xfs_bmap_shift_extents (bsc#1095344).\n\n - xfs: use xfs_iext_*_extent helpers in\n xfs_bmap_split_extent_at (bsc#1095344).\n\n - xfs: use xfs_iext_get_extent instead of open coding it\n (bsc#1095344).\n\n - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused\n (bsc#1095344).\n\n - xfrm: fix 'passing zero to ERR_PTR()' warning\n (bnc#1012382).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1066223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1089343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1090535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1096547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1099810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100056\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100059\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1102896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111363\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.159-73.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.159-73.2\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.159-73.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.159-73.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-04-17T15:05:37", "description": "The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.162 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bnc#1107829).\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399).\n\nCVE-2018-16597: Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512).\n\nCVE-2018-14613: There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c (bnc#1102896).\n\nCVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870).\n\nCVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095 bnc#1115593).\n\nCVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1087209).\n\nCVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2019-01-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0095-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10940", "CVE-2018-14613", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-16276", "CVE-2018-16597", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-7480", "CVE-2018-7757", "CVE-2018-9516"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0095-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121208", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0095-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121208);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-10940\", \"CVE-2018-14613\", \"CVE-2018-14617\", \"CVE-2018-14633\", \"CVE-2018-16276\", \"CVE-2018-16597\", \"CVE-2018-16658\", \"CVE-2018-17182\", \"CVE-2018-18281\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-7480\", \"CVE-2018-7757\", \"CVE-2018-9516\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0095-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.162\nto receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after\ndropping pagetable locks. If a syscall such as ftruncate() removes\nentries from the pagetables of a task that is in the middle of\nmremap(), a stale TLB entry can remain for a short time that permits\naccess to a physical page after it has been released back to the page\nallocator and reused. (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in\ndrivers/cdrom/cdrom.c could be used by local attackers to read kernel\nmemory because a cast from unsigned long to int interferes with bounds\nchecking. This is similar to CVE-2018-10940 and CVE-2018-16658\n(bnc#1113751).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs\nfilesystem could make this filesystem non-operational until the next\nmount by triggering an unchecked error condition during an xfs\nattribute change, because xfs_attr_shortform_addname in\nfs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with\nconversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are\nable to access pseudo terminals) to hang/block further usage of any\npseudo terminal devices due to an EXTPROC versus ICANON confusion in\nTIOCINQ (bnc#1094825).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c,\nthere is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution\nprivileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2018-14633: A security flaw was found in the\nchap_server_compute_md5() function in the ISCSI target code in a way\nan authentication request from an ISCSI initiator is processed. An\nunauthenticated remote attacker can cause a stack-based buffer\noverflow and smash up to 17 bytes of the stack. The attack requires\nthe iSCSI target to be enabled on the victim host. Depending on how\nthe target's code was built (i.e. depending on a compiler, compile\nflags and hardware architecture) an attack may lead to a system crash\nand thus to a denial-of-service or possibly to a non-authorized access\nto data exported by an iSCSI target. Due to the nature of the flaw,\nprivilege escalation cannot be fully ruled out, although we believe it\nis highly unlikely. (bnc#1107829).\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\nmishandled sequence number overflows. An attacker can trigger a\nuse-after-free (and possibly gain privileges) via certain thread\ncreation, map, unmap, invalidation, and dereference operations\n(bnc#1108399).\n\nCVE-2018-16597: Incorrect access checking in overlayfs mounts could be\nused by local attackers to modify or truncate files in the underlying\nfilesystem (bnc#1106512).\n\nCVE-2018-14613: There is an invalid pointer dereference in\nio_ctl_map_page() when mounting and operating a crafted btrfs image,\nbecause of a lack of block group item validation in check_leaf_item in\nfs/btrfs/tree-checker.c (bnc#1102896).\n\nCVE-2018-14617: There is a NULL pointer dereference and panic in\nhfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is\npurportedly a hard link) in an hfs+ filesystem that has malformed\ncatalog data, and is mounted read-only without a metadata directory\n(bnc#1102870).\n\nCVE-2018-16276: Local attackers could use user access read/writes with\nincorrect bounds checking in the yurex USB driver to crash the kernel\nor potentially escalate privileges (bnc#1106095 bnc#1115593).\n\nCVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/libsas/sas_expander.c allowed local users to cause a\ndenial of service (memory consumption) via many read accesses to files\nin the /sys/class/sas_phy directory, as demonstrated by the\n/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1087209).\n\nCVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c\nallowed local users to cause a denial of service (double free) or\npossibly have unspecified other impact by triggering a creation\nfailure (bnc#1082863).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066223\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094562\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102877\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102879\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103156\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103269\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107924\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109441\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110297\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110930\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14613/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14617/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16276/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16597/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17182/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18281/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18710/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9516/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190095-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fa701622\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-95=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.4.162-4.19.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.4.162-4.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-05-04T15:40:55", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2018-6554\n\nA memory leak in the irda_bind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a denial of service (memory consumption).\n\nCVE-2018-6555\n\nA flaw was discovered in the irda_setsockopt function in the irda subsystem, allowing a local user to cause a denial of service (use-after-free and system crash).\n\nCVE-2018-7755\n\nBrian Belleville discovered a flaw in the fd_locked_ioctl function in the floppy driver in the Linux kernel. The floppy driver copies a kernel pointer to user memory in response to the FDGETPRM ioctl. A local user with access to a floppy drive device can take advantage of this flaw to discover the location kernel code and data.\n\nCVE-2018-9363\n\nIt was discovered that the Bluetooth HIDP implementation did not correctly check the length of received report messages. A paired HIDP device could use this to cause a buffer overflow, leading to denial of service (memory corruption or crash) or potentially remote code execution.\n\nCVE-2018-9516\n\nIt was discovered that the HID events interface in debugfs did not correctly limit the length of copies to user buffers. A local user with access to these files could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\nHowever, by default debugfs is only accessible by the root user.\n\nCVE-2018-10902\n\nIt was discovered that the rawmidi kernel driver does not protect against concurrent access which leads to a double-realloc (double free) flaw. A local attacker can take advantage of this issue for privilege escalation.\n\nCVE-2018-10938\n\nYves Younan from Cisco reported that the Cipso IPv4 module did not correctly check the length of IPv4 options. On custom kernels with CONFIG_NETLABEL enabled, a remote attacker could use this to cause a denial of service (hang).\n\nCVE-2018-13099\n\nWen Xu from SSLab at Gatech reported a use-after-free bug in the F2FS implementation. An attacker able to mount a crafted F2FS volume could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2018-14609\n\nWen Xu from SSLab at Gatech reported a potential NULL pointer dereference in the F2FS implementation. An attacker able to mount arbitrary F2FS volumes could use this to cause a denial of service (crash).\n\nCVE-2018-14617\n\nWen Xu from SSLab at Gatech reported a potential NULL pointer dereference in the HFS+ implementation. An attacker able to mount arbitrary HFS+ volumes could use this to cause a denial of service (crash).\n\nCVE-2018-14633\n\nVincent Pelletier discovered a stack-based buffer overflow flaw in the chap_server_compute_md5() function in the iSCSI target code. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service or possibly to get a non-authorized access to data exported by an iSCSI target.\n\nCVE-2018-14678\n\nM. Vefa Bicakci and Andy Lutomirski discovered a flaw in the kernel exit code used on amd64 systems running as Xen PV guests. A local user could use this to cause a denial of service (crash).\n\nCVE-2018-14734\n\nA use-after-free bug was discovered in the InfiniBand communication manager. A local user could use this to cause a denial of service (crash or memory corruption) or possible for privilege escalation.\n\nCVE-2018-15572\n\nEsmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh, from University of California, Riverside, reported a variant of Spectre variant 2, dubbed SpectreRSB. A local user may be able to use this to read sensitive information from processes owned by other users.\n\nCVE-2018-15594\n\nNadav Amit reported that some indirect function calls used in paravirtualised guests were vulnerable to Spectre variant 2. A local user may be able to use this to read sensitive information from the kernel.\n\nCVE-2018-16276\n\nJann Horn discovered that the yurex driver did not correctly limit the length of copies to user buffers. A local user with access to a yurex device node could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2018-16658\n\nIt was discovered that the cdrom driver does not correctly validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user with access to a cdrom device could use this to read sensitive information from the kernel or to cause a denial of service (crash).\n\nCVE-2018-17182\n\nJann Horn discovered that the vmacache_flush_all function mishandles sequence number overflows. A local user can take advantage of this flaw to trigger a use-after-free, causing a denial of service (crash or memory corruption) or privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.110-3+deb9u5~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-04T00:00:00", "type": "nessus", "title": "Debian DLA-1531-1 : linux-4.9 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2018-10938", "CVE-2018-13099", "CVE-2018-14609", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-7755", "CVE-2018-9363", "CVE-2018-9516"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1531.NASL", "href": "https://www.tenable.com/plugins/nessus/117908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1531-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117908);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-10938\", \"CVE-2018-13099\", \"CVE-2018-14609\", \"CVE-2018-14617\", \"CVE-2018-14633\", \"CVE-2018-14678\", \"CVE-2018-14734\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\", \"CVE-2018-7755\", \"CVE-2018-9363\", \"CVE-2018-9516\");\n\n script_name(english:\"Debian DLA-1531-1 : linux-4.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\n\nA memory leak in the irda_bind function in the irda subsystem was\ndiscovered. A local user can take advantage of this flaw to cause a\ndenial of service (memory consumption).\n\nCVE-2018-6555\n\nA flaw was discovered in the irda_setsockopt function in the irda\nsubsystem, allowing a local user to cause a denial of service\n(use-after-free and system crash).\n\nCVE-2018-7755\n\nBrian Belleville discovered a flaw in the fd_locked_ioctl function in\nthe floppy driver in the Linux kernel. The floppy driver copies a\nkernel pointer to user memory in response to the FDGETPRM ioctl. A\nlocal user with access to a floppy drive device can take advantage of\nthis flaw to discover the location kernel code and data.\n\nCVE-2018-9363\n\nIt was discovered that the Bluetooth HIDP implementation did not\ncorrectly check the length of received report messages. A paired HIDP\ndevice could use this to cause a buffer overflow, leading to denial of\nservice (memory corruption or crash) or potentially remote code\nexecution.\n\nCVE-2018-9516\n\nIt was discovered that the HID events interface in debugfs did not\ncorrectly limit the length of copies to user buffers. A local user\nwith access to these files could use this to cause a denial of service\n(memory corruption or crash) or possibly for privilege escalation.\nHowever, by default debugfs is only accessible by the root user.\n\nCVE-2018-10902\n\nIt was discovered that the rawmidi kernel driver does not protect\nagainst concurrent access which leads to a double-realloc (double\nfree) flaw. A local attacker can take advantage of this issue for\nprivilege escalation.\n\nCVE-2018-10938\n\nYves Younan from Cisco reported that the Cipso IPv4 module did not\ncorrectly check the length of IPv4 options. On custom kernels with\nCONFIG_NETLABEL enabled, a remote attacker could use this to cause a\ndenial of service (hang).\n\nCVE-2018-13099\n\nWen Xu from SSLab at Gatech reported a use-after-free bug in the F2FS\nimplementation. An attacker able to mount a crafted F2FS volume could\nuse this to cause a denial of service (crash or memory corruption) or\npossibly for privilege escalation.\n\nCVE-2018-14609\n\nWen Xu from SSLab at Gatech reported a potential NULL pointer\ndereference in the F2FS implementation. An attacker able to mount\narbitrary F2FS volumes could use this to cause a denial of service\n(crash).\n\nCVE-2018-14617\n\nWen Xu from SSLab at Gatech reported a potential NULL pointer\ndereference in the HFS+ implementation. An attacker able to mount\narbitrary HFS+ volumes could use this to cause a denial of service\n(crash).\n\nCVE-2018-14633\n\nVincent Pelletier discovered a stack-based buffer overflow flaw in the\nchap_server_compute_md5() function in the iSCSI target code. An\nunauthenticated remote attacker can take advantage of this flaw to\ncause a denial of service or possibly to get a non-authorized access\nto data exported by an iSCSI target.\n\nCVE-2018-14678\n\nM. Vefa Bicakci and Andy Lutomirski discovered a flaw in the kernel\nexit code used on amd64 systems running as Xen PV guests. A local user\ncould use this to cause a denial of service (crash).\n\nCVE-2018-14734\n\nA use-after-free bug was discovered in the InfiniBand communication\nmanager. A local user could use this to cause a denial of service\n(crash or memory corruption) or possible for privilege escalation.\n\nCVE-2018-15572\n\nEsmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and Nael\nAbu-Ghazaleh, from University of California, Riverside, reported a\nvariant of Spectre variant 2, dubbed SpectreRSB. A local user may be\nable to use this to read sensitive information from processes owned by\nother users.\n\nCVE-2018-15594\n\nNadav Amit reported that some indirect function calls used in\nparavirtualised guests were vulnerable to Spectre variant 2. A local\nuser may be able to use this to read sensitive information from the\nkernel.\n\nCVE-2018-16276\n\nJann Horn discovered that the yurex driver did not correctly limit the\nlength of copies to user buffers. A local user with access to a yurex\ndevice node could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2018-16658\n\nIt was discovered that the cdrom driver does not correctly validate\nthe parameter to the CDROM_DRIVE_STATUS ioctl. A user with access to a\ncdrom device could use this to read sensitive information from the\nkernel or to cause a denial of service (crash).\n\nCVE-2018-17182\n\nJann Horn discovered that the vmacache_flush_all function mishandles\nsequence number overflows. A local user can take advantage of this\nflaw to trigger a use-after-free, causing a denial of service (crash\nor memory corruption) or privilege escalation.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.110-3+deb9u5~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.110-3+deb9u5~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-05-04T15:40:55", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2018-6554 A memory leak in the irda_bind function in the irda subsystem was discovered. A local user can take advantage of this flaw to cause a denial of service (memory consumption).\n\n - CVE-2018-6555 A flaw was discovered in the irda_setsockopt function in the irda subsystem, allowing a local user to cause a denial of service (use-after-free and system crash).\n\n - CVE-2018-7755 Brian Belleville discovered a flaw in the fd_locked_ioctl function in the floppy driver in the Linux kernel. The floppy driver copies a kernel pointer to user memory in response to the FDGETPRM ioctl. A local user with access to a floppy drive device can take advantage of this flaw to discover the location kernel code and data.\n\n - CVE-2018-9363 It was discovered that the Bluetooth HIDP implementation did not correctly check the length of received report messages. A paired HIDP device could use this to cause a buffer overflow, leading to denial of service (memory corruption or crash) or potentially remote code execution.\n\n - CVE-2018-9516 It was discovered that the HID events interface in debugfs did not correctly limit the length of copies to user buffers. A local user with access to these files could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. However, by default debugfs is only accessible by the root user.\n\n - CVE-2018-10902 It was discovered that the rawmidi kernel driver does not protect against concurrent access which leads to a double-realloc (double free) flaw. A local attacker can take advantage of this issue for privilege escalation.\n\n - CVE-2018-10938 Yves Younan from Cisco reported that the Cipso IPv4 module did not correctly check the length of IPv4 options. On custom kernels with CONFIG_NETLABEL enabled, a remote attacker could use this to cause a denial of service (hang).\n\n - CVE-2018-13099 Wen Xu from SSLab at Gatech reported a use-after-free bug in the F2FS implementation. An attacker able to mount a crafted F2FS volume could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\n - CVE-2018-14609 Wen Xu from SSLab at Gatech reported a potential NULL pointer dereference in the F2FS implementation. An attacker able to mount a crafted F2FS volume could use this to cause a denial of service (crash).\n\n - CVE-2018-14617 Wen Xu from SSLab at Gatech reported a potential NULL pointer dereference in the HFS+ implementation. An attacker able to mount a crafted HFS+ volume could use this to cause a denial of service (crash).\n\n - CVE-2018-14633 Vincent Pelletier discovered a stack-based buffer overflow flaw in the chap_server_compute_md5() function in the iSCSI target code. An unauthenticated remote attacker can take advantage of this flaw to cause a denial of service or possibly to get a non-authorized access to data exported by an iSCSI target.\n\n - CVE-2018-14678 M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the kernel exit code used on amd64 systems running as Xen PV guests. A local user could use this to cause a denial of service (crash).\n\n - CVE-2018-14734 A use-after-free bug was discovered in the InfiniBand communication manager. A local user could use this to cause a denial of service (crash or memory corruption) or possible for privilege escalation.\n\n - CVE-2018-15572 Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and Nael Abu-Ghazaleh, from University of California, Riverside, reported a variant of Spectre variant 2, dubbed SpectreRSB. A local user may be able to use this to read sensitive information from processes owned by other users.\n\n - CVE-2018-15594 Nadav Amit reported that some indirect function calls used in paravirtualised guests were vulnerable to Spectre variant 2. A local user may be able to use this to read sensitive information from the kernel.\n\n - CVE-2018-16276 Jann Horn discovered that the yurex driver did not correctly limit the length of copies to user buffers. A local user with access to a yurex device node could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\n - CVE-2018-16658 It was discovered that the cdrom driver does not correctly validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user with access to a cdrom device could use this to read sensitive information from the kernel or to cause a denial of service (crash).\n\n - CVE-2018-17182 Jann Horn discovered that the vmacache_flush_all function mishandles sequence number overflows. A local user can take advantage of this flaw to trigger a use-after-free, causing a denial of service (crash or memory corruption) or privilege escalation.", "cvss3": {"score": 7, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}, "published": "2018-10-02T00:00:00", "type": "nessus", "title": "Debian DSA-4308-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2018-10938", "CVE-2018-13099", "CVE-2018-14609", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-7755", "CVE-2018-9363", "CVE-2018-9516"], "modified": "2022-02-17T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4308.NASL", "href": "https://www.tenable.com/plugins/nessus/117862", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4308. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117862);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/17\");\n\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-10938\", \"CVE-2018-13099\", \"CVE-2018-14609\", \"CVE-2018-14617\", \"CVE-2018-14633\", \"CVE-2018-14678\", \"CVE-2018-14734\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\", \"CVE-2018-7755\", \"CVE-2018-9363\", \"CVE-2018-9516\");\n script_xref(name:\"DSA\", value:\"4308\");\n\n script_name(english:\"Debian DSA-4308-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2018-6554\n A memory leak in the irda_bind function in the irda\n subsystem was discovered. A local user can take\n advantage of this flaw to cause a denial of service\n (memory consumption).\n\n - CVE-2018-6555\n A flaw was discovered in the irda_setsockopt function in\n the irda subsystem, allowing a local user to cause a\n denial of service (use-after-free and system crash).\n\n - CVE-2018-7755\n Brian Belleville discovered a flaw in the\n fd_locked_ioctl function in the floppy driver in the\n Linux kernel. The floppy driver copies a kernel pointer\n to user memory in response to the FDGETPRM ioctl. A\n local user with access to a floppy drive device can take\n advantage of this flaw to discover the location kernel\n code and data.\n\n - CVE-2018-9363\n It was discovered that the Bluetooth HIDP implementation\n did not correctly check the length of received report\n messages. A paired HIDP device could use this to cause a\n buffer overflow, leading to denial of service (memory\n corruption or crash) or potentially remote code\n execution.\n\n - CVE-2018-9516\n It was discovered that the HID events interface in\n debugfs did not correctly limit the length of copies to\n user buffers. A local user with access to these files\n could use this to cause a denial of service (memory\n corruption or crash) or possibly for privilege\n escalation. However, by default debugfs is only\n accessible by the root user.\n\n - CVE-2018-10902\n It was discovered that the rawmidi kernel driver does\n not protect against concurrent access which leads to a\n double-realloc (double free) flaw. A local attacker can\n take advantage of this issue for privilege escalation.\n\n - CVE-2018-10938\n Yves Younan from Cisco reported that the Cipso IPv4\n module did not correctly check the length of IPv4\n options. On custom kernels with CONFIG_NETLABEL enabled,\n a remote attacker could use this to cause a denial of\n service (hang).\n\n - CVE-2018-13099\n Wen Xu from SSLab at Gatech reported a use-after-free\n bug in the F2FS implementation. An attacker able to\n mount a crafted F2FS volume could use this to cause a\n denial of service (crash or memory corruption) or\n possibly for privilege escalation.\n\n - CVE-2018-14609\n Wen Xu from SSLab at Gatech reported a potential NULL\n pointer dereference in the F2FS implementation. An\n attacker able to mount a crafted F2FS volume could use\n this to cause a denial of service (crash).\n\n - CVE-2018-14617\n Wen Xu from SSLab at Gatech reported a potential NULL\n pointer dereference in the HFS+ implementation. An\n attacker able to mount a crafted HFS+ volume could use\n this to cause a denial of service (crash).\n\n - CVE-2018-14633\n Vincent Pelletier discovered a stack-based buffer\n overflow flaw in the chap_server_compute_md5() function\n in the iSCSI target code. An unauthenticated remote\n attacker can take advantage of this flaw to cause a\n denial of service or possibly to get a non-authorized\n access to data exported by an iSCSI target.\n\n - CVE-2018-14678\n M. Vefa Bicakci and Andy Lutomirski discovered a flaw in\n the kernel exit code used on amd64 systems running as\n Xen PV guests. A local user could use this to cause a\n denial of service (crash).\n\n - CVE-2018-14734\n A use-after-free bug was discovered in the InfiniBand\n communication manager. A local user could use this to\n cause a denial of service (crash or memory corruption)\n or possible for privilege escalation.\n\n - CVE-2018-15572\n Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu\n Song, and Nael Abu-Ghazaleh, from University of\n California, Riverside, reported a variant of Spectre\n variant 2, dubbed SpectreRSB. A local user may be able\n to use this to read sensitive information from processes\n owned by other users.\n\n - CVE-2018-15594\n Nadav Amit reported that some indirect function calls\n used in paravirtualised guests were vulnerable to\n Spectre variant 2. A local user may be able to use this\n to read sensitive information from the kernel.\n\n - CVE-2018-16276\n Jann Horn discovered that the yurex driver did not\n correctly limit the length of copies to user buffers. A\n local user with access to a yurex device node could use\n this to cause a denial of service (memory corruption or\n crash) or possibly for privilege escalation.\n\n - CVE-2018-16658\n It was discovered that the cdrom driver does not\n correctly validate the parameter to the\n CDROM_DRIVE_STATUS ioctl. A user with access to a cdrom\n device could use this to read sensitive information from\n the kernel or to cause a denial of service (crash).\n\n - CVE-2018-17182\n Jann Horn discovered that the vmacache_flush_all\n function mishandles sequence number overflows. A local\n user can take advantage of this flaw to trigger a\n use-after-free, causing a denial of service (crash or\n memory corruption) or privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-9363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-9516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-10902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-10938\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-13099\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-14609\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-14617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-14633\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-14678\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-14734\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-15572\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-15594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-16658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-17182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4308\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (stretch), these problems have been fixed\nin version 4.9.110-3+deb9u5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/03/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.110-3+deb9u5\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.110-3+deb9u5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-05-16T16:52:30", "description": "The SUSE Linux Enterprise 12 SP1 kernel was updated receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912)\n\nCVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870)\n\nCVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095)\n\nCVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922)\n\nCVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001)\n\nCVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)\n\nCVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689)\n\nCVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511)\n\nCVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509)\n\nCVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322)\n\nCVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844)\n\nCVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863)\n\nCVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845)\n\nCVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849)\n\nCVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864)\n\nCVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846)\n\nCVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811)\n\nCVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813)\n\nCVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2908-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-10940", "CVE-2018-12896", "CVE-2018-13093", "CVE-2018-14617", "CVE-2018-14634", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-6554", "CVE-2018-6555"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-2908-1.NASL", "href": "https://www.tenable.com/plugins/nessus/117824", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2908-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(117824);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-10902\", \"CVE-2018-10940\", \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-14617\", \"CVE-2018-14634\", \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2908-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 kernel was updated receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14634: Prevent integer overflow in create_elf_tables that\nallowed a local attacker to exploit this vulnerability via a SUID-root\nbinary and obtain full root privileges (bsc#1108912)\n\nCVE-2018-14617: Prevent NULL pointer dereference and panic in\nhfsplus_lookup() when opening a file (that is purportedly a hard link)\nin an hfs+ filesystem that has malformed catalog data, and is mounted\nread-only without a metadata directory (bsc#1102870)\n\nCVE-2018-16276: Incorrect bounds checking in the yurex USB driver in\nyurex_read allowed local attackers to use user access read/writes to\ncrash the kernel or potentially escalate privileges (bsc#1106095)\n\nCVE-2018-12896: Prevent integer overflow in the POSIX timer code that\nwas caused by the way the overrun accounting works. Depending on\ninterval and expiry time values, the overrun can be larger than\nINT_MAX, but the accounting is int based. This basically made the\naccounting values, which are visible to user space via\ntimer_getoverrun(2) and siginfo::si_overrun, random. This allowed a\nlocal user to cause a denial of service (signed integer overflow) via\ncrafted mmap, futex, timer_create, and timer_settime system calls\n(bnc#1099922)\n\nCVE-2018-13093: Prevent NULL pointer dereference and panic in\nlookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a\ncorrupted xfs image. This occured because of a lack of proper\nvalidation that cached inodes are free during allocation (bnc#1100001)\n\nCVE-2018-10940: The cdrom_ioctl_media_changed function allowed local\nattackers to use a incorrect bounds check in the CDROM driver\nCDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)\n\nCVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status\nthat could have been used by local attackers to read kernel memory\n(bnc#1107689)\n\nCVE-2018-6555: The irda_setsockopt function allowed local users to\ncause a denial of service (ias_object use-after-free and system crash)\nor possibly have unspecified other impact via an AF_IRDA socket\n(bnc#1106511)\n\nCVE-2018-6554: Prevent memory leak in the irda_bind function that\nallowed local users to cause a denial of service (memory consumption)\nby repeatedly binding an AF_IRDA socket (bnc#1106509)\n\nCVE-2018-10902: Protect against concurrent access to prevent double\nrealloc (double free) in snd_rawmidi_input_params() and\nsnd_rawmidi_output_status(). A malicious local attacker could have\nused this for privilege escalation (bnc#1105322)\n\nCVE-2018-10879: A local user could have caused a use-after-free in\next4_xattr_set_entry function and a denial of service or unspecified\nother impact by renaming a file in a crafted ext4 filesystem image\n(bsc#1099844)\n\nCVE-2018-10883: A local user could have caused an out-of-bounds write\nin jbd2_journal_dirty_metadata(), a denial of service, and a system\ncrash by mounting and operating on a crafted ext4 filesystem image\n(bsc#1099863)\n\nCVE-2018-10880: Prevent stack-out-of-bounds write in the ext4\nfilesystem code when mounting and writing to a crafted ext4 image in\next4_update_inline_data(). An attacker could have used this to cause a\nsystem crash and a denial of service (bsc#1099845)\n\nCVE-2018-10882: A local user could have caused an out-of-bound write,\na denial of service, and a system crash by unmounting a crafted ext4\nfilesystem image (bsc#1099849)\n\nCVE-2018-10881: A local user could have caused an out-of-bound access\nin ext4_get_group_info function, a denial of service, and a system\ncrash by mounting and operating on a crafted ext4 filesystem image\n(bsc#1099864)\n\nCVE-2018-10877: Prevent out-of-bound access in the\next4_ext_drop_refs() function when operating on a crafted ext4\nfilesystem image (bsc#1099846)\n\nCVE-2018-10876: A use-after-free was possible in\next4_ext_remove_space() function when mounting and operating a crafted\next4 image (bsc#1099811)\n\nCVE-2018-10878: A local user could have caused an out-of-bounds write\nand a denial of service or unspecified other impact by mounting and\noperating a crafted ext4 filesystem image (bsc#1099813)\n\nCVE-2018-10853: The KVM hypervisor did not check current\nprivilege(CPL) level while emulating unprivileged instructions. An\nunprivileged guest user/process could have used this flaw to\npotentially escalate privileges inside guest (bsc#1097104).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1024788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064233\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1090955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091171\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105100\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105323\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10853/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10876/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10877/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10878/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10880/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10902/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-13093/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14617/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16276/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-6554/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-6555/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182908-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e50fcd04\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-2063=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2018-2063=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.74-60.64.104.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.74-60.64.104.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-09T00:26:07", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915i1/4%0\n\n - The Linux kernel, before version 4.14.2, is vulnerable to a deadlock caused by fs/ocfs2/file.c:ocfs2_setattr(), as the function does not wait for DIO requests before locking the inode.\n This can be exploited by local users to cause a subsequent denial of service.(CVE-2017-18204i1/4%0\n\n - The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.(CVE-2017-9605i1/4%0\n\n - Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.(CVE-2014-2568i1/4%0\n\n - It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.(CVE-2014-9420i1/4%0\n\n - An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754i1/4%0\n\n - A symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9730i1/4%0\n\n - In was found that in the Linux kernel, in vmw_surface_define_ioctl() function in 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a 'num_sizes' parameter is assigned a user-controlled value which is not checked if it is zero. This is used in a call to kmalloc() and later leads to dereferencing ZERO_SIZE_PTR, which in turn leads to a GPF and possibly to a kernel panic.(CVE-2017-7261i1/4%0\n\n - A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash.(CVE-2014-9529i1/4%0\n\n - A flaw was found in the Linux kernel's implementation of i8042 serial ports. An attacker could cause a kernel panic if they are able to add and remove devices as the module is loaded.(CVE-2017-18079i1/4%0\n\n - drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2892i1/4%0\n\n - The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.(CVE-2014-7843i1/4%0\n\n - A divide-by-zero vulnerability was found in a way the kernel processes TCP connections. The error can occur if a connection starts another cwnd reduction phase by setting tp-i1/4zprior_cwnd to the current cwnd (0) in tcp_init_cwnd_reduction(). A remote, unauthenticated attacker could use this flaw to crash the kernel (denial of service).(CVE-2016-2070i1/4%0\n\n - The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.(CVE-2016-2383i1/4%0\n\n - System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator.(CVE-2016-6327i1/4%0\n\n - A security flaw was found in the Linux kernel in the mark_source_chains() function in 'net/ipv4/netfilter/ip_tables.c'. It is possible for a user-supplied 'ipt_entry' structure to have a large 'next_offset' field. This field is not bounds checked prior to writing to a counter value at the supplied offset.(CVE-2016-3134i1/4%0\n\n - An out-of-bounds access issue was discovered in yurex_read() in drivers/usb/misc/yurex.c in the Linux kernel. A local attacker could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.(CVE-2018-16276i1/4%0\n\n - drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.(CVE-2016-4568i1/4%0\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel, before 4.13.8, allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.(CVE-2017-16525i1/4%0\n\n - The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image.\n (CVE-2018-1094)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2892", "CVE-2014-2568", "CVE-2014-7843", "CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9730", "CVE-2016-2070", "CVE-2016-2383", "CVE-2016-3134", "CVE-2016-4568", "CVE-2016-6327", "CVE-2016-7915", "CVE-2016-9754", "CVE-2017-16525", "CVE-2017-18079", "CVE-2017-18204", "CVE-2017-7261", "CVE-2017-9605", "CVE-2018-1094", "CVE-2018-16276"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1472.NASL", "href": "https://www.tenable.com/plugins/nessus/124796", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124796);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-2892\",\n \"CVE-2014-2568\",\n \"CVE-2014-7843\",\n \"CVE-2014-9420\",\n \"CVE-2014-9529\",\n \"CVE-2014-9730\",\n \"CVE-2016-2070\",\n \"CVE-2016-2383\",\n \"CVE-2016-3134\",\n \"CVE-2016-4568\",\n \"CVE-2016-6327\",\n \"CVE-2016-7915\",\n \"CVE-2016-9754\",\n \"CVE-2017-16525\",\n \"CVE-2017-18079\",\n \"CVE-2017-18204\",\n \"CVE-2017-7261\",\n \"CVE-2017-9605\",\n \"CVE-2018-1094\",\n \"CVE-2018-16276\"\n );\n script_bugtraq_id(\n 62049,\n 66348,\n 71082,\n 71717,\n 71880,\n 74964\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The hid_input_field() function in\n 'drivers/hid/hid-core.c' in the Linux kernel before 4.6\n allows physically proximate attackers to obtain\n sensitive information from kernel memory or cause a\n denial of service (out-of-bounds read) by connecting a\n device.(CVE-2016-7915i1/4%0\n\n - The Linux kernel, before version 4.14.2, is vulnerable\n to a deadlock caused by\n fs/ocfs2/file.c:ocfs2_setattr(), as the function does\n not wait for DIO requests before locking the inode.\n This can be exploited by local users to cause a\n subsequent denial of service.(CVE-2017-18204i1/4%0\n\n - The vmw_gb_surface_define_ioctl function (accessible\n via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel through 4.11.4 defines a backup_handle variable\n but does not give it an initial value. If one attempts\n to create a GB surface, with a previously allocated DMA\n buffer to be used as a backup buffer, the backup_handle\n variable does not get written to and is then later\n returned to user space, allowing local users to obtain\n sensitive information from uninitialized kernel memory\n via a crafted ioctl call.(CVE-2017-9605i1/4%0\n\n - Use-after-free vulnerability in the nfqnl_zcopy\n function in net/netfilter/nfnetlink_queue_core.c in the\n Linux kernel through 3.13.6 allows attackers to obtain\n sensitive information from kernel memory by leveraging\n the absence of a certain orphaning operation. NOTE: the\n affected code was moved to the skb_zerocopy function in\n net/core/skbuff.c before the vulnerability was\n announced.(CVE-2014-2568i1/4%0\n\n - It was found that the Linux kernel's ISO file system\n implementation did not correctly limit the traversal of\n Rock Ridge extension Continuation Entries (CE). An\n attacker with physical access to the system could use\n this flaw to trigger an infinite loop in the kernel,\n resulting in a denial of service.(CVE-2014-9420i1/4%0\n\n - An integer overflow vulnerability was found in the\n ring_buffer_resize() calculations in which a privileged\n user can adjust the size of the ringbuffer message\n size. These calculations can create an issue where the\n kernel memory allocator will not allocate the correct\n count of pages yet expect them to be usable. This can\n lead to the ftrace() output to appear to corrupt kernel\n memory and possibly be used for privileged escalation\n or more likely kernel panic.(CVE-2016-9754i1/4%0\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9730i1/4%0\n\n - In was found that in the Linux kernel, in\n vmw_surface_define_ioctl() function in\n 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a\n 'num_sizes' parameter is assigned a user-controlled\n value which is not checked if it is zero. This is used\n in a call to kmalloc() and later leads to dereferencing\n ZERO_SIZE_PTR, which in turn leads to a GPF and\n possibly to a kernel panic.(CVE-2017-7261i1/4%0\n\n - A race condition flaw was found in the way the Linux\n kernel keys management subsystem performed key garbage\n collection. A local attacker could attempt accessing a\n key while it was being garbage collected, which would\n cause the system to crash.(CVE-2014-9529i1/4%0\n\n - A flaw was found in the Linux kernel's implementation\n of i8042 serial ports. An attacker could cause a kernel\n panic if they are able to add and remove devices as the\n module is loaded.(CVE-2017-18079i1/4%0\n\n - drivers/hid/hid-pl.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PANTHERLORD is enabled, allows physically\n proximate attackers to cause a denial of service\n (heap-based out-of-bounds write) via a crafted\n device.(CVE-2013-2892i1/4%0\n\n - The __clear_user function in\n arch/arm64/lib/clear_user.S in the Linux kernel before\n 3.17.4 on the ARM64 platform allows local users to\n cause a denial of service (system crash) by reading one\n byte beyond a /dev/zero page boundary.(CVE-2014-7843i1/4%0\n\n - A divide-by-zero vulnerability was found in a way the\n kernel processes TCP connections. The error can occur\n if a connection starts another cwnd reduction phase by\n setting tp-i1/4zprior_cwnd to the current cwnd (0) in\n tcp_init_cwnd_reduction(). A remote, unauthenticated\n attacker could use this flaw to crash the kernel\n (denial of service).(CVE-2016-2070i1/4%0\n\n - The adjust_branches function in kernel/bpf/verifier.c\n in the Linux kernel before 4.5 does not consider the\n delta in the backward-jump case, which allows local\n users to obtain sensitive information from kernel\n memory by creating a packet filter and then loading\n crafted BPF instructions.(CVE-2016-2383i1/4%0\n\n - System using the infiniband support module ib_srpt were\n vulnerable to a denial of service by system crash by a\n local attacker who is able to abort writes to a device\n using this initiator.(CVE-2016-6327i1/4%0\n\n - A security flaw was found in the Linux kernel in the\n mark_source_chains() function in\n 'net/ipv4/netfilter/ip_tables.c'. It is possible for a\n user-supplied 'ipt_entry' structure to have a large\n 'next_offset' field. This field is not bounds checked\n prior to writing to a counter value at the supplied\n offset.(CVE-2016-3134i1/4%0\n\n - An out-of-bounds access issue was discovered in\n yurex_read() in drivers/usb/misc/yurex.c in the Linux\n kernel. A local attacker could use user access\n read/writes with incorrect bounds checking in the yurex\n USB driver to crash the kernel or potentially escalate\n privileges.(CVE-2018-16276i1/4%0\n\n - drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux\n kernel before 4.5.3 allows local users to cause a\n denial of service (kernel memory write operation) or\n possibly have unspecified other impact via a crafted\n number of planes in a VIDIOC_DQBUF ioctl\n call.(CVE-2016-4568i1/4%0\n\n - The usb_serial_console_disconnect function in\n drivers/usb/serial/console.c in the Linux kernel,\n before 4.13.8, allows local users to cause a denial of\n service (use-after-free and system crash) or possibly\n have unspecified other impact via a crafted USB device,\n related to disconnection and failed\n setup.(CVE-2017-16525i1/4%0\n\n - The Linux kernel is vulnerable to a NULL pointer\n dereference in the ext4/xattr.c:ext4_xattr_inode_hash()\n function. An attacker could trick a legitimate user or\n a privileged attacker could exploit this to cause a\n NULL pointer dereference with a crafted ext4 image.\n (CVE-2018-1094)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1472\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?349d271e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16276\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-16T16:53:24", "description": "The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a local attacker to exploit this vulnerability via a SUID-root binary and obtain full root privileges (bsc#1108912)\n\nCVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870)\n\nCVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095)\n\nCVE-2018-12896: Prevent integer overflow in the POSIX timer code that was caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. This allowed a local user to cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922)\n\nCVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001)\n\nCVE-2018-10940: The cdrom_ioctl_media_changed function allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)\n\nCVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that could have been used by local attackers to read kernel memory (bnc#1107689)\n\nCVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511)\n\nCVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509)\n\nCVE-2018-10853: The KVM hypervisor did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could have used this flaw to potentially escalate privileges inside guest (bsc#1097104)\n\nCVE-2018-10902: Protect against concurrent access to prevent double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A malicious local attacker could have used this for privilege escalation (bnc#1105322).\n\nCVE-2018-10879: A local user could have caused a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact by renaming a file in a crafted ext4 filesystem image (bsc#1099844)\n\nCVE-2018-10883: A local user could have caused an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099863)\n\nCVE-2018-10880: Prevent stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could have used this to cause a system crash and a denial of service (bsc#1099845)\n\nCVE-2018-10882: A local user could have caused an out-of-bound write, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image (bsc#1099849)\n\nCVE-2018-10881: A local user could have caused an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image (bsc#1099864)\n\nCVE-2018-10877: Prevent out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image (bsc#1099846)\n\nCVE-2018-10876: A use-after-free was possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image (bsc#1099811)\n\nCVE-2018-10878: A local user could have caused an out-of-bounds write and a denial of service or unspecified other impact by mounting and operating a crafted ext4 filesystem image (bsc#1099813)\n\nCVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3083-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-10940", "CVE-2018-12896", "CVE-2018-13093", "CVE-2018-14617", "CVE-2018-14634", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_146-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_146-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3083-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118033", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3083-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118033);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-10902\", \"CVE-2018-10940\", \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-14617\", \"CVE-2018-14634\", \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3083-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14634: Prevent integer overflow in create_elf_tables that\nallowed a local attacker to exploit this vulnerability via a SUID-root\nbinary and obtain full root privileges (bsc#1108912)\n\nCVE-2018-14617: Prevent NULL pointer dereference and panic in\nhfsplus_lookup() when opening a file (that is purportedly a hard link)\nin an hfs+ filesystem that has malformed catalog data, and is mounted\nread-only without a metadata directory (bsc#1102870)\n\nCVE-2018-16276: Incorrect bounds checking in the yurex USB driver in\nyurex_read allowed local attackers to use user access read/writes to\ncrash the kernel or potentially escalate privileges (bsc#1106095)\n\nCVE-2018-12896: Prevent integer overflow in the POSIX timer code that\nwas caused by the way the overrun accounting works. Depending on\ninterval and expiry time values, the overrun can be larger than\nINT_MAX, but the accounting is int based. This basically made the\naccounting values, which are visible to user space via\ntimer_getoverrun(2) and siginfo::si_overrun, random. This allowed a\nlocal user to cause a denial of service (signed integer overflow) via\ncrafted mmap, futex, timer_create, and timer_settime system calls\n(bnc#1099922)\n\nCVE-2018-13093: Prevent NULL pointer dereference and panic in\nlookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a\ncorrupted xfs image. This occured because of a lack of proper\nvalidation that cached inodes are free during allocation (bnc#1100001)\n\nCVE-2018-10940: The cdrom_ioctl_media_changed function allowed local\nattackers to use a incorrect bounds check in the CDROM driver\nCDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)\n\nCVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status\nthat could have been used by local attackers to read kernel memory\n(bnc#1107689)\n\nCVE-2018-6555: The irda_setsockopt function allowed local users to\ncause a denial of service (ias_object use-after-free and system crash)\nor possibly have unspecified other impact via an AF_IRDA socket\n(bnc#1106511)\n\nCVE-2018-6554: Prevent memory leak in the irda_bind function that\nallowed local users to cause a denial of service (memory consumption)\nby repeatedly binding an AF_IRDA socket (bnc#1106509)\n\nCVE-2018-10853: The KVM hypervisor did not check current\nprivilege(CPL) level while emulating unprivileged instructions. An\nunprivileged guest user/process could have used this flaw to\npotentially escalate privileges inside guest (bsc#1097104)\n\nCVE-2018-10902: Protect against concurrent access to prevent double\nrealloc (double free) in snd_rawmidi_input_params() and\nsnd_rawmidi_output_status(). A malicious local attacker could have\nused this for privilege escalation (bnc#1105322).\n\nCVE-2018-10879: A local user could have caused a use-after-free in\next4_xattr_set_entry function and a denial of service or unspecified\nother impact by renaming a file in a crafted ext4 filesystem image\n(bsc#1099844)\n\nCVE-2018-10883: A local user could have caused an out-of-bounds write\nin jbd2_journal_dirty_metadata(), a denial of service, and a system\ncrash by mounting and operating on a crafted ext4 filesystem image\n(bsc#1099863)\n\nCVE-2018-10880: Prevent stack-out-of-bounds write in the ext4\nfilesystem code when mounting and writing to a crafted ext4 image in\next4_update_inline_data(). An attacker could have used this to cause a\nsystem crash and a denial of service (bsc#1099845)\n\nCVE-2018-10882: A local user could have caused an out-of-bound write,\na denial of service, and a system crash by unmounting a crafted ext4\nfilesystem image (bsc#1099849)\n\nCVE-2018-10881: A local user could have caused an out-of-bound access\nin ext4_get_group_info function, a denial of service, and a system\ncrash by mounting and operating on a crafted ext4 filesystem image\n(bsc#1099864)\n\nCVE-2018-10877: Prevent out-of-bound access in the\next4_ext_drop_refs() function when operating on a crafted ext4\nfilesystem image (bsc#1099846)\n\nCVE-2018-10876: A use-after-free was possible in\next4_ext_remove_space() function when mounting and operating a crafted\next4 image (bsc#1099811)\n\nCVE-2018-10878: A local user could have caused an out-of-bounds write\nand a denial of service or unspecified other impact by mounting and\noperating a crafted ext4 filesystem image (bsc#1099813)\n\nCVE-2018-17182: An issue was discovered in the Linux kernel The\nvmacache_flush_all function in mm/vmacache.c mishandled sequence\nnumber overflows. An attacker can trigger a use-after-free (and\npossibly gain privileges) via certain thread creation, map, unmap,\ninvalidation, and dereference operations (bnc#1108399).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100089\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10853/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10876/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10877/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10878/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10880/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10902/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-13093/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14617/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16276/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17182/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-6554/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-6555/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183083-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2d33c84c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-2185=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2018-2185=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_146-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_146-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_146-default-1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_146-xen-1-1.5.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.61-52.146.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.61-52.146.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-04T15:40:56", "description": "The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes.\n\nCVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest (bnc#1097104).\n\nCVE-2018-10876: A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image. (bnc#1099811)\n\nCVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image. (bnc#1099846)\n\nCVE-2018-10878: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (bnc#1099813)\n\nCVE-2018-10879: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image. (bnc#1099844)\n\nCVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service. (bnc#1099845)\n\nCVE-2018-10881: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.\n(bnc#1099864)\n\nCVE-2018-10882: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image. (bnc#1099849)\n\nCVE-2018-10883: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.\n(bnc#1099863)\n\nCVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322).\n\nCVE-2018-10938: A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw (bnc#1106016).\n\nCVE-2018-10940: The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allowed local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bnc#1092903).\n\nCVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on interval and expiry time values, the overrun can be larger than INT_MAX, but the accounting is int based. This basically made the accounting values, which are visible to user space via timer_getoverrun(2) and siginfo::si_overrun, random. For example, a local user can cause a denial of service (signed integer overflow) via crafted mmap, futex, timer_create, and timer_settime system calls (bnc#1099922).\n\nCVE-2018-13093: There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation (bnc#1100001).\n\nCVE-2018-13094: An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000).\n\nCVE-2018-13095: A denial of service (memory corruption and BUG) can occur for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999).\n\nCVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bnc#1102870).\n\nCVE-2018-14678: The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S did not properly maintain RBX, which allowed local users to cause a denial of service (uninitialized memory usage and system crash). Within Xen, 64-bit x86 PV Linux guest OS users can trigger a guest OS crash or possibly gain privileges (bnc#1102715).\n\nCVE-2018-15572: The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296).\n\nCVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect calls, which made it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests (bnc#1105348).\n\nCVE-2018-16276: Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges (bnc#1106095).\n\nCVE-2018-16658: An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 (bnc#1107689).\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399).\n\nCVE-2018-6554: Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509).\n\nCVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511).\n\nCVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).\n\nCVE-2018-9363: A buffer overflow in bluetooth HID report processing could be used by malicious bluetooth devices to crash the kernel or potentially execute code (bnc#1105292). The following security bugs were fixed :\n\nCVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bnc#1082863).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.4, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-10-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3084-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10853", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10881", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-10940", "CVE-2018-12896", "CVE-2018-13093", "CVE-2018-13094", "CVE-2018-13095", "CVE-2018-14617", "CVE-2018-14678", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-7480", "CVE-2018-7757", "CVE-2018-9363"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_95-default", "p-cpe:/a:novell:suse_linux:lttng-modules", "p-cpe:/a:novell:suse_linux:lttng-modules-debugsource", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3084-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118034", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3084-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118034);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/09/10 13:51:49\");\n\n script_cve_id(\"CVE-2018-10853\", \"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10881\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-10902\", \"CVE-2018-10938\", \"CVE-2018-10940\", \"CVE-2018-12896\", \"CVE-2018-13093\", \"CVE-2018-13094\", \"CVE-2018-13095\", \"CVE-2018-14617\", \"CVE-2018-14678\", \"CVE-2018-15572\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\", \"CVE-2018-7480\", \"CVE-2018-7757\", \"CVE-2018-9363\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3084-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nCVE-2018-10853: A flaw was found in the way the KVM hypervisor\nemulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not\ncheck current privilege(CPL) level while emulating unprivileged\ninstructions. An unprivileged guest user/process could use this flaw\nto potentially escalate privileges inside guest (bnc#1097104).\n\nCVE-2018-10876: A flaw was found in Linux kernel in the ext4\nfilesystem code. A use-after-free is possible in\next4_ext_remove_space() function when mounting and operating a crafted\next4 image. (bnc#1099811)\n\nCVE-2018-10877: Linux kernel ext4 filesystem is vulnerable to an\nout-of-bound access in the ext4_ext_drop_refs() function when\noperating on a crafted ext4 filesystem image. (bnc#1099846)\n\nCVE-2018-10878: A flaw was found in the Linux kernel's ext4\nfilesystem. A local user can cause an out-of-bounds write and a denial\nof service or unspecified other impact is possible by mounting and\noperating a crafted ext4 filesystem image. (bnc#1099813)\n\nCVE-2018-10879: A flaw was found in the Linux kernel's ext4\nfilesystem. A local user can cause a use-after-free in\next4_xattr_set_entry function and a denial of service or unspecified\nother impact may occur by renaming a file in a crafted ext4 filesystem\nimage. (bnc#1099844)\n\nCVE-2018-10880: Linux kernel is vulnerable to a stack-out-of-bounds\nwrite in the ext4 filesystem code when mounting and writing to a\ncrafted ext4 image in ext4_update_inline_data(). An attacker could use\nthis to cause a system crash and a denial of service. (bnc#1099845)\n\nCVE-2018-10881: A flaw was found in the Linux kernel's ext4\nfilesystem. A local user can cause an out-of-bound access in\next4_get_group_info function, a denial of service, and a system crash\nby mounting and operating on a crafted ext4 filesystem image.\n(bnc#1099864)\n\nCVE-2018-10882: A flaw was found in the Linux kernel's ext4\nfilesystem. A local user can cause an out-of-bound write in in\nfs/jbd2/transaction.c code, a denial of service, and a system crash by\nunmounting a crafted ext4 filesystem image. (bnc#1099849)\n\nCVE-2018-10883: A flaw was found in the Linux kernel's ext4\nfilesystem. A local user can cause an out-of-bounds write in\njbd2_journal_dirty_metadata(), a denial of service, and a system crash\nby mounting and operating on a crafted ext4 filesystem image.\n(bnc#1099863)\n\nCVE-2018-10902: It was found that the raw midi kernel driver did not\nprotect against concurrent access which leads to a double realloc\n(double free) in snd_rawmidi_input_params() and\nsnd_rawmidi_output_status() which are part of snd_rawmidi_ioctl()\nhandler in rawmidi.c file. A malicious local attacker could possibly\nuse this for privilege escalation (bnc#1105322).\n\nCVE-2018-10938: A crafted network packet sent remotely by an attacker\nmay force the kernel to enter an infinite loop in the\ncipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a\ndenial-of-service. A certain non-default configuration of LSM (Linux\nSecurity Module) and NetLabel should be set up on a system before an\nattacker could leverage this flaw (bnc#1106016).\n\nCVE-2018-10940: The cdrom_ioctl_media_changed function in\ndrivers/cdrom/cdrom.c allowed local attackers to use a incorrect\nbounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out\nkernel memory (bnc#1092903).\n\nCVE-2018-12896: An Integer Overflow in kernel/time/posix-timers.c in\nthe POSIX timer code is caused by the way the overrun accounting\nworks. Depending on interval and expiry time values, the overrun can\nbe larger than INT_MAX, but the accounting is int based. This\nbasically made the accounting values, which are visible to user space\nvia timer_getoverrun(2) and siginfo::si_overrun, random. For example,\na local user can cause a denial of service (signed integer overflow)\nvia crafted mmap, futex, timer_create, and timer_settime system calls\n(bnc#1099922).\n\nCVE-2018-13093: There is a NULL pointer dereference and panic in\nlookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a\ncorrupted xfs image. This occurs because of a lack of proper\nvalidation that cached inodes are free during allocation\n(bnc#1100001).\n\nCVE-2018-13094: An OOPS may occur for a corrupted xfs image after\nxfs_da_shrink_inode() is called with a NULL bp (bnc#1100000).\n\nCVE-2018-13095: A denial of service (memory corruption and BUG) can\noccur for a corrupted xfs image upon encountering an inode that is in\nextent format, but has more extents than fit in the inode fork\n(bnc#1099999).\n\nCVE-2018-14617: There is a NULL pointer dereference and panic in\nhfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is\npurportedly a hard link) in an hfs+ filesystem that has malformed\ncatalog data, and is mounted read-only without a metadata directory\n(bnc#1102870).\n\nCVE-2018-14678: The xen_failsafe_callback entry point in\narch/x86/entry/entry_64.S did not properly maintain RBX, which allowed\nlocal users to cause a denial of service (uninitialized memory usage\nand system crash). Within Xen, 64-bit x86 PV Linux guest OS users can\ntrigger a guest OS crash or possibly gain privileges (bnc#1102715).\n\nCVE-2018-15572: The spectre_v2_select_mitigation function in\narch/x86/kernel/cpu/bugs.c did not always fill RSB upon a context\nswitch, which made it easier for attackers to conduct\nuserspace-userspace spectreRSB attacks (bnc#1102517 bnc#1105296).\n\nCVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect\ncalls, which made it easier for attackers to conduct Spectre-v2\nattacks against paravirtual guests (bnc#1105348).\n\nCVE-2018-16276: Local attackers could use user access read/writes with\nincorrect bounds checking in the yurex USB driver to crash the kernel\nor potentially escalate privileges (bnc#1106095).\n\nCVE-2018-16658: An information leak in cdrom_ioctl_drive_status in\ndrivers/cdrom/cdrom.c could be used by local attackers to read kernel\nmemory because a cast from unsigned long to int interferes with bounds\nchecking. This is similar to CVE-2018-10940 (bnc#1107689).\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\nmishandled sequence number overflows. An attacker can trigger a\nuse-after-free (and possibly gain privileges) via certain thread\ncreation, map, unmap, invalidation, and dereference operations\n(bnc#1108399).\n\nCVE-2018-6554: Memory leak in the irda_bind function in\nnet/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c\nallowed local users to cause a denial of service (memory consumption)\nby repeatedly binding an AF_IRDA socket (bnc#1106509).\n\nCVE-2018-6555: The irda_setsockopt function in net/irda/af_irda.c and\nlater in drivers/staging/irda/net/af_irda.c allowed local users to\ncause a denial of service (ias_object use-after-free and system crash)\nor possibly have unspecified other impact via an AF_IRDA socket\n(bnc#1106511).\n\nCVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/libsas/sas_expander.c allowed local users to cause a\ndenial of service (memory consumption) via many read accesses to files\nin the /sys/class/sas_phy directory, as demonstrated by the\n/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).\n\nCVE-2018-9363: A buffer overflow in bluetooth HID report processing\ncould be used by malicious bluetooth devices to crash the kernel or\npotentially execute code (bnc#1105292). The following security bugs\nwere fixed :\n\nCVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c\nallowed local users to cause a denial of service (double free) or\npossibly have unspecified other impact by triggering a creation\nfailure (bnc#1082863).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1062604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065364\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1085042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1092903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095344\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1097104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099813\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099844\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099845\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099864\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099993\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099999\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100000\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100001\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105322\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105396\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106369\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106512\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107689\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107966\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10853/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10876/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10877/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10878/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10879/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10880/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10881/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10882/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10883/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10902/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10938/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-10940/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-12896/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-13093/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-13094/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-13095/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14617/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14678/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15572/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-15594/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16276/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-16658/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-17182/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-6554/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-6555/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7480/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-7757/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9363/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183084-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b663a3db\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-2188=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-2188=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-2188=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2018-2188=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-2188=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2188=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_95-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_95-default-1-3.4.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"lttng-modules-2.7.1-9.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"lttng-modules-debugsource-2.7.1-9.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.121_92.95-9.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.95.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.95.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.95.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.95.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.95.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.95.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.95.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.95.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-15T12:18:23", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.(CVE-2018-10876)A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)A information disclosure vulnerability in the Upstream kernel encrypted-keys.\n Product: Android. Versions: Android kernel. Android ID:\n A-70526974.(CVE-2017-13305)A race condition was found in the Linux kernels implementation of the floppy disk drive controller driver software. The impact of this issue is lessened by the fact that the default permissions on the floppy device (/dev/fd0) are restricted to root. If the permissions on the device have changed the impact changes greatly. In the default configuration root (or equivalent) permissions are required to attack this flaw.(CVE-2021-20261)An issue was discovered in dlpar_parse_cc_property in arch/powerpc/platforms/pseries/dlpar.c in the Linux kernel through 5.1.6. There is an unchecked kstrdup of prop->name, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash).(CVE-2019-12614)An issue was discovered in fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3.\n There is a NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occurs because of a lack of proper validation that cached inodes are free during allocation.(CVE-2018-13093)An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.(CVE-2019-11815)An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables.(CVE-2021-27363)An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message.(CVE-2021-27365)An issue was discovered in the Linux kernel through 5.11.3.\n drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages.(CVE-2021-27364)An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.(CVE-2018-16276)drivers/infiniband/core/ucma .c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to cause a denial of service (use-after-free).(CVE-2018-14734)In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171(CVE-2020-0427)In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel(CVE-2020-0466)In fs/ocfs2/cluster/ nodemanager.c in the Linux kernel before 4.15, local users can cause a denial of service (NULL pointer dereference and BUG) because a required mutex is not used.(CVE-2017-18216)In the Linux kernel before 5.2, a setxattr operation, after a mount of a crafted ext4 image, can cause a slab-out-of-bounds write access because of an ext4_xattr_set_entry use-after-free in fs/ext4/xattr.c when a large old_size value is used in a memset call, aka CID-345c0dbf3a30.(CVE-2019-19319)In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.(CVE-2017-7482)In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel(CVE-2020-0404)In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-162844689References:\n Upstream kernel(CVE-2020-0465)It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.(CVE-2018-10902)Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.(CVE-2018-10877)Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.(CVE-2018-10880)Linux Kernel contains an out-of-bounds read flaw in the asn1_ber_decoder() function in lib/asn1_decoder.c that is triggered when decoding ASN.1 data. This may allow a remote attacker to disclose potentially sensitive memory contents.(CVE-2018-9383)use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c(CVE-2020-25669)mwifiex_ cmd_802_11_ad_hoc_start in drivers/ net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)fs/ nfsd/ nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. NOTE: some parties argue that such a subdirectory export is not intended to prevent this attack see also the exports(5) no_subtree_check default behavior.(CVE-2021-3178)In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.(CVE-2019-6974)The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.(CVE-2019-7221)A flaw was found in the JFS filesystem code. This flaw allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-27815)An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8.(CVE-2021-28972)A NULL pointer dereference was found in the net/rds/rdma.c\n __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.(CVE-2018-7492)The Siemens R3964 line discipline driver in drivers/tty/ n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.(CVE-2019-11486)The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.(CVE-2016-3857)The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.(CVE-2017-17741)The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk.(CVE-2014-7841)The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a 'page lock order bug in the XFS seek hole/data implementation.'(CVE-2016-8660)The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.(CVE-2018-10322)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7841", "CVE-2016-3857", "CVE-2016-8660", "CVE-2017-13305", "CVE-2017-17741", "CVE-2017-18216", "CVE-2017-7482", "CVE-2018-10322", "CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10880", "CVE-2018-10902", "CVE-2018-13093", "CVE-2018-14734", "CVE-2018-16276", "CVE-2018-7492", "CVE-2018-9383", "CVE-2019-11486", "CVE-2019-11815", "CVE-2019-12614", "CVE-2019-19319", "CVE-2019-6974", "CVE-2019-7221", "CVE-2020-0404", "CVE-2020-0427", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-25656", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36158", "CVE-2021-20261", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28972", "CVE-2021-3178"], "modified": "2021-05-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1808.NASL", "href": "https://www.tenable.com/plugins/nessus/149098", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149098);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/04\");\n\n script_cve_id(\n \"CVE-2014-7841\",\n \"CVE-2016-3857\",\n \"CVE-2016-8660\",\n \"CVE-2017-13305\",\n \"CVE-2017-17741\",\n \"CVE-2017-18216\",\n \"CVE-2017-7482\",\n \"CVE-2018-10322\",\n \"CVE-2018-10876\",\n \"CVE-2018-10877\",\n \"CVE-2018-10880\",\n \"CVE-2018-10902\",\n \"CVE-2018-13093\",\n \"CVE-2018-14734\",\n \"CVE-2018-16276\",\n \"CVE-2018-7492\",\n \"CVE-2018-9383\",\n \"CVE-2019-11486\",\n \"CVE-2019-11815\",\n \"CVE-2019-12614\",\n \"CVE-2019-19319\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2020-0404\",\n \"CVE-2020-0427\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-25656\",\n \"CVE-2020-25669\",\n \"CVE-2020-27777\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36158\",\n \"CVE-2021-20261\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28972\",\n \"CVE-2021-3178\"\n );\n script_bugtraq_id(\n 71081\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1808)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):A flaw was found in Linux\n kernel in the ext4 filesystem code. A use-after-free is\n possible in ext4_ext_remove_space() function when\n mounting and operating a crafted ext4\n image.(CVE-2018-10876)A flaw was found in the Linux\n kernel. A use-after-free was found in the way the\n console subsystem was using ioctls KDGKBSENT and\n KDSKBSENT. A local user could use this flaw to get read\n memory access out of bounds. The highest threat from\n this vulnerability is to data\n confidentiality.(CVE-2020-25656)A flaw was found in the\n way RTAS handled memory accesses in userspace to kernel\n communication. On a locked down (usually due to Secure\n Boot) guest system running on top of PowerVM or KVM\n hypervisors (pseries platform) a root like local user\n could use this flaw to further increase their\n privileges to that of a running\n kernel.(CVE-2020-27777)A information disclosure\n vulnerability in the Upstream kernel encrypted-keys.\n Product: Android. Versions: Android kernel. Android ID:\n A-70526974.(CVE-2017-13305)A race condition was found\n in the Linux kernels implementation of the floppy disk\n drive controller driver software. The impact of this\n issue is lessened by the fact that the default\n permissions on the floppy device (/dev/fd0) are\n restricted to root. If the permissions on the device\n have changed the impact changes greatly. In the default\n configuration root (or equivalent) permissions are\n required to attack this flaw.(CVE-2021-20261)An issue\n was discovered in dlpar_parse_cc_property in\n arch/powerpc/platforms/pseries/dlpar.c in the Linux\n kernel through 5.1.6. There is an unchecked kstrdup of\n prop->name, which might allow an attacker to cause a\n denial of service (NULL pointer dereference and system\n crash).(CVE-2019-12614)An issue was discovered in\n fs/xfs/xfs_icache.c in the Linux kernel through 4.17.3.\n There is a NULL pointer dereference and panic in\n lookup_slow() on a NULL inode->i_ops pointer when doing\n pathwalks on a corrupted xfs image. This occurs because\n of a lack of proper validation that cached inodes are\n free during allocation.(CVE-2018-13093)An issue was\n discovered in rds_tcp_kill_sock in net/rds/tcp.c in the\n Linux kernel before 5.0.8. There is a race condition\n leading to a use-after-free, related to net namespace\n cleanup.(CVE-2019-11815)An issue was discovered in the\n Linux kernel through 5.11.3. A kernel pointer leak can\n be used to determine the address of the iscsi_transport\n structure. When an iSCSI transport is registered with\n the iSCSI subsystem, the transport's handle is\n available to unprivileged users via the sysfs file\n system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When\n read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which\n leaks the handle. This handle is actually the pointer\n to an iscsi_transport struct in the kernel module's\n global variables.(CVE-2021-27363)An issue was\n discovered in the Linux kernel through 5.11.3. Certain\n iSCSI data structures do not have appropriate length\n constraints or checks, and can exceed the PAGE_SIZE\n value. An unprivileged user can send a Netlink message\n that is associated with iSCSI, and has a length up to\n the maximum length of a Netlink\n message.(CVE-2021-27365)An issue was discovered in the\n Linux kernel through 5.11.3.\n drivers/scsi/scsi_transport_iscsi.c is adversely\n affected by the ability of an unprivileged user to\n craft Netlink messages.(CVE-2021-27364)An issue was\n discovered in yurex_read in drivers/usb/misc/yurex.c in\n the Linux kernel before 4.17.7. Local attackers could\n use user access read/writes with incorrect bounds\n checking in the yurex USB driver to crash the kernel or\n potentially escalate\n privileges.(CVE-2018-16276)drivers/infiniband/core/ucma\n .c in the Linux kernel through 4.17.11 allows\n ucma_leave_multicast to access a certain data structure\n after a cleanup step in ucma_process_join, which allows\n attackers to cause a denial of service\n (use-after-free).(CVE-2018-14734)In create_pinctrl of\n core.c, there is a possible out of bounds read due to a\n use after free. This could lead to local information\n disclosure with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-140550171(CVE-2020-0427)In\n do_epoll_ctl and ep_loop_check_proc of eventpoll.c,\n there is a possible use after free due to a logic\n error. This could lead to local escalation of privilege\n with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-147802478References: Upstream kernel(CVE-2020-0466)In\n fs/ocfs2/cluster/ nodemanager.c in the Linux kernel\n before 4.15, local users can cause a denial of service\n (NULL pointer dereference and BUG) because a required\n mutex is not used.(CVE-2017-18216)In the Linux kernel\n before 5.2, a setxattr operation, after a mount of a\n crafted ext4 image, can cause a slab-out-of-bounds\n write access because of an ext4_xattr_set_entry\n use-after-free in fs/ext4/xattr.c when a large old_size\n value is used in a memset call, aka\n CID-345c0dbf3a30.(CVE-2019-19319)In the Linux kernel\n before version 4.12, Kerberos 5 tickets decoded when\n using the RXRPC keys incorrectly assumes the size of a\n field. This could lead to the size-remaining variable\n wrapping and the data pointer going over the end of the\n buffer. This could possibly lead to memory corruption\n and possible privilege escalation.(CVE-2017-7482)In\n uvc_scan_chain_forward of uvc_driver.c, there is a\n possible linked list corruption due to an unusual root\n cause. This could lead to local escalation of privilege\n in the kernel with no additional execution privileges\n needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream\n kernel(CVE-2020-0404)In various methods of\n hid-multitouch.c, there is a possible out of bounds\n write due to a missing bounds check. This could lead to\n local escalation of privilege with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-162844689References:\n Upstream kernel(CVE-2020-0465)It was found that the raw\n midi kernel driver does not protect against concurrent\n access which leads to a double realloc (double free) in\n snd_rawmidi_input_params() and\n snd_rawmidi_output_status() which are part of\n snd_rawmidi_ioctl() handler in rawmidi.c file. A\n malicious local attacker could possibly use this for\n privilege escalation.(CVE-2018-10902)Linux kernel ext4\n filesystem is vulnerable to an out-of-bound access in\n the ext4_ext_drop_refs() function when operating on a\n crafted ext4 filesystem image.(CVE-2018-10877)Linux\n kernel is vulnerable to a stack-out-of-bounds write in\n the ext4 filesystem code when mounting and writing to a\n crafted ext4 image in ext4_update_inline_data(). An\n attacker could use this to cause a system crash and a\n denial of service.(CVE-2018-10880)Linux Kernel contains\n an out-of-bounds read flaw in the asn1_ber_decoder()\n function in lib/asn1_decoder.c that is triggered when\n decoding ASN.1 data. This may allow a remote attacker\n to disclose potentially sensitive memory\n contents.(CVE-2018-9383)use-after-free read in\n sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c(CVE-2020-25669)mwifiex_\n cmd_802_11_ad_hoc_start in drivers/\n net/wireless/marvell/mwifiex/join.c in the Linux kernel\n through 5.10.4 might allow remote attackers to execute\n arbitrary code via a long SSID value, aka\n CID-5c455c5ab332.(CVE-2020-36158)fs/ nfsd/ nfs3xdr.c in\n the Linux kernel through 5.10.8, when there is an NFS\n export of a subdirectory of a filesystem, allows remote\n attackers to traverse to other parts of the filesystem\n via READDIRPLUS. NOTE: some parties argue that such a\n subdirectory export is not intended to prevent this\n attack see also the exports(5) no_subtree_check default\n behavior.(CVE-2021-3178)In the Linux kernel before\n 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c\n mishandles reference counting because of a race\n condition, leading to a\n use-after-free.(CVE-2019-6974)The KVM implementation in\n the Linux kernel through 4.20.5 has a\n Use-after-Free.(CVE-2019-7221)A flaw was found in the\n JFS filesystem code. This flaw allows a local attacker\n with the ability to set extended attributes to panic\n the system, causing memory corruption or escalating\n privileges. The highest threat from this vulnerability\n is to confidentiality, integrity, as well as system\n availability.(CVE-2020-27815)An out-of-bounds (OOB)\n memory access flaw was found in x25_bind in\n net/x25/af_x25.c in the Linux kernel. A bounds check\n failure allows a local attacker with a user account on\n the system to gain access to out-of-bounds memory,\n leading to a system crash or a leak of internal kernel\n information. The highest threat from this vulnerability\n is to confidentiality, integrity, as well as system\n availability.(CVE-2020-35519)In\n drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux\n kernel through 5.11.8, the RPA PCI Hotplug driver has a\n user-tolerable buffer overflow when writing a new\n device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame\n directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination,\n aka CID-cc7a0bb058b8.(CVE-2021-28972)A NULL pointer\n dereference was found in the net/rds/rdma.c\n __rds_rdma_map() function in the Linux kernel before\n 4.14.7 allowing local attackers to cause a system panic\n and a denial-of-service, related to RDS_GET_MR and\n RDS_GET_MR_FOR_DEST.(CVE-2018-7492)The Siemens R3964\n line discipline driver in drivers/tty/ n_r3964.c in the\n Linux kernel before 5.0.8 has multiple race\n conditions.(CVE-2019-11486)The kernel in Android before\n 2016-08-05 on Nexus 7 (2013) devices allows attackers\n to gain privileges via a crafted application, aka\n internal bug 28522518.(CVE-2016-3857)The KVM\n implementation in the Linux kernel through 4.14.7\n allows attackers to obtain potentially sensitive\n information from kernel memory, aka a write_mmio\n stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and\n include/trace/events/kvm.h.(CVE-2017-17741)The\n sctp_process_param function in net/sctp/sm_make_chunk.c\n in the SCTP implementation in the Linux kernel before\n 3.17.4, when ASCONF is used, allows remote attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a malformed INIT\n chunk.(CVE-2014-7841)The XFS subsystem in the Linux\n kernel through 4.8.2 allows local users to cause a\n denial of service (fdatasync failure and system hang)\n by using the vfs syscall group in the trinity program,\n related to a 'page lock order bug in the XFS seek\n hole/data implementation.'(CVE-2016-8660)The\n xfs_dinode_verify function in\n fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel\n through 4.16.3 allows local users to cause a denial of\n service (xfs_ilock_attr_map_shared invalid pointer\n dereference) via a crafted xfs image.(CVE-2018-10322)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1808\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4aedd469\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h323\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h323\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h323\",\n \"kernel-devel-3.10.0-514.44.5.10.h323\",\n \"kernel-headers-3.10.0-514.44.5.10.h323\",\n \"kernel-tools-3.10.0-514.44.5.10.h323\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h323\",\n \"perf-3.10.0-514.44.5.10.h323\",\n \"python-perf-3.10.0-514.44.5.10.h323\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-azure USN-3847-3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2018-14734", "CVE-2018-18710", "CVE-2018-18445", "CVE-2018-16276", "CVE-2018-10902", "CVE-2018-12896"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843861", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843861", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3847_3.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-azure USN-3847-3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843861\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\",\n \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-21 07:24:27 +0100 (Fri, 21 Dec 2018)\");\n script_name(\"Ubuntu Update for linux-azure USN-3847-3\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3847-3\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3847-3/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-azure'\n package(s) announced via the USN-3847-3 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nkernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the\nInfiniband implementation in the Linux kernel. An attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file\nsystem in the Linux kernel in certain situations could cause an error\ncondition to occur. A local attacker could use this to cause a denial of\nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the\nCDROM driver of the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-18710)\");\n\n script_tag(name:\"affected\", value:\"linux-azure on Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1036-azure\", ver:\"4.15.0-1036.38~14.04.2\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1036.23\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-aws-hwe USN-3847-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2018-14734", "CVE-2018-18710", "CVE-2018-18445", "CVE-2018-16276", "CVE-2018-10902", "CVE-2018-12896"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843860", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843860", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3847_2.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-aws-hwe USN-3847-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843860\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\",\n \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-21 07:24:09 +0100 (Fri, 21 Dec 2018)\");\n script_name(\"Ubuntu Update for linux-aws-hwe USN-3847-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3847-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3847-2/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws-hwe'\n package(s) announced via the USN-3847-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the\nInfiniband implementation in the Linux kernel. An attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file\nsystem in the Linux kernel in certain situations could cause an error\ncondition to occur. A local attacker could use this to cause a denial of\nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the\nCDROM driver of the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-18710)\");\n\n script_tag(name:\"affected\", value:\"linux-aws-hwe on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1026-gcp\", ver:\"4.15.0-1026.27~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1031-aws\", ver:\"4.15.0-1031.33~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1036-azure\", ver:\"4.15.0-1036.38~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-generic\", ver:\"4.15.0-43.46~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-generic-lpae\", ver:\"4.15.0-43.46~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-lowlatency\", ver:\"4.15.0-43.46~16.04.1\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws-hwe\", ver:\"4.15.0.1031.32\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1036.41\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1026.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.43.64\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.43.64\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1026.40\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.43.64\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3847-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2018-14734", "CVE-2018-18710", "CVE-2018-18445", "CVE-2018-16276", "CVE-2018-10902", "CVE-2018-12896"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843856", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843856", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3847_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3847-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843856\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\",\n \"CVE-2018-16276\", \"CVE-2018-18445\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-21 07:23:07 +0100 (Fri, 21 Dec 2018)\");\n script_name(\"Ubuntu Update for linux USN-3847-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU18\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3847-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3847-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3847-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the\nInfiniband implementation in the Linux kernel. An attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not\ncorrectly compute numeric bounds in some situations. A local attacker could\nuse this to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file\nsystem in the Linux kernel in certain situations could cause an error\ncondition to occur. A local attacker could use this to cause a denial of\nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the\nCDROM driver of the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-18710)\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 18.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\n\n Note: According to the USN the package names for this update where changed from e.g.\n linux-image-4.15.0-42-generic to linux-image-4.15.0-43-generic. Due to this please\n make sure to install the kernel package containing the -43- part within its name.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU18.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1026-gcp\", ver:\"4.15.0-1026.27\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1028-kvm\", ver:\"4.15.0-1028.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1030-oem\", ver:\"4.15.0-1030.35\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1030-raspi2\", ver:\"4.15.0-1030.32\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1031-aws\", ver:\"4.15.0-1031.33\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-1036-azure\", ver:\"4.15.0-1036.38\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n # nb: According to USN 3847 the kernel updates have been given a new version number.\n # The package names where changed from e.g. linux-image-4.15.0-42-generic to\n # linux-image-4.15.0-43-generic so we need to check for both here:\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-generic\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-generic-lpae\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-lowlatency\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-43-snapdragon\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-42-generic\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-42-generic-lpae\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-42-lowlatency\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.15.0-42-snapdragon\", ver:\"4.15.0-43.46\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1031.30\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1036.36\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1026.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.43.45\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.43.45\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1026.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1028.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.43.45\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.1030.35\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1030.28\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.15.0.43.45\", rls:\"UBUNTU18.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-12-21T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3849-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-18690", "CVE-2018-14734", "CVE-2018-18710", "CVE-2018-16276", "CVE-2017-2647", "CVE-2018-18386", "CVE-2018-10902", "CVE-2018-12896"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843857", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843857", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3849_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3849-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843857\");\n script_version(\"$Revision: 14288 $\");\n script_cve_id(\"CVE-2017-2647\", \"CVE-2018-10902\", \"CVE-2018-12896\", \"CVE-2018-14734\",\n \"CVE-2018-16276\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-21 07:23:25 +0100 (Fri, 21 Dec 2018)\");\n script_name(\"Ubuntu Update for linux USN-3849-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"3849-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3849-1/\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-3849-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that a NULL pointer dereference existed in the keyring\nsubsystem of the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-2647)\n\nIt was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the\nPOSIX timers implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the\nInfiniband implementation in the Linux kernel. An attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nTetsuo Handa discovered a logic error in the TTY subsystem of the Linux\nkernel. A local attacker with access to pseudo terminal devices could use\nthis to cause a denial of service. (CVE-2018-18386)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file\nsystem in the Linux kernel in certain situations could cause an error\ncondition to occur. A local attacker could use this to cause a denial of\nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the\nCDROM driver of the Linux kernel. A local attacker could use this to expose\nsensitive information (kernel memory). (CVE-2018-18710)\");\n\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-generic\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-generic-lpae\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-lowlatency\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-powerpc-e500\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-powerpc-e500mc\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-powerpc-smp\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-powerpc64-emb\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-164-powerpc64-smp\", ver:\"3.13.0-164.214\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.164.174\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:19", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-3776-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-14633", "CVE-2017-18216", "CVE-2018-10902", "CVE-2018-15572", "CVE-2018-6554"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843645", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843645", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3776_2.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux-aws USN-3776-2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843645\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:08:40 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-17182\", \"CVE-2018-15594\", \"CVE-2018-15572\", \"CVE-2017-18216\",\n \"CVE-2018-10902\", \"CVE-2018-14633\", \"CVE-2018-16276\", \"CVE-2018-6554\",\n \"CVE-2018-6555\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-aws USN-3776-2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu\n14.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle\nsequence number overflows, leading to a use-after-free vulnerability. A\nlocal attacker could use this to cause a denial of service (system crash)\nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux\nkernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A local\nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and\nprediction of return addresses via Return Stack Buffer (RSB) may allow\nunauthorized memory reads via sidechannel attacks. An attacker could use\nthis to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the\nOCFS2 file system implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI\ntarget implementation of the Linux kernel. A remote attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the\nLinux kernel. A local attacker could use this to cause a denial of service\n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-6555)\");\n script_tag(name:\"affected\", value:\"linux-aws on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3776-2\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3776-2/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1031-aws\", ver:\"4.4.0-1031.34\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-generic\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-generic-lpae\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-lowlatency\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc-e500mc\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc-smp\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc64-emb\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc64-smp\", ver:\"4.4.0-137.163~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1031.31\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp-lts-xenial\", ver:\"4.4.0.137.117\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-05-29T18:33:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3776-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-6555", "CVE-2018-17182", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-14633", "CVE-2017-18216", "CVE-2018-10902", "CVE-2018-15572", "CVE-2018-6554"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310843646", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843646", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3776_1.nasl 14288 2019-03-18 16:34:17Z cfischer $\n#\n# Ubuntu Update for linux USN-3776-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843646\");\n script_version(\"$Revision: 14288 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 17:34:17 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-10-02 08:10:28 +0200 (Tue, 02 Oct 2018)\");\n script_cve_id(\"CVE-2018-17182\", \"CVE-2018-15594\", \"CVE-2018-15572\", \"CVE-2017-18216\",\n \"CVE-2018-10902\", \"CVE-2018-14633\", \"CVE-2018-16276\", \"CVE-2018-6554\",\n \"CVE-2018-6555\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3776-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn discovered that the vmacache\nsubsystem did not properly handle sequence number overflows, leading to a\nuse-after-free vulnerability. A local attacker could use this to cause a\ndenial of service (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux\nkernel did not properly handle some indirect calls, reducing the\neffectiveness of Spectre v2 mitigations for paravirtual guests. A local\nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and\nprediction of return addresses via Return Stack Buffer (RSB) may allow\nunauthorized memory reads via sidechannel attacks. An attacker could use\nthis to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the\nOCFS2 file system implementation in the Linux kernel. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for\nthe Linux kernel, leading to a double free vulnerability. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI\ntarget implementation of the Linux kernel. A remote attacker could use this\nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did\nnot properly restrict user space reads or writes. A physically proximate\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the\nLinux kernel. A local attacker could use this to cause a denial of service\n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-6555)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 16.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3776-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3776-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU16.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1035-kvm\", ver:\"4.4.0-1035.41\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1069-aws\", ver:\"4.4.0-1069.79\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1098-raspi2\", ver:\"4.4.0-1098.106\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-1102-snapdragon\", ver:\"4.4.0-1102.107\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-generic\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-generic-lpae\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-lowlatency\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc-e500mc\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc-smp\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc64-emb\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.4.0-137-powerpc64-smp\", ver:\"4.4.0-137.163\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1069.71\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1035.34\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.137.143\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1098.98\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1102.94\", rls:\"UBUNTU16.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-02-05T16:42:24", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1432)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10878", "CVE-2018-18690", "CVE-2018-10881", "CVE-2018-5848", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-18386", "CVE-2018-16658", "CVE-2018-14633", "CVE-2018-5803", "CVE-2018-1092", "CVE-2018-1000026"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220181432", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181432", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1432\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2018-1000026\", \"CVE-2018-10878\", \"CVE-2018-10881\", \"CVE-2018-1092\", \"CVE-2018-14633\", \"CVE-2018-15594\", \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-5803\", \"CVE-2018-5848\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:26:19 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1432)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1432\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1432\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1432 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.(CVE-2018-5803)\n\nLinux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.(CVE-2018-1000026)\n\nThe Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic.(CVE-2018-1092)\n\nIn the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ie_len argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-5848)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)\n\nA security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial of service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely.(CVE-2018-18386) ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.62.59.83.h120\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-01-31T17:34:21", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-18T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2018:3202-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13096", "CVE-2018-13098", "CVE-2018-13100", "CVE-2018-17182", "CVE-2018-13099", "CVE-2018-7757", "CVE-2018-16597", "CVE-2018-16276", "CVE-2018-14617", "CVE-2018-7480", "CVE-2018-13097", "CVE-2018-14633", "CVE-2018-14613"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851937", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851937", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851937\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-18 06:28:53 +0200 (Thu, 18 Oct 2018)\");\n script_cve_id(\"CVE-2018-13096\", \"CVE-2018-13097\", \"CVE-2018-13098\", \"CVE-2018-13099\", \"CVE-2018-13100\", \"CVE-2018-14613\", \"CVE-2018-14617\", \"CVE-2018-14633\", \"CVE-2018-16276\", \"CVE-2018-16597\", \"CVE-2018-17182\", \"CVE-2018-7480\", \"CVE-2018-7757\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2018:3202-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.3 kernel was updated to 4.4.159\n to receive various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-13096: A denial of service (out-of-bounds memory access and\n BUG) can occur upon encountering an abnormal bitmap size when mounting a\n crafted f2fs image (bnc#1100062).\n\n - CVE-2018-13097: There is an out-of-bounds read or a divide-by-zero error\n for an incorrect user_block_count in a corrupted f2fs image, leading to\n a denial of service (BUG) (bnc#1100061).\n\n - CVE-2018-13098: A denial of service (slab out-of-bounds read and BUG)\n can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is\n set in an inode (bnc#1100060).\n\n - CVE-2018-13099: A denial of service (out-of-bounds memory access and\n BUG) can occur for a modified f2fs filesystem image in which an inline\n inode contains an invalid reserved blkaddr (bnc#1100059).\n\n - CVE-2018-13100: An issue was discovered in fs/f2fs/super.c which did not\n properly validate secs_per_zone in a corrupted f2fs image, as\n demonstrated by a divide-by-zero error (bnc#1100056).\n\n - CVE-2018-14613: There is an invalid pointer dereference in\n io_ctl_map_page() when mounting and operating a crafted btrfs image,\n because of a lack of block group item validation in check_leaf_item in\n fs/btrfs/tree-checker.c (bnc#1102896).\n\n - CVE-2018-14617: There is a NULL pointer dereference and panic in\n hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is\n purportedly a hard link) in an hfs+ filesystem that has malformed\n catalog data, and is mounted read-only without a metadata directory\n (bnc#1102870).\n\n - CVE-2018-14633: A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target code in the Linux\n kernel in a way an authentication request from an ISCSI initiator is\n processed. An unauthenticated remote attacker can cause a stack buffer\n overflow and smash up to 17 bytes of the stack. The attack requires the\n iSCSI target to be enabled on the victim host. Depending on how the\n target's code was built (i.e. depending on a compiler, compile flags and\n hardware architecture) an attack may lead to a system crash and thus to\n a denial-of-service or possibly to a non-authorized access to data\n exported by an iSCSI target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we believe it is highly\n unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be\n vulnerable (bnc#1107829).\n\n - CVE-2018-16276: Local attackers could use user access read/writes with\n incorrect bounds checking in the ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"the on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3202-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.159~73.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.159~73.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.159~73.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.159~73.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-01-29T20:07:57", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\n\nA memory leak in the irda_bind function in the irda subsystem was\ndiscovered. A local user can take advantage of this flaw to cause a\ndenial of service (memory consumption).\n\nCVE-2018-6555\n\nA flaw was discovered in the irda_setsockopt function in the irda\nsubsystem, allowing a local user to cause a denial of service\n(use-after-free and system crash).\n\nCVE-2018-7755\n\nBrian Belleville discovered a flaw in the fd_locked_ioctl function\nin the floppy driver in the Linux kernel. The floppy driver copies a\nkernel pointer to user memory in response to the FDGETPRM ioctl. A\nlocal user with access to a floppy drive device can take advantage\nof this flaw to discover the location kernel code and data.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2018-10-04T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for linux-4.9 (DLA-1531-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14609", "CVE-2018-7755", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-13099", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-9363", "CVE-2018-16276", "CVE-2018-14617", "CVE-2018-16658", "CVE-2018-14678", "CVE-2018-14633", "CVE-2018-9516", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-15572", "CVE-2018-6554"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891531", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891531\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-10938\", \"CVE-2018-13099\", \"CVE-2018-14609\", \"CVE-2018-14617\",\n \"CVE-2018-14633\", \"CVE-2018-14678\", \"CVE-2018-14734\", \"CVE-2018-15572\", \"CVE-2018-15594\",\n \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\",\n \"CVE-2018-7755\", \"CVE-2018-9363\", \"CVE-2018-9516\");\n script_name(\"Debian LTS: Security Advisory for linux-4.9 (DLA-1531-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-04 00:00:00 +0200 (Thu, 04 Oct 2018)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"linux-4.9 on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n4.9.110-3+deb9u5~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\");\n\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\n\nA memory leak in the irda_bind function in the irda subsystem was\ndiscovered. A local user can take advantage of this flaw to cause a\ndenial of service (memory consumption).\n\nCVE-2018-6555\n\nA flaw was discovered in the irda_setsockopt function in the irda\nsubsystem, allowing a local user to cause a denial of service\n(use-after-free and system crash).\n\nCVE-2018-7755\n\nBrian Belleville discovered a flaw in the fd_locked_ioctl function\nin the floppy driver in the Linux kernel. The floppy driver copies a\nkernel pointer to user memory in response to the FDGETPRM ioctl. A\nlocal user with access to a floppy drive device can take advantage\nof this flaw to discover the location kernel code and data.\n\nDescription truncated. Please see the references for more information.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-arm\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-686\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-armel\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-all-i386\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-armmp\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-common\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-common-rt\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-marvell\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-686\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-armel\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-armhf\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-all-i386\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-armmp\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-armmp-lpae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-common\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-common-rt\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-marvell\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-rt-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-0.bpo.8-rt-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-armmp\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-marvell\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-686-pae-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-amd64-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-armmp\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-armmp-lpae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-marvell\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-686-pae\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-amd64\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-0.bpo.8-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.7\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-0.bpo.8\", ver:\"4.9.110-3+deb9u5~deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2019-07-04T18:55:32", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\nA memory leak in the irda_bind function in the irda subsystem was\ndiscovered. A local user can take advantage of this flaw to cause a\ndenial of service (memory consumption).\n\nCVE-2018-6555\nA flaw was discovered in the irda_setsockopt function in the irda\nsubsystem, allowing a local user to cause a denial of service\n(use-after-free and system crash).\n\nCVE-2018-7755\nBrian Belleville discovered a flaw in the fd_locked_ioctl function\nin the floppy driver in the Linux kernel. The floppy driver copies a\nkernel pointer to user memory in response to the FDGETPRM ioctl. A\nlocal user with access to a floppy drive device can take advantage\nof this flaw to discover the location kernel code and data.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2018-10-01T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4308-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14609", "CVE-2018-7755", "CVE-2018-6555", "CVE-2018-17182", "CVE-2018-13099", "CVE-2018-14734", "CVE-2018-15594", "CVE-2018-9363", "CVE-2018-16276", "CVE-2018-14617", "CVE-2018-16658", "CVE-2018-14678", "CVE-2018-14633", "CVE-2018-9516", "CVE-2018-10902", "CVE-2018-10938", "CVE-2018-15572", "CVE-2018-6554"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704308", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704308", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4308-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704308\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-10902\", \"CVE-2018-10938\", \"CVE-2018-13099\", \"CVE-2018-14609\", \"CVE-2018-14617\",\n \"CVE-2018-14633\", \"CVE-2018-14678\", \"CVE-2018-14734\", \"CVE-2018-15572\", \"CVE-2018-15594\",\n \"CVE-2018-16276\", \"CVE-2018-16658\", \"CVE-2018-17182\", \"CVE-2018-6554\", \"CVE-2018-6555\",\n \"CVE-2018-7755\", \"CVE-2018-9363\", \"CVE-2018-9516\");\n script_name(\"Debian Security Advisory DSA 4308-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-10-01 00:00:00 +0200 (Mon, 01 Oct 2018)\");\n script_tag(name:\"cvss_base\", value:\"8.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4308.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), these problems have been fixed in\nversion 4.9.110-3+deb9u5.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/linux\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\nA memory leak in the irda_bind function in the irda subsystem was\ndiscovered. A local user can take advantage of this flaw to cause a\ndenial of service (memory consumption).\n\nCVE-2018-6555\nA flaw was discovered in the irda_setsockopt function in the irda\nsubsystem, allowing a local user to cause a denial of service\n(use-after-free and system crash).\n\nCVE-2018-7755\nBrian Belleville discovered a flaw in the fd_locked_ioctl function\nin the floppy driver in the Linux kernel. The floppy driver copies a\nkernel pointer to user memory in response to the FDGETPRM ioctl. A\nlocal user with access to a floppy drive device can take advantage\nof this flaw to discover the location kernel code and data.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"hyperv-daemons\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower-dev\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libcpupower1\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libusbip-dev\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-arm\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-s390\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-x86\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-cpupower\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common-rt\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-common-rt\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-4-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-common\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-common-rt\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-5-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-6-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-common\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-common-rt\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-7-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-armel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-armhf\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-i386\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mips\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mips64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-mipsel\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-ppc64el\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-all-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-common\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-common-rt\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-4.9.0-8-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-4-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-5-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-6-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-7-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-4kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-4kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-5kc-malta\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-5kc-malta-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-arm64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-arm64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-lpae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-armmp-lpae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-loongson-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-loongson-3-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-marvell\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-marvell-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-octeon\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-octeon-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-powerpc64le\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-powerpc64le-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-686-pae\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-686-pae-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-amd64\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-rt-amd64-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-s390x\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.9.0-8-s390x-dbg\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-3\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-4\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-5\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-7\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-4.9.0-8\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"usbip\", ver:\"4.9.110-3+deb9u5\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2020-02-05T16:36:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1472)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2016-9754", "CVE-2017-7261", "CVE-2017-16525", "CVE-2014-9529", "CVE-2014-9420", "CVE-2016-4568", "CVE-2016-2383", "CVE-2013-2892", "CVE-2014-2568", "CVE-2017-18204", "CVE-2014-9730", "CVE-2016-7915", "CVE-2014-7843", "CVE-2018-16276", "CVE-2016-2070", "CVE-2016-6327", "CVE-2017-9605", "CVE-2018-1094", "CVE-2016-3134"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191472", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191472", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1472\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-2892\", \"CVE-2014-2568\", \"CVE-2014-7843\", \"CVE-2014-9420\", \"CVE-2014-9529\", \"CVE-2014-9730\", \"CVE-2016-2070\", \"CVE-2016-2383\", \"CVE-2016-3134\", \"CVE-2016-4568\", \"CVE-2016-6327\", \"CVE-2016-7915\", \"CVE-2016-9754\", \"CVE-2017-16525\", \"CVE-2017-18079\", \"CVE-2017-18204\", \"CVE-2017-7261\", \"CVE-2017-9605\", \"CVE-2018-1094\", \"CVE-2018-16276\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:49:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1472)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1472\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1472\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1472 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915)\n\nThe Linux kernel, before version 4.14.2, is vulnerable to a deadlock caused by fs/ocfs2/file.c:ocfs2_setattr(), as the function does not wait for DIO requests before locking the inode. This can be exploited by local users to cause a subsequent denial of service.(CVE-2017-18204)\n\nThe vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.(CVE-2017-9605)\n\nUse-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.(CVE-2014-2568)\n\nIt was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.(CVE-2014-9420)\n\nAn integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754)\n\nA symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9730)\n\nIn was found that in the Linux kernel ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T11:50:24", "description": "USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu \n16.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the \nPOSIX timers implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the \nInfiniband implementation in the Linux kernel. An attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A physically proximate \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not \ncorrectly compute numeric bounds in some situations. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file \nsystem in the Linux kernel in certain situations could cause an error \ncondition to occur. A local attacker could use this to cause a denial of \nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the \nCDROM driver of the Linux kernel. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2018-18710)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-20T00:00:00", "type": "ubuntu", "title": "Linux kernel (HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18690", "CVE-2018-10902", "CVE-2018-16276", "CVE-2018-14734", "CVE-2018-12896", "CVE-2018-18710", "CVE-2018-18445"], "modified": "2018-12-20T00:00:00", "id": "USN-3847-2", "href": "https://ubuntu.com/security/notices/USN-3847-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T11:50:25", "description": "It was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the \nPOSIX timers implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the \nInfiniband implementation in the Linux kernel. An attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A physically proximate \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not \ncorrectly compute numeric bounds in some situations. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file \nsystem in the Linux kernel in certain situations could cause an error \ncondition to occur. A local attacker could use this to cause a denial of \nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the \nCDROM driver of the Linux kernel. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2018-18710)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-20T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18690", "CVE-2018-10902", "CVE-2018-16276", "CVE-2018-14734", "CVE-2018-12896", "CVE-2018-18710", "CVE-2018-18445"], "modified": "2018-12-20T00:00:00", "id": "USN-3847-1", "href": "https://ubuntu.com/security/notices/USN-3847-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T11:50:24", "description": "USN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 \nLTS. This update provides the corresponding updates for the Linux \nkernel for Microsoft Azure Cloud systems for Ubuntu 14.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the \nPOSIX timers implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the \nInfiniband implementation in the Linux kernel. An attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A physically proximate \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not \ncorrectly compute numeric bounds in some situations. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file \nsystem in the Linux kernel in certain situations could cause an error \ncondition to occur. A local attacker could use this to cause a denial of \nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the \nCDROM driver of the Linux kernel. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2018-18710)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-20T00:00:00", "type": "ubuntu", "title": "Linux kernel (Azure) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18690", "CVE-2018-10902", "CVE-2018-16276", "CVE-2018-14734", "CVE-2018-12896", "CVE-2018-18710", "CVE-2018-18445"], "modified": "2018-12-20T00:00:00", "id": "USN-3847-3", "href": "https://ubuntu.com/security/notices/USN-3847-3", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T11:50:16", "description": "USN-3849-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nIt was discovered that a NULL pointer dereference existed in the keyring \nsubsystem of the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2017-2647)\n\nIt was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the \nPOSIX timers implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the \nInfiniband implementation in the Linux kernel. An attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A physically proximate \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-16276)\n\nTetsuo Handa discovered a logic error in the TTY subsystem of the Linux \nkernel. A local attacker with access to pseudo terminal devices could use \nthis to cause a denial of service. (CVE-2018-18386)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file \nsystem in the Linux kernel in certain situations could cause an error \ncondition to occur. A local attacker could use this to cause a denial of \nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the \nCDROM driver of the Linux kernel. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2018-18710)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-20T00:00:00", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18386", "CVE-2018-18690", "CVE-2018-10902", "CVE-2018-16276", "CVE-2018-14734", "CVE-2017-2647", "CVE-2018-12896", "CVE-2018-18710"], "modified": "2018-12-20T00:00:00", "id": "USN-3849-2", "href": "https://ubuntu.com/security/notices/USN-3849-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T11:50:17", "description": "It was discovered that a NULL pointer dereference existed in the keyring \nsubsystem of the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2017-2647)\n\nIt was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the \nPOSIX timers implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the \nInfiniband implementation in the Linux kernel. An attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A physically proximate \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-16276)\n\nTetsuo Handa discovered a logic error in the TTY subsystem of the Linux \nkernel. A local attacker with access to pseudo terminal devices could use \nthis to cause a denial of service. (CVE-2018-18386)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file \nsystem in the Linux kernel in certain situations could cause an error \ncondition to occur. A local attacker could use this to cause a denial of \nservice. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the \nCDROM driver of the Linux kernel. A local attacker could use this to expose \nsensitive information (kernel memory). (CVE-2018-18710)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-12-20T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18386", "CVE-2018-18690", "CVE-2018-10902", "CVE-2018-16276", "CVE-2018-14734", "CVE-2017-2647", "CVE-2018-12896", "CVE-2018-18710"], "modified": "2018-12-20T00:00:00", "id": "USN-3849-1", "href": "https://ubuntu.com/security/notices/USN-3849-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T11:52:36", "description": "USN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle \nsequence number overflows, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux \nkernel did not properly handle some indirect calls, reducing the \neffectiveness of Spectre v2 mitigations for paravirtual guests. A local \nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and \nprediction of return addresses via Return Stack Buffer (RSB) may allow \nunauthorized memory reads via sidechannel attacks. An attacker could use \nthis to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the \nOCFS2 file system implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI \ntarget implementation of the Linux kernel. A remote attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A physically proximate \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the \nLinux kernel. A local attacker could use this to cause a denial of service \n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-6555)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-01T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6554", "CVE-2018-10902", "CVE-2017-18216", "CVE-2018-17182", "CVE-2018-16276", "CVE-2018-15572", "CVE-2018-14633", "CVE-2018-15594", "CVE-2018-6555"], "modified": "2018-10-01T00:00:00", "id": "USN-3776-2", "href": "https://ubuntu.com/security/notices/USN-3776-2", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-01-04T11:52:35", "description": "Jann Horn discovered that the vmacache subsystem did not properly handle \nsequence number overflows, leading to a use-after-free vulnerability. A \nlocal attacker could use this to cause a denial of service (system crash) \nor execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux \nkernel did not properly handle some indirect calls, reducing the \neffectiveness of Spectre v2 mitigations for paravirtual guests. A local \nattacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and \nprediction of return addresses via Return Stack Buffer (RSB) may allow \nunauthorized memory reads via sidechannel attacks. An attacker could use \nthis to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the \nOCFS2 file system implementation in the Linux kernel. A local attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for \nthe Linux kernel, leading to a double free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI \ntarget implementation of the Linux kernel. A remote attacker could use this \nto cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did \nnot properly restrict user space reads or writes. A physically proximate \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the \nLinux kernel. A local attacker could use this to cause a denial of service \n(kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-6555)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-01T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-6554", "CVE-2018-10902", "CVE-2017-18216", "CVE-2018-17182", "CVE-2018-16276", "CVE-2018-15572", "CVE-2018-14633", "CVE-2018-15594", "CVE-2018-6555"], "modified": "2018-10-01T00:00:00", "id": "USN-3776-1", "href": "https://ubuntu.com/security/notices/USN-3776-1", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:33:05", "description": "# \n\n# Severity\n\nMedium\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 16.04\n\n# Description\n\nUSN-3847-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that an integer overrun vulnerability existed in the POSIX timers implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2018-12896)\n\nNoam Rathaus discovered that a use-after-free vulnerability existed in the Infiniband implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2018-14734)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that the BPF verifier in the Linux kernel did not correctly compute numeric bounds in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-18445)\n\nKanda Motohiro discovered that writing extended attributes to an XFS file system in the Linux kernel in certain situations could cause an error condition to occur. A local attacker could use this to cause a denial of service. (CVE-2018-18690)\n\nIt was discovered that an integer overflow vulnerability existed in the CDROM driver of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-18710)\n\nCVEs contained in this USN include: CVE-2018-10902, CVE-2018-16276, CVE-2018-14734, CVE-2018-18445, CVE-2018-18710, CVE-2018-12896, CVE-2018-18690\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 170.x versions prior to 170.19\n * 97.x versions prior to 97.47\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 170.x versions to 170.19\n * Upgrade 97.x versions to 97.47\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n# References\n\n * [USN-3847-2](<https://usn.ubuntu.com/3847-2>)\n * [CVE-2018-10902](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10902>)\n * [CVE-2018-16276](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16276>)\n * [CVE-2018-14734](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14734>)\n * [CVE-2018-18445](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18445>)\n * [CVE-2018-18710](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18710>)\n * [CVE-2018-12896](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-12896>)\n * [CVE-2018-18690](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-18690>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-24T00:00:00", "type": "cloudfoundry", "title": "USN-3847-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18690", "CVE-2018-14734", "CVE-2018-18710", "CVE-2018-18445", "CVE-2018-16276", "CVE-2018-10902", "CVE-2018-12896"], "modified": "2019-01-24T00:00:00", "id": "CFOUNDRY:61ADF14D6FEC14FA5E06A7684B091D19", "href": "https://www.cloudfoundry.org/blog/usn-3847-2/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-11T17:44:53", "description": "# \n\n# Severity\n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04\n\n# Description\n\nUSN-3776-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.\n\nJann Horn discovered that the vmacache subsystem did not properly handle sequence number overflows, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2018-17182)\n\nIt was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. A local attacker could use this to expose sensitive information. (CVE-2018-15594)\n\nIt was discovered that microprocessors utilizing speculative execution and prediction of return addresses via Return Stack Buffer (RSB) may allow unauthorized memory reads via sidechannel attacks. An attacker could use this to expose sensitive information. (CVE-2018-15572)\n\nIt was discovered that a NULL pointer dereference could be triggered in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18216)\n\nIt was discovered that a race condition existed in the raw MIDI driver for the Linux kernel, leading to a double free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10902)\n\nIt was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. A remote attacker could use this to cause a denial of service (system crash). (CVE-2018-14633)\n\nIt was discovered that the YUREX USB device driver for the Linux kernel did not properly restrict user space reads or writes. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-16276)\n\nIt was discovered that a memory leak existed in the IRDA subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (kernel memory exhaustion). (CVE-2018-6554)\n\nIt was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-6555)\n\nCVEs contained in this USN include: CVE-2017-18216, CVE-2018-10902, CVE-2018-14633, CVE-2018-15572, CVE-2018-15594, CVE-2018-16276, CVE-2018-17182, CVE-2018-6554, CVE-2018-6555\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Cloud Foundry BOSH trusty-stemcells are vulnerable, including: \n * 3586.x versions prior to 3586.46\n * 3541.x versions prior to 3541.52\n * 3468.x versions prior to 3468.73\n * 3445.x versions prior to 3445.71\n * 3421.x versions prior to 3421.86\n * 3363.x versions prior to 3363.78\n * All other stemcells not listed.\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH trusty-stemcells: \n * Upgrade 3586.x versions to 3586.46\n * Upgrade 3541.x versions to 3541.52\n * Upgrade 3468.x versions to 3468.73\n * Upgrade 3445.x versions to 3445.71\n * Upgrade 3421.x versions to 3421.86\n * Upgrade 3363.x versions to 3363.78\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-trusty>).\n\n# References\n\n * [USN-3776-2](<https://usn.ubuntu.com/3776-2>)\n * [CVE-2017-18216](<https://people.canonical.com/~ubuntu-security/cve/CVE-2017-18216>)\n * [CVE-2018-10902](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-10902>)\n * [CVE-2018-14633](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-14633>)\n * [CVE-2018-15572](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15572>)\n * [CVE-2018-15594](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-15594>)\n * [CVE-2018-16276](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-16276>)\n * [CVE-2018-17182](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-17182>)\n * [CVE-2018-6554](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6554>)\n * [CVE-2018-6555](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-6555>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-03T00:00:00", "type": "cloudfoundry", "title": "USN-3776-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18216", "CVE-2018-10902", "CVE-2018-14633", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555"], "modified": "2018-10-03T00:00:00", "id": "CFOUNDRY:90693B873E1E97B4D1CACB5D7BD374ED", "href": "https://www.cloudfoundry.org/blog/usn-3776-2/", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "suse": [{"lastseen": "2018-10-17T22:30:45", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.159 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2018-13096: A denial of service (out-of-bounds memory access and\n BUG) can occur upon encountering an abnormal bitmap size when mounting a\n crafted f2fs image (bnc#1100062).\n - CVE-2018-13097: There is an out-of-bounds read or a divide-by-zero error\n for an incorrect user_block_count in a corrupted f2fs image, leading to\n a denial of service (BUG) (bnc#1100061).\n - CVE-2018-13098: A denial of service (slab out-of-bounds read and BUG)\n can occur for a modified f2fs filesystem image in which FI_EXTRA_ATTR is\n set in an inode (bnc#1100060).\n - CVE-2018-13099: A denial of service (out-of-bounds memory access and\n BUG) can occur for a modified f2fs filesystem image in which an inline\n inode contains an invalid reserved blkaddr (bnc#1100059).\n - CVE-2018-13100: An issue was discovered in fs/f2fs/super.c which did not\n properly validate secs_per_zone in a corrupted f2fs image, as\n demonstrated by a divide-by-zero error (bnc#1100056).\n - CVE-2018-14613: There is an invalid pointer dereference in\n io_ctl_map_page() when mounting and operating a crafted btrfs image,\n because of a lack of block group item validation in check_leaf_item in\n fs/btrfs/tree-checker.c (bnc#1102896).\n - CVE-2018-14617: There is a NULL pointer dereference and panic in\n hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is\n purportedly a hard link) in an hfs+ filesystem that has malformed\n catalog data, and is mounted read-only without a metadata directory\n (bnc#1102870).\n - CVE-2018-14633: A security flaw was found in the\n chap_server_compute_md5() function in the ISCSI target code in the Linux\n kernel in a way an authentication request from an ISCSI initiator is\n processed. An unauthenticated remote attacker can cause a stack buffer\n overflow and smash up to 17 bytes of the stack. The attack requires the\n iSCSI target to be enabled on the victim host. Depending on how the\n target's code was built (i.e. depending on a compiler, compile flags and\n hardware architecture) an attack may lead to a system crash and thus to\n a denial-of-service or possibly to a non-authorized access to data\n exported by an iSCSI target. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we believe it is highly\n unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be\n vulnerable (bnc#1107829).\n - CVE-2018-16276: Local attackers could use user access read/writes with\n incorrect bounds checking in the yurex USB driver to crash the kernel or\n potentially escalate privileges (bnc#1106095).\n - CVE-2018-16597: Incorrect access checking in overlayfs mounts could be\n used by local attackers to modify or truncate files in the underlying\n filesystem (bnc#1106512).\n - CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\n mishandled sequence number overflows. An attacker can trigger a\n use-after-free (and possibly gain privileges) via certain thread\n creation, map, unmap, invalidation, and dereference operations\n (bnc#1108399).\n - CVE-2018-7480: The blkcg_init_queue function in block/blk-cgroup.c\n allowed local users to cause a denial of service (double free) or\n possibly have unspecified other impact by triggering a creation failure\n (bnc#1082863).\n - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in\n drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial\n of service (memory consumption) via many read accesses to files in the\n /sys/class/sas_phy directory, as demonstrated by the\n /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536).\n\n The following non-security bugs were fixed:\n\n - alsa: bebob: use address returned by kmalloc() instead of kernel stack\n for streaming DMA mapping (bnc#1012382).\n - alsa: emu10k1: fix possible info leak to userspace on\n SNDRV_EMU10K1_IOCTL_INFO (bnc#1012382).\n - alsa: hda - Fix cancel_work_sync() stall from jackpoll work\n (bnc#1012382).\n - alsa: msnd: Fix the default sample sizes (bnc#1012382).\n - alsa: pcm: Fix snd_interval_refine first/last with open min/max\n (bnc#1012382).\n - alsa: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro\n (bnc#1012382).\n - arc: [plat-axs*]: Enable SWAP (bnc#1012382).\n - arm64: bpf: jit JMP_JSET_{X,K} (bsc#1110613).\n - arm64: Correct type for PUD macros (bsc#1110600).\n - arm64: dts: qcom: db410c: Fix Bluetooth LED trigger (bnc#1012382).\n - arm64: fix erroneous __raw_read_system_reg() cases (bsc#1110606).\n - arm64: Fix potential race with hardware DBM in ptep_set_access_flags()\n (bsc#1110605).\n - arm64: fpsimd: Avoid FPSIMD context leakage for the init task\n (bsc#1110603).\n - arm64: kasan: avoid bad virt_to_pfn() (bsc#1110612).\n - arm64: kasan: avoid pfn_to_nid() before page array is initialized\n (bsc#1110619).\n - arm64/kasan: do not allocate extra shadow memory (bsc#1110611).\n - arm64: kernel: Update kerneldoc for cpu_suspend() rename (bsc#1110602).\n - arm64: kgdb: handle read-only text / modules (bsc#1110604).\n - arm64/mm/kasan: do not use vmemmap_populate() to initialize shadow\n (bsc#1110618).\n - arm64: ptrace: Avoid setting compat FP[SC]R to garbage if get_user fails\n (bsc#1110601).\n - arm64: supported.conf: mark armmmci as not supported\n - arm64 Update config files. (bsc#1110468) Set MMC_QCOM_DML to build-in\n and delete driver from supported.conf\n - arm64: vdso: fix clock_getres for 4GiB-aligned res (bsc#1110614).\n - arm: exynos: Clear global variable on init error path (bnc#1012382).\n - arm: hisi: check of_iomap and fix missing of_node_put (bnc#1012382).\n - arm: hisi: fix error handling and missing of_node_put (bnc#1012382).\n - arm: hisi: handle of_iomap and fix missing of_node_put (bnc#1012382).\n - asm/sections: add helpers to check for section data (bsc#1063026).\n - asoc: cs4265: fix MMTLR Data switch control (bnc#1012382).\n - asoc: wm8994: Fix missing break in switch (bnc#1012382).\n - ata: libahci: Correct setting of DEVSLP register (bnc#1012382).\n - ath10k: disable bundle mgmt tx completion event support (bnc#1012382).\n - ath10k: prevent active scans on potential unusable channels\n (bnc#1012382).\n - audit: fix use-after-free in audit_add_watch (bnc#1012382).\n - autofs: fix autofs_sbi() does not check super block type (bnc#1012382).\n - binfmt_elf: Respect error return from `regset->active' (bnc#1012382).\n - block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979).\n - Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV (bnc#1012382).\n - Bluetooth: hidp: Fix handling of strncpy for hid->name information\n (bnc#1012382).\n - bpf: fix overflow in prog accounting (bsc#1012382).\n - btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Add sanity check for EXTENT_DATA when reading out leaf\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Check if item pointer overlaps with the item itself (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Check that each block group has corresponding chunk at mount time\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Introduce mount time chunk <-> dev extent mapping check\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: Move leaf and node validation checker to tree-checker.c\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: relocation: Only remove reloc rb_trees if reloc control has been\n initialized (bnc#1012382).\n - btrfs: replace: Reset on-disk dev stats value after replace\n (bnc#1012382).\n - btrfs: scrub: Do not use inode page cache in\n scrub_handle_errored_block() (bsc#1108096).\n - btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Detect invalid and empty essential trees\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Enhance output for check_extent_data_item\n (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: use %zu format string for size_t (bsc#1102882,\n bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896,\n bsc#1102879, bsc#1102877, bsc#1102875,).\n - btrfs: use correct compare function of dirty_metadata_bytes\n (bnc#1012382).\n - btrfs: Verify that every chunk has corresponding block group at mount\n time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n - cfq: Give a chance for arming slice idle timer in case of group_idle\n (bnc#1012382).\n - cifs: check if SMB2 PDU size has been padded and suppress the warning\n (bnc#1012382).\n - cifs: fix wrapping bugs in num_entries() (bnc#1012382).\n - cifs: integer overflow in in SMB2_ioctl() (bsc#1012382).\n - cifs: prevent integer overflow in nxt_dir_entry() (bnc#1012382).\n - clk: imx6ul: fix missing of_node_put() (bnc#1012382).\n - coresight: Handle errors in finding input/output ports (bnc#1012382).\n - coresight: tpiu: Fix disabling timeouts (bnc#1012382).\n - cpu/hotplug: Fix SMT supported evaluation (bsc#1089343).\n - crypto: clarify licensing of OpenSSL asm code ().\n - crypto: sharah - Unregister correct algorithms for SAHARA 3\n (bnc#1012382).\n - crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes).\n - debugobjects: Make stack check warning more informative (bnc#1012382).\n - Define early_radix_enabled() (bsc#1094244).\n - Delete\n patches.fixes/slab-__GFP_ZERO-is-incompatible-with-a-constructor.patch\n (bnc#1110297) we still have a code which uses both __GFP_ZERO and\n constructors. The code seems to be correct and the warning does more\n harm than good so revert for the the meantime until we catch offenders.\n - dmaengine: pl330: fix irq race with terminate_all (bnc#1012382).\n - dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382).\n - dm-mpath: do not try to access NULL rq (bsc#1110337).\n - dm-mpath: finally fixup cmd_flags (bsc#1110930).\n - drivers: net: cpsw: fix parsing of phy-handle DT property in dual_emac\n config (bnc#1012382).\n - drivers: net: cpsw: fix segfault in case of bad phy-handle (bnc#1012382).\n - drm/amdkfd: Fix error codes in kfd_get_process (bnc#1012382).\n - drm/nouveau/drm/nouveau: Use pm_runtime_get_noresume() in\n connector_detect() (bnc#1012382).\n - drm/nouveau: tegra: Detach from ARM DMA/IOMMU mapping (bnc#1012382).\n - EDAC: Fix memleak in module init error path (bsc#1109441).\n - EDAC, i7core: Fix memleaks and use-after-free on probe and remove\n (1109441).\n - ethernet: ti: davinci_emac: add missing of_node_put after calling\n of_parse_phandle (bnc#1012382).\n - ethtool: Remove trailing semicolon for static inline (bnc#1012382).\n - ext4: avoid divide by zero fault when deleting corrupted inline\n directories (bnc#1012382).\n - ext4: do not mark mmp buffer head dirty (bnc#1012382).\n - ext4: fix online resize's handling of a too-small final block group\n (bnc#1012382).\n - ext4: fix online resizing for bigalloc file systems with a 1k block size\n (bnc#1012382).\n - ext4: recalucate superblock checksum after updating free blocks/inodes\n (bnc#1012382).\n - f2fs: do not set free of current section (bnc#1012382).\n - f2fs: fix to do sanity check with {sit,nat}_ver_bitmap_bytesize\n (bnc#1012382).\n - fat: validate ->i_start before using (bnc#1012382).\n - fbdev: Distinguish between interlaced and progressive modes\n (bnc#1012382).\n - fbdev/via: fix defined but not used warning (bnc#1012382).\n - Follow-up fix for\n patches.arch/01-jump_label-reduce-the-size-of-struct-static_key-kabi.patch.\n (bsc#1108803)\n - fork: do not copy inconsistent signal handler state to child\n (bnc#1012382).\n - fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot()\n (bnc#1012382).\n - fs/eventpoll: loosen irq-safety when possible (bsc#1096052).\n - genirq: Delay incrementing interrupt count if it's disabled/pending\n (bnc#1012382).\n - gfs2: Special-case rindex for gfs2_grow (bnc#1012382).\n - gpiolib: Mark gpio_suffixes array with __maybe_unused (bnc#1012382).\n - gpio: ml-ioh: Fix buffer underwrite on probe error path (bnc#1012382).\n - gpio: tegra: Move driver registration to subsys_init level (bnc#1012382).\n - gso_segment: Reset skb->mac_len after modifying network header\n (bnc#1012382).\n - hfsplus: do not return 0 when fill_super() failed (bnc#1012382).\n - hfs: prevent crash on exit from failed search (bnc#1012382).\n - HID: sony: Support DS4 dongle (bnc#1012382).\n - HID: sony: Update device ids (bnc#1012382).\n - i2c: i801: fix DNV's SMBCTRL register offset (bnc#1012382).\n - i2c: xiic: Make the start and the byte count write atomic (bnc#1012382).\n - i2c: xlp9xx: Add support for SMBAlert (bsc#1103308).\n - i2c: xlp9xx: Fix case where SSIF read transaction completes early\n (bsc#1103308).\n - i2c: xlp9xx: Fix issue seen when updating receive length (bsc#1103308).\n - i2c: xlp9xx: Make sure the transfer size is not more than\n I2C_SMBUS_BLOCK_SIZE (bsc#1103308).\n - ib/ipoib: Avoid a race condition between start_xmit and cm_rep_handler\n (bnc#1012382).\n - ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562).\n - input: atmel_mxt_ts - only use first T9 instance (bnc#1012382).\n - iommu/amd: Return devid as alias for ACPI HID devices (bsc#1106105).\n - iommu/arm-smmu-v3: sync the OVACKFLG to PRIQ consumer register\n (bnc#1012382).\n - iommu/ipmmu-vmsa: Fix allocation in atomic context (bnc#1012382).\n - ipmi:ssif: Add support for multi-part transmit messages > 2 parts\n (bsc#1103308).\n - ipv6: fix possible use-after-free in ip6_xmit() (bnc#1012382).\n - ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest()\n (bnc#1012382).\n - irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP\n (bnc#1012382).\n - irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar()\n (bnc#1012382).\n - iw_cxgb4: only allow 1 flush on user qps (bnc#1012382).\n - KABI: move the new handler to end of machdep_calls and hide it from\n genksyms (bsc#1094244).\n - kabi protect hnae_ae_ops (bsc#1107924).\n - kbuild: add .DELETE_ON_ERROR special target (bnc#1012382).\n - kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382).\n - kernel/params.c: downgrade warning for unsafe parameters (bsc#1050549).\n - kprobes/x86: Release insn_slot in failure path (bsc#1110006).\n - kthread: fix boot hang (regression) on MIPS/OpenRISC (bnc#1012382).\n - kthread: Fix use-after-free if kthread fork fails (bnc#1012382).\n - kvm: nVMX: Do not expose MPX VMX controls when guest MPX disabled\n (bsc#1106240).\n - kvm: nVMX: Do not flush TLB when vmcs12 uses VPID (bsc#1106240).\n - kvm: x86: Do not re-{try,execute} after failed emulation in L2\n (bsc#1106240).\n - kvm: x86: Do not use kvm_x86_ops->mpx_supported() directly (bsc#1106240).\n - kvm: x86: fix APIC page invalidation (bsc#1106240).\n - kvm/x86: remove WARN_ON() for when vm_munmap() fails (bsc#1106240).\n - kvm: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts\n disabled (bsc#1106240).\n - l2tp: cast l2tp traffic counter to unsigned (bsc#1099810).\n - locking/osq_lock: Fix osq_lock queue corruption (bnc#1012382).\n - locking/rwsem-xadd: Fix missed wakeup due to reordering of load\n (bnc#1012382).\n - lpfc: fixup crash in lpfc_els_unsol_buffer() (bsc#1107318).\n - mac80211: restrict delayed tailroom needed decrement (bnc#1012382).\n - macintosh/via-pmu: Add missing mmio accessors (bnc#1012382).\n - md/raid1: exit sync request if MD_RECOVERY_INTR is set (git-fixes).\n - md/raid5: fix data corruption of replacements after originals dropped\n (bnc#1012382).\n - media: videobuf2-core: check for q->error in vb2_core_qbuf()\n (bnc#1012382).\n - mei: bus: type promotion bug in mei_nfc_if_version() (bnc#1012382).\n - mei: me: allow runtime pm for platform with D0i3 (bnc#1012382).\n - mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382).\n - mfd: ti_am335x_tscadc: Fix struct clk memory leak (bnc#1012382).\n - misc: hmc6352: fix potential Spectre v1 (bnc#1012382).\n - misc: mic: SCIF Fix scif_get_new_port() error handling (bnc#1012382).\n - misc: ti-st: Fix memory leak in the error path of probe() (bnc#1012382).\n - mmc: mmci: stop building qcom dml as module (bsc#1110468).\n - mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382).\n - mm: fix devmem_is_allowed() for sub-page System RAM intersections\n (bsc#1110006).\n - mm: get rid of vmacache_flush_all() entirely (bnc#1012382).\n - mm: shmem.c: Correctly annotate new inodes for lockdep (bnc#1012382).\n - mtdchar: fix overflows in adjustment of `count` (bnc#1012382).\n - mtd/maps: fix solutionengine.c printk format warnings (bnc#1012382).\n - neighbour: confirm neigh entries when ARP packet is received\n (bnc#1012382).\n - net/9p: fix error path of p9_virtio_probe (bnc#1012382).\n - net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT\n (bnc#1012382).\n - net: bcmgenet: use MAC link status for fixed phy (bnc#1012382).\n - net: dcb: For wild-card lookups, use priority -1, not 0 (bnc#1012382).\n - net: ena: Eliminate duplicate barriers on weakly-ordered archs\n (bsc#1108240).\n - net: ena: fix device destruction to gracefully free resources\n (bsc#1108240).\n - net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240).\n - net: ena: fix incorrect usage of memory barriers (bsc#1108240).\n - net: ena: fix missing calls to READ_ONCE (bsc#1108240).\n - net: ena: fix missing lock during device destruction (bsc#1108240).\n - net: ena: fix potential double ena_destroy_device() (bsc#1108240).\n - net: ena: fix surprise unplug NULL dereference kernel crash\n (bsc#1108240).\n - net: ethernet: mvneta: Fix napi structure mixup on armada 3700\n (bsc#1110616).\n - net: ethernet: ti: cpsw: fix mdio device reference leak (bnc#1012382).\n - netfilter: x_tables: avoid stack-out-of-bounds read in\n xt_copy_counters_from_user (bnc#1012382).\n - net: hns: add netif_carrier_off before change speed and duplex\n (bsc#1107924).\n - net: hns: add the code for cleaning pkt in chip (bsc#1107924).\n - net: hp100: fix always-true check for link up state (bnc#1012382).\n - net: mvneta: fix mtu change on port without link (bnc#1012382).\n - net: mvneta: fix mvneta_config_rss on armada 3700 (bsc#1110615).\n - nfc: Fix possible memory corruption when handling SHDLC I-Frame commands\n (bnc#1012382).\n - nfc: Fix the number of pipes (bnc#1012382).\n - nfs: Use an appropriate work queue for direct-write completion\n (bsc#1082519).\n - nfsv4.0 fix client reference leak in callback (bnc#1012382).\n - nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device\n (bsc#1044189).\n - nvmet: fixup crash on NULL device path (bsc#1082979).\n - ocfs2: fix ocfs2 read block panic (bnc#1012382).\n - ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512)\n - ovl: proper cleanup of workdir (bnc#1012382).\n - ovl: rename is_merge to is_lowest (bnc#1012382).\n - parport: sunbpp: fix error return code (bnc#1012382).\n - partitions/aix: append null character to print data from disk\n (bnc#1012382).\n - partitions/aix: fix usage of uninitialized lv_info and lvname structures\n (bnc#1012382).\n - PCI: altera: Fix bool initialization in tlp_read_packet() (bsc#1109806).\n - PCI: designware: Fix I/O space page leak (bsc#1109806).\n - PCI: designware: Fix pci_remap_iospace() failure path (bsc#1109806).\n - PCI: mvebu: Fix I/O space end address calculation (bnc#1012382).\n - PCI: OF: Fix I/O space page leak (bsc#1109806).\n - PCI: pciehp: Fix unprotected list iteration in IRQ handler (bsc#1109806).\n - PCI: shpchp: Fix AMD POGO identification (bsc#1109806).\n - PCI: Supply CPU physical address (not bus address) to\n iomem_is_exclusive() (bsc#1109806).\n - PCI: versatile: Fix I/O space page leak (bsc#1109806).\n - PCI: versatile: Fix pci_remap_iospace() failure path (bsc#1109806).\n - PCI: xgene: Fix I/O space page leak (bsc#1109806).\n - PCI: xilinx: Add missing of_node_put() (bsc#1109806).\n - perf powerpc: Fix callchain ip filtering (bnc#1012382).\n - perf powerpc: Fix callchain ip filtering when return address is in a\n register (bnc#1012382).\n - perf tools: Allow overriding MAX_NR_CPUS at compile time (bnc#1012382).\n - phy: qcom-ufs: add MODULE_LICENSE tag (bsc#1110468).\n - pinctrl: qcom: spmi-gpio: Fix pmic_gpio_config_get() to be compliant\n (bnc#1012382).\n - pipe: actually allow root to exceed the pipe buffer limit (git-fixes).\n - platform/x86: alienware-wmi: Correct a memory leak (bnc#1012382).\n - platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360\n (bnc#1012382).\n - platform/x86: toshiba_acpi: Fix defined but not used build warnings\n (bnc#1012382).\n - powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244).\n - powerpc/64s: move machine check SLB flushing to mm/slb.c (bsc#1094244).\n - powerpc/book3s: Fix MCE console messages for unrecoverable MCE\n (bsc#1094244).\n - powerpc/fadump: cleanup crash memory ranges support (bsc#1103269).\n - powerpc/fadump: re-register firmware-assisted dump if already registered\n (bsc#1108170, bsc#1108823).\n - powerpc: Fix size calculation using resource_size() (bnc#1012382).\n - powerpc/mce: Fix SLB rebolting during MCE recovery path (bsc#1094244).\n - powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244).\n - powerpc/numa: Use associativity if VPHN hcall is successful\n (bsc#1110363).\n - powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check\n (git-fixes).\n - powerpc/powernv/ioda2: Reduce upper limit for DMA window size\n (bsc#1066223).\n - powerpc/powernv: opal_put_chars partial write fix (bnc#1012382).\n - powerpc/powernv: Rename machine_check_pSeries_early() to powernv\n (bsc#1094244).\n - powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX\n (bnc#1012382).\n - powerpc/pseries: Defer the logging of rtas error to irq work queue\n (bsc#1094244).\n - powerpc/pseries: Define MCE error event section (bsc#1094244).\n - powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223).\n - powerpc/pseries: Display machine check error details (bsc#1094244).\n - powerpc/pseries: Dump the SLB contents on SLB MCE errors (bsc#1094244).\n - powerpc/pseries: Flush SLB contents on SLB MCE errors (bsc#1094244).\n - powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337).\n - powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495,\n bsc#1109337).\n - powerpc/tm: Avoid possible userspace r1 corruption on reclaim\n (bsc#1109333).\n - powerpc/tm: Fix userspace r13 corruption (bsc#1109333).\n - printk: do not spin in printk when in nmi (bsc#1094244).\n - pstore: Fix incorrect persistent ram buffer mapping (bnc#1012382).\n - rdma/cma: Do not ignore net namespace for unbound cm_id (bnc#1012382).\n - rdma/cma: Protect cma dev list with lock (bnc#1012382).\n - rdma/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header\n (bsc#1082979).\n - reiserfs: change j_timestamp type to time64_t (bnc#1012382).\n - Revert "ARM: imx_v6_v7_defconfig: Select ULPI support" (bnc#1012382).\n - Revert "dma-buf/sync-file: Avoid enable fence signaling if\n poll(.timeout=0)" (bsc#1111363).\n - Revert "Drop kernel trampoline stack." This reverts commit\n 85dead31706c1c1755adff90405ff9861c39c704.\n - Revert "kabi/severities: Ignore missing cpu_tss_tramp (bsc#1099597)"\n This reverts commit edde1f21880e3bfe244c6f98a3733b05b13533dc.\n - Revert "mm: get rid of vmacache_flush_all() entirely" (kabi).\n - Revert "NFC: Fix the number of pipes" (kabi).\n - ring-buffer: Allow for rescheduling when removing pages (bnc#1012382).\n - rtc: bq4802: add error handling for devm_ioremap (bnc#1012382).\n - s390/dasd: fix hanging offline processing due to canceled worker\n (bnc#1012382).\n - s390/facilites: use stfle_fac_list array size for MAX_FACILITY_BIT\n (bnc#1108315, LTC#171326).\n - s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382\n bnc#1106934).\n - s390/qeth: fix race in used-buffer accounting (bnc#1012382).\n - s390/qeth: reset layer2 attribute on layer switch (bnc#1012382).\n - s390/qeth: use vzalloc for QUERY OAT buffer (bnc#1108315, LTC#171527).\n - sched/fair: Fix bandwidth timer clock drift condition (Git-fixes).\n - sched/fair: Fix vruntime_normalized() for remote non-migration wakeup\n (Git-fixes).\n - sch_hhf: fix null pointer dereference on init failure (bnc#1012382).\n - sch_htb: fix crash on init failure (bnc#1012382).\n - sch_multiq: fix double free on init failure (bnc#1012382).\n - sch_netem: avoid null pointer deref on init failure (bnc#1012382).\n - sch_tbf: fix two null pointer dereferences on init failure (bnc#1012382).\n - scripts: modpost: check memory allocation results (bnc#1012382).\n - scsi: 3ware: fix return 0 on the error path of probe (bnc#1012382).\n - scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382).\n - scsi: ipr: System hung while dlpar adding primary ipr adapter back\n (bsc#1109336).\n - scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427).\n - scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427).\n - scsi: qla2xxx: Add longer window for chip reset (bsc#1094555).\n - scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555).\n - scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling\n (bsc#1084427).\n - scsi: qla2xxx: Cleanup for N2N code (bsc#1094555).\n - scsi: qla2xxx: correctly shift host byte (bsc#1094555).\n - scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555).\n - scsi: qla2xxx: Delete session for nport id change (bsc#1094555).\n - scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427).\n - scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555).\n - scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555).\n - scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555).\n - scsi: qla2xxx: fix error message on <qla2400 (bsc#1094555).\n - scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427).\n - scsi: qla2xxx: Fix function argument descriptions (bsc#1094555).\n - scsi: qla2xxx: Fix Inquiry command being dropped in Target mode\n (bsc#1094555).\n - scsi: qla2xxx: Fix issue reported by static checker for\n qla2x00_els_dcmd2_sp_done() (bsc#1094555).\n - scsi: qla2xxx: Fix login retry count (bsc#1094555).\n - scsi: qla2xxx: Fix Management Server NPort handle reservation logic\n (bsc#1094555).\n - scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1094555).\n - scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change\n (bsc#1084427).\n - scsi: qla2xxx: Fix N2N link re-connect (bsc#1094555).\n - scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion\n (bsc#1094555).\n - scsi: qla2xxx: Fix race between switch cmd completion and timeout\n (bsc#1094555).\n - scsi: qla2xxx: Fix race condition between iocb timeout and\n initialisation (bsc#1094555).\n - scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1094555).\n - scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427).\n - scsi: qla2xxx: Fix Rport and session state getting out of sync\n (bsc#1094555).\n - scsi: qla2xxx: Fix sending ADISC command for login (bsc#1094555).\n - scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1094555).\n - scsi: qla2xxx: Fix stalled relogin (bsc#1094555).\n - scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1094555).\n - scsi: qla2xxx: Fix unintended Logout (bsc#1094555).\n - scsi: qla2xxx: Fix unintialized List head crash (bsc#1094555).\n - scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1094555).\n - scsi: qla2xxx: fx00 copypaste typo (bsc#1094555).\n - scsi: qla2xxx: Migrate NVME N2N handling into state machine\n (bsc#1094555).\n - scsi: qla2xxx: Move GPSC and GFPNID out of session management\n (bsc#1094555).\n - scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1094555).\n - scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1094555).\n - scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1094555).\n - scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1094555).\n - scsi: qla2xxx: Remove nvme_done_list (bsc#1084427).\n - scsi: qla2xxx: Remove stale debug value for login_retry flag\n (bsc#1094555).\n - scsi: qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe\n (bsc#1084427).\n - scsi: qla2xxx: Restore ZIO threshold setting (bsc#1084427).\n - scsi: qla2xxx: Return busy if rport going away (bsc#1084427).\n - scsi: qla2xxx: Save frame payload size from ICB (bsc#1094555).\n - scsi: qla2xxx: Set IIDMA and fcport state before\n qla_nvme_register_remote() (bsc#1084427).\n - scsi: qla2xxx: Silent erroneous message (bsc#1094555).\n - scsi: qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427).\n - scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1094555).\n - scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1094555).\n - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1094555).\n - scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function\n (bsc#1094555).\n - scsi: target: fix __transport_register_session locking (bnc#1012382).\n - selftests/powerpc: Kill child processes on SIGINT (bnc#1012382).\n - selftest: timers: Tweak raw_skew to SKIP when ADJ_OFFSET/other clock\n adjustments are in progress (bnc#1012382).\n - selinux: use GFP_NOWAIT in the AVC kmem_caches (bnc#1012382).\n - smb3: fix reset of bytes read and written stats (bnc#1012382).\n - SMB3: Number of requests sent should be displayed for SMB3 not just CIFS\n (bnc#1012382).\n - srcu: Allow use of Tiny/Tree SRCU from both process and interrupt\n context (bsc#1050549).\n - staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free\n (bnc#1012382).\n - staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice\n (bnc#1012382).\n - staging: rt5208: Fix a sleep-in-atomic bug in xd_copy_page (bnc#1012382).\n - staging/rts5208: Fix read overflow in memcpy (bnc#1012382).\n - stop_machine: Atomically queue and wake stopper threads (git-fixes).\n - tcp: do not restart timewait timer on rst reception (bnc#1012382).\n - Tools: hv: Fix a bug in the key delete code (bnc#1012382).\n - tty: Drop tty->count on tty_reopen() failure (bnc#1105428). As this\n depends on earlier tty patches, they were moved to the sorted section\n too.\n - tty: rocket: Fix possible buffer overwrite on register_PCI (bnc#1012382).\n - tty: vt_ioctl: fix potential Spectre v1 (bnc#1012382).\n - uio: potential double frees if __uio_register_device() fails\n (bnc#1012382).\n - Update\n patches.suse/dm-Always-copy-cmd_flags-when-cloning-a-request.patch\n (bsc#1088087, bsc#1103156).\n - USB: add quirk for WORLDE Controller KS49 or Prodipe MIDI 49C USB\n controller (bnc#1012382).\n - USB: Add quirk to support DJI CineSSD (bnc#1012382).\n - usb: Avoid use-after-free by flushing endpoints early in\n usb_set_interface() (bnc#1012382).\n - usb: cdc-wdm: Fix a sleep-in-atomic-context bug in\n service_outstanding_interrupt() (bnc#1012382).\n - usb: Do not die twice if PCI xhci host is not responding in resume\n (bnc#1012382).\n - usb: host: u132-hcd: Fix a sleep-in-atomic-context bug in\n u132_get_frame() (bnc#1012382).\n - usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547).\n - usb: misc: uss720: Fix two sleep-in-atomic-context bugs (bnc#1012382).\n - USB: net2280: Fix erroneous synchronization change (bnc#1012382).\n - USB: serial: io_ti: fix array underflow in completion handler\n (bnc#1012382).\n - USB: serial: ti_usb_3410_5052: fix array underflow in completion handler\n (bnc#1012382).\n - USB: yurex: Fix buffer over-read in yurex_write() (bnc#1012382).\n - VFS: do not test owner for NFS in set_posix_acl() (bsc#1103405).\n - video: goldfishfb: fix memory leak on driver remove (bnc#1012382).\n - vmw_balloon: include asm/io.h (bnc#1012382).\n - vti6: remove !skb->ignore_df check from vti6_xmit() (bnc#1012382).\n - watchdog: w83627hf: Added NCT6102D support (bsc#1106434).\n - watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).\n - x86/apic: Fix restoring boot IRQ mode in reboot and kexec/kdump\n (bsc#1110006).\n - x86/apic: Split disable_IO_APIC() into two functions to fix\n CONFIG_KEXEC_JUMP=y (bsc#1110006).\n - x86/apic: Split out restore_boot_irq_mode() from disable_IO_APIC()\n (bsc#1110006).\n - x86/boot: Fix "run_size" calculation (bsc#1110006).\n - x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).\n - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293\n bsc#1099597).\n - x86/mm: Remove in_nmi() warning from vmalloc_fault() (bnc#1012382).\n - x86: msr-index.h: Correct SNB_C1/C3_AUTO_UNDEMOTE defines (bsc#1110006).\n - x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear\n (bnc#1012382).\n - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382).\n - x86/vdso: Fix asm constraints on vDSO syscall fallbacks (bsc#1110006).\n - x86/vdso: Fix vDSO build if a retpoline is emitted (bsc#1110006).\n - x86/vdso: Fix vDSO syscall fallback asm constraint regression\n (bsc#1110006).\n - x86/vdso: Only enable vDSO retpolines when enabled and supported\n (bsc#1110006).\n - xen: avoid crash in disable_hotplug_cpu (bsc#1106594).\n - xen/blkfront: correct purging of persistent grants (bnc#1065600).\n - xen: issue warning message when out of grant maptrack entries\n (bsc#1105795).\n - xen/netfront: do not bug in case of too many frags (bnc#1012382).\n - xen-netfront: fix queue name setting (bnc#1012382).\n - xen/netfront: fix waiting for xenbus state change (bnc#1012382).\n - xen-netfront: fix warn message as irq device name has '/' (bnc#1012382).\n - xen/x86/vpmu: Zero struct pt_regs before calling into sample handling\n code (bnc#1012382).\n - xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344).\n - xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space\n (bsc#1095344).\n - xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).\n - xfs: add a xfs_iext_update_extent helper (bsc#1095344).\n - xfs: add comments documenting the rebalance algorithm (bsc#1095344).\n - xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node\n (bsc#1095344).\n - xfs: add xfs_trim_extent (bsc#1095344).\n - xfs: allow unaligned extent records in xfs_bmbt_disk_set_all\n (bsc#1095344).\n - xfs: borrow indirect blocks from freed extent when available\n (bsc#1095344).\n - xfs: cleanup xfs_bmap_last_before (bsc#1095344).\n - xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: do not rely on extent indices in xfs_bmap_collapse_extents\n (bsc#1095344).\n - xfs: do not rely on extent indices in xfs_bmap_insert_extents\n (bsc#1095344).\n - xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344).\n - xfs: during btree split, save new block key & ptr for future insertion\n (bsc#1095344).\n - xfs: factor out a helper to initialize a local format inode fork\n (bsc#1095344).\n - xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344).\n - xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344).\n - xfs: fix transaction allocation deadlock in IO path (bsc#1090535).\n - xfs: handle indlen shortage on delalloc extent merge (bsc#1095344).\n - xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344).\n - xfs: improve kmem_realloc (bsc#1095344).\n - xfs: inline xfs_shift_file_space into callers (bsc#1095344).\n - xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344).\n - xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344).\n - xfs: iterate over extents in xfs_iextents_copy (bsc#1095344).\n - xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real\n (bsc#1095344).\n - xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344).\n - xfs: move pre/post-bmap tracing into xfs_iext_update_extent\n (bsc#1095344).\n - xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344).\n - xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344).\n - xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344).\n - xfs: move xfs_iext_insert tracepoint to report useful information\n (bsc#1095344).\n - xfs: new inode extent list lookup helpers (bsc#1095344).\n - xfs: only run torn log write detection on dirty logs (bsc#1095753).\n - xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344).\n - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344).\n - xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344).\n - xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344).\n - xfs: provide helper for counting extents from if_bytes (bsc#1095344).\n - xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: refactor delalloc indlen reservation split into helper\n (bsc#1095344).\n - xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344).\n - xfs: refactor in-core log state update to helper (bsc#1095753).\n - xfs: refactor unmount record detection into helper (bsc#1095753).\n - xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344).\n - xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344).\n - xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344).\n - xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344).\n - xfs: refactor xfs_bunmapi_cow (bsc#1095344).\n - xfs: refactor xfs_del_extent_real (bsc#1095344).\n - xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all\n (bsc#1095344).\n - xfs: remove a superflous assignment in xfs_iext_remove_node\n (bsc#1095344).\n - xfs: remove if_rdev (bsc#1095344).\n - xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344).\n - xfs: remove support for inlining data/extents into the inode fork\n (bsc#1095344).\n - xfs: remove the never fully implemented UUID fork format (bsc#1095344).\n - xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344).\n - xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344).\n - xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).\n - xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).\n - xfs: remove xfs_bmbt_get_state (bsc#1095344).\n - xfs: remove xfs_bmse_shift_one (bsc#1095344).\n - xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).\n - xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344).\n - xfs: replace xfs_qm_get_rtblks with a direct call to\n xfs_bmap_count_leaves (bsc#1095344).\n - xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344).\n - xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent\n (bsc#1095344).\n - xfs: rewrite xfs_bmap_first_unused to make better use of\n xfs_iext_get_extent (bsc#1095344).\n - xfs: separate log head record discovery from verification (bsc#1095753).\n - xfs: simplify the xfs_getbmap interface (bsc#1095344).\n - xfs: simplify validation of the unwritten extent bit (bsc#1095344).\n - xfs: split indlen reservations fairly when under reserved (bsc#1095344).\n - xfs: split xfs_bmap_shift_extents (bsc#1095344).\n - xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real\n (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344).\n - xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344).\n - xfs: update freeblocks counter after extent deletion (bsc#1095344).\n - xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344).\n - xfs: use a b+tree for the in-core extent list (bsc#1095344).\n - xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay}\n (bsc#1095344).\n - xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344).\n - xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344).\n - xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344).\n - xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344).\n - xfs: use xfs_bmap_del_extent_delay for the data fork as well\n (bsc#1095344).\n - xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents\n (bsc#1095344).\n - xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at\n (bsc#1095344).\n - xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344).\n - xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344).\n - xfrm: fix 'passing zero to ERR_PTR()' warning (bnc#1012382).\n\n", "cvss3": {}, "published": "2018-10-17T21:08:13", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2018-13096", "CVE-2018-13098", "CVE-2018-13100", "CVE-2018-17182", "CVE-2018-13099", "CVE-2018-7757", "CVE-2018-16597", "CVE-2018-16276", "CVE-2018-14617", "CVE-2018-7480", "CVE-2018-13097", "CVE-2018-14633", "CVE-2018-14613"], "modified": "2018-10-17T21:08:13", "id": "OPENSUSE-SU-2018:3202-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2021-10-21T18:30:12", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4308-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363\n CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099\n CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678\n CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276\n CVE-2018-16658 CVE-2018-17182\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\n\n A memory leak in the irda_bind function in the irda subsystem was\n discovered. A local user can take advantage of this flaw to cause a\n denial of service (memory consumption).\n\nCVE-2018-6555\n\n A flaw was discovered in the irda_setsockopt function in the irda\n subsystem, allowing a local user to cause a denial of service\n (use-after-free and system crash).\n\nCVE-2018-7755\n\n Brian Belleville discovered a flaw in the fd_locked_ioctl function\n in the floppy driver in the Linux kernel. The floppy driver copies a\n kernel pointer to user memory in response to the FDGETPRM ioctl. A\n local user with access to a floppy drive device can take advantage\n of this flaw to discover the location kernel code and data.\n\nCVE-2018-9363\n\n It was discovered that the Bluetooth HIDP implementation did not\n correctly check the length of received report messages. A paired\n HIDP device could use this to cause a buffer overflow, leading to\n denial of service (memory corruption or crash) or potentially\n remote code execution.\n\nCVE-2018-9516\n\n It was discovered that the HID events interface in debugfs did not\n correctly limit the length of copies to user buffers. A local\n user with access to these files could use this to cause a\n denial of service (memory corruption or crash) or possibly for\n privilege escalation. However, by default debugfs is only\n accessible by the root user.\n\nCVE-2018-10902\n\n It was discovered that the rawmidi kernel driver does not protect\n against concurrent access which leads to a double-realloc (double\n free) flaw. A local attacker can take advantage of this issue for\n privilege escalation.\n\nCVE-2018-10938\n\n Yves Younan from Cisco reported that the Cipso IPv4 module did not\n correctly check the length of IPv4 options. On custom kernels with\n CONFIG_NETLABEL enabled, a remote attacker could use this to cause\n a denial of service (hang).\n\nCVE-2018-13099\n\n Wen Xu from SSLab at Gatech reported a use-after-free bug in the\n F2FS implementation. An attacker able to mount a crafted F2FS\n volume could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2018-14609\n\n Wen Xu from SSLab at Gatech reported a potential null pointer\n dereference in the F2FS implementation. An attacker able to mount\n a crafted F2FS volume could use this to cause a denial of service\n (crash).\n\nCVE-2018-14617\n\n Wen Xu from SSLab at Gatech reported a potential null pointer\n dereference in the HFS+ implementation. An attacker able to mount\n a crafted HFS+ volume could use this to cause a denial of service\n (crash).\n\nCVE-2018-14633\n\n Vincent Pelletier discovered a stack-based buffer overflow flaw in\n the chap_server_compute_md5() function in the iSCSI target code. An\n unauthenticated remote attacker can take advantage of this flaw to\n cause a denial of service or possibly to get a non-authorized access\n to data exported by an iSCSI target.\n\nCVE-2018-14678\n\n M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the\n kernel exit code used on amd64 systems running as Xen PV guests.\n A local user could use this to cause a denial of service (crash).\n\nCVE-2018-14734\n\n A use-after-free bug was discovered in the InfiniBand\n communication manager. A local user could use this to cause a\n denial of service (crash or memory corruption) or possible for\n privilege escalation.\n\nCVE-2018-15572\n\n Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and\n Nael Abu-Ghazaleh, from University of California, Riverside,\n reported a variant of Spectre variant 2, dubbed SpectreRSB. A\n local user may be able to use this to read sensitive information\n from processes owned by other users.\n\nCVE-2018-15594\n\n Nadav Amit reported that some indirect function calls used in\n paravirtualised guests were vulnerable to Spectre variant 2. A\n local user may be able to use this to read sensitive information\n from the kernel.\n\nCVE-2018-16276\n\n Jann Horn discovered that the yurex driver did not correctly limit\n the length of copies to user buffers. A local user with access to\n a yurex device node could use this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2018-16658\n\n It was discovered that the cdrom driver does not correctly\n validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user\n with access to a cdrom device could use this to read sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\nCVE-2018-17182\n\n Jann Horn discovered that the vmacache_flush_all function mishandles\n sequence number overflows. A local user can take advantage of this\n flaw to trigger a use-after-free, causing a denial of service\n (crash or memory corruption) or privilege escalation.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.110-3+deb9u5.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-01T15:21:20", "type": "debian", "title": "[SECURITY] [DSA 4308-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10902", "CVE-2018-10938", "CVE-2018-13099", "CVE-2018-14609", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-7755", "CVE-2018-9363", "CVE-2018-9516"], "modified": "2018-10-01T15:21:20", "id": "DEBIAN:DSA-4308-1:A5A75", "href": "https://lists.debian.org/debian-security-announce/2018/msg00239.html", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2021-10-22T12:49:35", "description": "Package : linux-4.9\nVersion : 4.9.110-3+deb9u5~deb8u1\nCVE ID : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363 \n CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099 \n CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678 \n CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276 \n CVE-2018-16658 CVE-2018-17182\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\n\n A memory leak in the irda_bind function in the irda subsystem was\n discovered. A local user can take advantage of this flaw to cause a\n denial of service (memory consumption).\n\nCVE-2018-6555\n\n A flaw was discovered in the irda_setsockopt function in the irda\n subsystem, allowing a local user to cause a denial of service\n (use-after-free and system crash).\n\nCVE-2018-7755\n\n Brian Belleville discovered a flaw in the fd_locked_ioctl function\n in the floppy driver in the Linux kernel. The floppy driver copies a\n kernel pointer to user memory in response to the FDGETPRM ioctl. A\n local user with access to a floppy drive device can take advantage\n of this flaw to discover the location kernel code and data.\n\nCVE-2018-9363\n\n It was discovered that the Bluetooth HIDP implementation did not\n correctly check the length of received report messages. A paired\n HIDP device could use this to cause a buffer overflow, leading to\n denial of service (memory corruption or crash) or potentially\n remote code execution.\n\nCVE-2018-9516\n\n It was discovered that the HID events interface in debugfs did not\n correctly limit the length of copies to user buffers. A local\n user with access to these files could use this to cause a\n denial of service (memory corruption or crash) or possibly for\n privilege escalation. However, by default debugfs is only\n accessible by the root user.\n\nCVE-2018-10902\n\n It was discovered that the rawmidi kernel driver does not protect\n against concurrent access which leads to a double-realloc (double\n free) flaw. A local attacker can take advantage of this issue for\n privilege escalation.\n\nCVE-2018-10938\n\n Yves Younan from Cisco reported that the Cipso IPv4 module did not\n correctly check the length of IPv4 options. On custom kernels with\n CONFIG_NETLABEL enabled, a remote attacker could use this to cause\n a denial of service (hang).\n\nCVE-2018-13099\n\n Wen Xu from SSLab at Gatech reported a use-after-free bug in the\n F2FS implementation. An attacker able to mount a crafted F2FS\n volume could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2018-14609\n\n Wen Xu from SSLab at Gatech reported a potential null pointer\n dereference in the F2FS implementation. An attacker able to mount\n arbitrary F2FS volumes could use this to cause a denial of service\n (crash).\n\nCVE-2018-14617\n\n Wen Xu from SSLab at Gatech reported a potential null pointer\n dereference in the HFS+ implementation. An attacker able to mount\n arbitrary HFS+ volumes could use this to cause a denial of service\n (crash).\n\nCVE-2018-14633\n\n Vincent Pelletier discovered a stack-based buffer overflow flaw in\n the chap_server_compute_md5() function in the iSCSI target code. An\n unauthenticated remote attacker can take advantage of this flaw to\n cause a denial of service or possibly to get a non-authorized access\n to data exported by an iSCSI target.\n\nCVE-2018-14678\n\n M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the\n kernel exit code used on amd64 systems running as Xen PV guests.\n A local user could use this to cause a denial of service (crash).\n\nCVE-2018-14734\n\n A use-after-free bug was discovered in the InfiniBand\n communication manager. A local user could use this to cause a\n denial of service (crash or memory corruption) or possible for\n privilege escalation.\n\nCVE-2018-15572\n\n Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and\n Nael Abu-Ghazaleh, from University of California, Riverside,\n reported a variant of Spectre variant 2, dubbed SpectreRSB. A\n local user may be able to use this to read sensitive information\n from processes owned by other users.\n\nCVE-2018-15594\n\n Nadav Amit reported that some indirect function calls used in\n paravirtualised guests were vulnerable to Spectre variant 2. A\n local user may be able to use this to read sensitive information\n from the kernel.\n\nCVE-2018-16276\n\n Jann Horn discovered that the yurex driver did not correctly limit\n the length of copies to user buffers. A local user with access to\n a yurex device node could use this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2018-16658\n\n It was discovered that the cdrom driver does not correctly\n validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user\n with access to a cdrom device could use this to read sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\nCVE-2018-17182\n\n Jann Horn discovered that the vmacache_flush_all function mishandles\n sequence number overflows. A local user can take advantage of this\n flaw to trigger a use-after-free, causing a denial of service\n (crash or memory corruption) or privilege escalation.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n4.9.110-3+deb9u5~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-03T23:59:07", "type": "debian", "title": "[SECURITY] [DLA 1531-1] linux-4.9 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10902", "CVE-2018-10938", "CVE-2018-13099", "CVE-2018-14609", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-7755", "CVE-2018-9363", "CVE-2018-9516"], "modified": "2018-10-03T23:59:07", "id": "DEBIAN:DLA-1531-1:834CC", "href": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-02-18T23:51:59", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4308-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nOctober 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363\n CVE-2018-9516 CVE-2018-10902 CVE-2018-10938 CVE-2018-13099\n CVE-2018-14609 CVE-2018-14617 CVE-2018-14633 CVE-2018-14678\n CVE-2018-14734 CVE-2018-15572 CVE-2018-15594 CVE-2018-16276\n CVE-2018-16658 CVE-2018-17182\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-6554\n\n A memory leak in the irda_bind function in the irda subsystem was\n discovered. A local user can take advantage of this flaw to cause a\n denial of service (memory consumption).\n\nCVE-2018-6555\n\n A flaw was discovered in the irda_setsockopt function in the irda\n subsystem, allowing a local user to cause a denial of service\n (use-after-free and system crash).\n\nCVE-2018-7755\n\n Brian Belleville discovered a flaw in the fd_locked_ioctl function\n in the floppy driver in the Linux kernel. The floppy driver copies a\n kernel pointer to user memory in response to the FDGETPRM ioctl. A\n local user with access to a floppy drive device can take advantage\n of this flaw to discover the location kernel code and data.\n\nCVE-2018-9363\n\n It was discovered that the Bluetooth HIDP implementation did not\n correctly check the length of received report messages. A paired\n HIDP device could use this to cause a buffer overflow, leading to\n denial of service (memory corruption or crash) or potentially\n remote code execution.\n\nCVE-2018-9516\n\n It was discovered that the HID events interface in debugfs did not\n correctly limit the length of copies to user buffers. A local\n user with access to these files could use this to cause a\n denial of service (memory corruption or crash) or possibly for\n privilege escalation. However, by default debugfs is only\n accessible by the root user.\n\nCVE-2018-10902\n\n It was discovered that the rawmidi kernel driver does not protect\n against concurrent access which leads to a double-realloc (double\n free) flaw. A local attacker can take advantage of this issue for\n privilege escalation.\n\nCVE-2018-10938\n\n Yves Younan from Cisco reported that the Cipso IPv4 module did not\n correctly check the length of IPv4 options. On custom kernels with\n CONFIG_NETLABEL enabled, a remote attacker could use this to cause\n a denial of service (hang).\n\nCVE-2018-13099\n\n Wen Xu from SSLab at Gatech reported a use-after-free bug in the\n F2FS implementation. An attacker able to mount a crafted F2FS\n volume could use this to cause a denial of service (crash or\n memory corruption) or possibly for privilege escalation.\n\nCVE-2018-14609\n\n Wen Xu from SSLab at Gatech reported a potential null pointer\n dereference in the F2FS implementation. An attacker able to mount\n a crafted F2FS volume could use this to cause a denial of service\n (crash).\n\nCVE-2018-14617\n\n Wen Xu from SSLab at Gatech reported a potential null pointer\n dereference in the HFS+ implementation. An attacker able to mount\n a crafted HFS+ volume could use this to cause a denial of service\n (crash).\n\nCVE-2018-14633\n\n Vincent Pelletier discovered a stack-based buffer overflow flaw in\n the chap_server_compute_md5() function in the iSCSI target code. An\n unauthenticated remote attacker can take advantage of this flaw to\n cause a denial of service or possibly to get a non-authorized access\n to data exported by an iSCSI target.\n\nCVE-2018-14678\n\n M. Vefa Bicakci and Andy Lutomirski discovered a flaw in the\n kernel exit code used on amd64 systems running as Xen PV guests.\n A local user could use this to cause a denial of service (crash).\n\nCVE-2018-14734\n\n A use-after-free bug was discovered in the InfiniBand\n communication manager. A local user could use this to cause a\n denial of service (crash or memory corruption) or possible for\n privilege escalation.\n\nCVE-2018-15572\n\n Esmaiel Mohammadian Koruyeh, Khaled Khasawneh, Chengyu Song, and\n Nael Abu-Ghazaleh, from University of California, Riverside,\n reported a variant of Spectre variant 2, dubbed SpectreRSB. A\n local user may be able to use this to read sensitive information\n from processes owned by other users.\n\nCVE-2018-15594\n\n Nadav Amit reported that some indirect function calls used in\n paravirtualised guests were vulnerable to Spectre variant 2. A\n local user may be able to use this to read sensitive information\n from the kernel.\n\nCVE-2018-16276\n\n Jann Horn discovered that the yurex driver did not correctly limit\n the length of copies to user buffers. A local user with access to\n a yurex device node could use this to cause a denial of service\n (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2018-16658\n\n It was discovered that the cdrom driver does not correctly\n validate the parameter to the CDROM_DRIVE_STATUS ioctl. A user\n with access to a cdrom device could use this to read sensitive\n information from the kernel or to cause a denial of service\n (crash).\n\nCVE-2018-17182\n\n Jann Horn discovered that the vmacache_flush_all function mishandles\n sequence number overflows. A local user can take advantage of this\n flaw to trigger a use-after-free, causing a denial of service\n (crash or memory corruption) or privilege escalation.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.110-3+deb9u5.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.4, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-10-01T15:21:20", "type": "debian", "title": "[SECURITY] [DSA 4308-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10902", "CVE-2018-10938", "CVE-2018-13099", "CVE-2018-14609", "CVE-2018-14617", "CVE-2018-14633", "CVE-2018-14678", "CVE-2018-14734", "CVE-2018-15572", "CVE-2018-15594", "CVE-2018-16276", "CVE-2018-16658", "CVE-2018-17182", "CVE-2018-6554", "CVE-2018-6555", "CVE-2018-7755", "CVE-2018-9363", "CVE-2018-9516"], "modified": "2018-10-01T15:21:20", "id": "DEBIAN:DSA-4308-1:D561A", "href": "https://lists.debian.org/debian-security-announce/2018/msg00239.html", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}]}
