A flaw was found in the Linux kernel in the function
hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an
infinite loop with certain parameters passed from a userspace. A local
privileged user ("root") can cause a system lock up and a denial of
service. Versions from v4.18 and newer are vulnerable.
#### Bugs
* <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3819>
#### Notes
Author| Note
---|---
[sbeattie](<https://launchpad.net/~sbeattie>) | claims to be introduced by fix for CVE-2018-9516
[tyhicks](<https://launchpad.net/~tyhicks>) | HID debug events are exposed via debugfs which is only accessible by the root user in Ubuntu
{"cve": [{"lastseen": "2022-03-23T22:59:37", "description": "A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (\"root\") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-25T18:29:00", "type": "cve", "title": "CVE-2019-3819", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3819"], "modified": "2020-10-19T17:43:00", "cpe": ["cpe:/o:linux:linux_kernel:*", "cpe:/o:opensuse:leap:15.0", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0"], "id": "CVE-2019-3819", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-3819", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"]}, {"lastseen": "2022-03-23T18:53:21", "description": "In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-06T17:29:00", "type": "cve", "title": "CVE-2018-9516", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-9516"], "modified": "2019-08-06T17:15:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:debian:debian_linux:8.0", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:google:android:-"], "id": "CVE-2018-9516", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9516", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"]}], "redhatcve": [{"lastseen": "2022-07-07T17:51:49", "description": "A flaw was found in the Linux kernel in the function hid_debug_events_read() in the drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a user space. A local privileged user (\"root\") can cause a system lock up and a denial of service.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-30T08:22:33", "type": "redhatcve", "title": "CVE-2019-3819", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3819"], "modified": "2022-07-07T12:05:07", "id": "RH:CVE-2019-3819", "href": "https://access.redhat.com/security/cve/cve-2019-3819", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-07-07T11:09:34", "description": "A flaw was found in the Linux kernel in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user (\"root\") to achieve an out-of-bounds write and thus receiving user space buffer corruption.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-01T09:37:56", "type": "redhatcve", "title": "CVE-2018-9516", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-9516"], "modified": "2022-07-07T11:09:28", "id": "RH:CVE-2018-9516", "href": "https://access.redhat.com/security/cve/cve-2018-9516", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-08-11T15:56:40", "description": "A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (\"root\") can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-01-25T18:29:00", "type": "debiancve", "title": "CVE-2019-3819", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3819"], "modified": "2019-01-25T18:29:00", "id": "DEBIANCVE:CVE-2019-3819", "href": "https://security-tracker.debian.org/tracker/CVE-2019-3819", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-08-11T15:56:38", "description": "In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-06T17:29:00", "type": "debiancve", "title": "CVE-2018-9516", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-9516"], "modified": "2018-11-06T17:29:00", "id": "DEBIANCVE:CVE-2018-9516", "href": "https://security-tracker.debian.org/tracker/CVE-2018-9516", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "veracode": [{"lastseen": "2022-07-27T10:11:59", "description": "kernel is vulnerable to denial of service (DoS). The vulnerability exists in HID debug where a buffer overflow in hid_debug_events_read() in drivers/hid/hid-debug.c.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-08T00:07:19", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-9516"], "modified": "2022-04-19T18:39:29", "id": "VERACODE:21060", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-21060/summary", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:19:45", "description": "A flaw was found in the Linux kernel in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user ('root') to achieve an out-of-bounds write and thus receiving user space buffer corruption.\n(CVE-2018-9516)", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-20T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2019-1278)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9516"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1278.NASL", "href": "https://www.tenable.com/plugins/nessus/129063", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1278.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129063);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2018-9516\");\n script_xref(name:\"ALAS\", value:\"2019-1278\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2019-1278)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel in the hid_debug_events_read()\nfunction in the drivers/hid/hid-debug.c file. A lack of the certain\nchecks may allow a privileged user ('root') to achieve an\nout-of-bounds write and thus receiving user space buffer corruption.\n(CVE-2018-9516)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1278.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.55-68.37.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.55-68.37.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:20:05", "description": "A flaw was found in the Linux kernel in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user ('root') to achieve an out-of-bounds write and thus receiving user space buffer corruption.(CVE-2018-9516)\n\nNote: The Release Date is incorrect. This CVE was fixed July 2018", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2019-1278)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9516"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1278.NASL", "href": "https://www.tenable.com/plugins/nessus/129005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1278.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129005);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2018-9516\");\n script_xref(name:\"ALAS\", value:\"2019-1278\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2019-1278)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the Linux kernel in the hid_debug_events_read()\nfunction in the drivers/hid/hid-debug.c file. A lack of the certain\nchecks may allow a privileged user ('root') to achieve an\nout-of-bounds write and thus receiving user space buffer\ncorruption.(CVE-2018-9516)\n\nNote: The Release Date is incorrect. This CVE was fixed July 2018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1278.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Run 'yum update kernel ' and reboot the instance to update your\nsystem.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.55-62.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.55-62.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.55-62.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.55-62.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.55-62.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.55-62.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.55-62.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.55-62.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.55-62.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.55-62.37.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.55-62.37.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:21:15", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames. This is related to cgw_csum_xor_rel. An unprivileged user can trigger a system crash (general protection fault).(CVE-2019-3701)\n\n - A flaw was found in mmap in the Linux kernel allowing the process to map a null page. This allows attackers to abuse this mechanism to turn null pointer dereferences into workable exploits.(CVE-2019-9213)\n\n - A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.i1/4^CVE-2018-16862i1/4%0\n\n - It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.i1/4^CVE-2018-10902i1/4%0\n\n - In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the aEUR~ie_lenaEURtm argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.i1/4^CVE-2018-5848i1/4%0\n\n - A flaw was found in the Linux kernel in the function hid_debug_events_read() in the drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a user space. A local privileged user ('root') can cause a system lock up and a denial of service.i1/4^CVE-2019-3819i1/4%0\n\n - A flaw was found in the Linux kernel in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user ('root') to achieve an out-of-bounds write and thus receiving user space buffer corruption.i1/4^CVE-2018-9516i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1259)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2018-16862", "CVE-2018-5848", "CVE-2018-9516", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-9213"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.3"], "id": "EULEROS_SA-2019-1259.NASL", "href": "https://www.tenable.com/plugins/nessus/123727", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123727);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-10902\",\n \"CVE-2018-16862\",\n \"CVE-2018-5848\",\n \"CVE-2018-9516\",\n \"CVE-2019-3701\",\n \"CVE-2019-3819\",\n \"CVE-2019-9213\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1259)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in can_can_gw_rcv in\n net/can/gw.c in the Linux kernel through 4.19.13. The\n CAN frame modification rules allow bitwise logical\n operations that can be also applied to the can_dlc\n field. Because of a missing check, the CAN drivers may\n write arbitrary content beyond the data registers in\n the CAN controller's I/O memory when processing can-gw\n manipulated outgoing frames. This is related to\n cgw_csum_xor_rel. An unprivileged user can trigger a\n system crash (general protection fault).(CVE-2019-3701)\n\n - A flaw was found in mmap in the Linux kernel allowing\n the process to map a null page. This allows attackers\n to abuse this mechanism to turn null pointer\n dereferences into workable exploits.(CVE-2019-9213)\n\n - A security flaw was found in the Linux kernel in a way\n that the cleancache subsystem clears an inode after the\n final file truncation (removal). The new file created\n with the same inode may contain leftover pages from\n cleancache and the old file data instead of the new\n one.i1/4^CVE-2018-16862i1/4%0\n\n - It was found that the raw midi kernel driver does not\n protect against concurrent access which leads to a\n double realloc (double free) in\n snd_rawmidi_input_params() and\n snd_rawmidi_output_status() which are part of\n snd_rawmidi_ioctl() handler in rawmidi.c file. A\n malicious local attacker could possibly use this for\n privilege escalation.i1/4^CVE-2018-10902i1/4%0\n\n - In the function wmi_set_ie() in the Linux kernel the\n length validation code does not handle unsigned integer\n overflow properly. As a result, a large value of the\n aEUR~ie_lenaEURtm argument can cause a buffer overflow and\n thus a memory corruption leading to a system crash or\n other or unspecified impact. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.i1/4^CVE-2018-5848i1/4%0\n\n - A flaw was found in the Linux kernel in the function\n hid_debug_events_read() in the drivers/hid/hid-debug.c\n file which may enter an infinite loop with certain\n parameters passed from a user space. A local privileged\n user ('root') can cause a system lock up and a denial\n of service.i1/4^CVE-2019-3819i1/4%0\n\n - A flaw was found in the Linux kernel in the\n hid_debug_events_read() function in the\n drivers/hid/hid-debug.c file. A lack of the certain\n checks may allow a privileged user ('root') to achieve\n an out-of-bounds write and thus receiving user space\n buffer corruption.i1/4^CVE-2018-9516i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1259\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?39825ffc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10_136\",\n \"kernel-devel-3.10.0-514.44.5.10_136\",\n \"kernel-headers-3.10.0-514.44.5.10_136\",\n \"kernel-tools-3.10.0-514.44.5.10_136\",\n \"kernel-tools-libs-3.10.0-514.44.5.10_136\",\n \"kernel-tools-libs-devel-3.10.0-514.44.5.10_136\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-11T15:22:59", "description": "The openSUSE Leap 15.0 was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes.\n bnc#1129179).\n\n - CVE-2019-3819: A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable (bnc#1123161).\n\n - CVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055).\n\n - CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907).\n\n - CVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209).\n\n - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).\n\nThe following non-security bugs were fixed :\n\n - 9p/net: fix memory leak in p9_client_create (bsc#1051510).\n\n - 9p: use inode->i_lock to protect i_size_write() under 32-bit (bsc#1051510).\n\n - acpi: acpi_pad: Do not launch acpi_pad threads on idle cpus (bsc#1113399).\n\n - acpi/APEI: Clear GHES block_status before panic() (bsc#1051510).\n\n - acpi/device_sysfs: Avoid OF modalias creation for removed device (bsc#1051510).\n\n - acpi/nfit: Fix bus command validation (bsc#1051510).\n\n - acpi: NUMA: Use correct type for printing addresses on i386-PAE (bsc#1051510).\n\n - acpi / video: Extend chassis-type detection with a 'Lunch Box' check (bsc#1051510).\n\n - acpi / video: Refactor and fix dmi_is_desktop() (bsc#1051510).\n\n - alsa: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 (bsc#1051510).\n\n - alsa: compress: prevent potential divide by zero bugs (bsc#1051510).\n\n - alsa: echoaudio: add a check for ioremap_nocache (bsc#1051510).\n\n - alsa: firewire: add const qualifier to identifiers for read-only symbols (bsc#1051510).\n\n - alsa: firewire-motu: add a flag for AES/EBU on XLR interface (bsc#1051510).\n\n - alsa: firewire-motu: add specification flag for position of flag for MIDI messages (bsc#1051510).\n\n - alsa: firewire-motu: add support for MOTU Audio Express (bsc#1051510).\n\n - alsa: firewire-motu: add support for Motu Traveler (bsc#1051510).\n\n - alsa: firewire-motu: fix construction of PCM frame for capture direction (bsc#1051510).\n\n - alsa: firewire-motu: use 'version' field of unit directory to identify model (bsc#1051510).\n\n - alsa: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist (bsc#1051510).\n\n - alsa: hda - Add quirk for HP EliteBook 840 G5 (bsc#1051510).\n\n - alsa: hda - Enforces runtime_resume after S3 and S4 for each codec (bsc#1051510).\n\n - alsa: hda/realtek - Add support for Acer Aspire E5-523G/ES1-432 headset mic (bsc#1051510).\n\n - alsa: hda/realtek: Disable PC beep in passthrough on alc285 (bsc#1051510).\n\n - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset MIC with ALC256 (bsc#1051510).\n\n - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA with ALC294 (bsc#1051510).\n\n - alsa: hda/realtek: Enable headset MIC of Acer AIO with ALC286 (bsc#1051510).\n\n - alsa: hda/realtek: Enable headset MIC of Acer Aspire Z24-890 with ALC286 (bsc#1051510).\n\n - alsa: hda/realtek: Enable headset mic of ASUS P5440FF with ALC256 (bsc#1051510).\n\n - alsa: hda/realtek - Headset microphone and internal speaker support for System76 oryp5 (bsc#1051510).\n\n - alsa: hda/realtek - Headset microphone support for System76 darp5 (bsc#1051510).\n\n - alsa: hda/realtek - Reduce click noise on Dell Precision 5820 headphone (bsc#1126131).\n\n - alsa: hda - Record the current power state before suspend/resume calls (bsc#1051510).\n\n - alsa: opl3: fix mismatch between snd_opl3_drum_switch definition and declaration (bsc#1051510).\n\n - alsa: pcm: Do not suspend stream in unrecoverable PCM state (bsc#1051510).\n\n - alsa: pcm: Fix possible OOB access in PCM oss plugins (bsc#1051510).\n\n - alsa: rawmidi: Fix potential Spectre v1 vulnerability (bsc#1051510).\n\n - alsa: sb8: add a check for request_region (bsc#1051510).\n\n - alsa: seq: oss: Fix Spectre v1 vulnerability (bsc#1051510).\n\n - alsa: usb-audio: Fix implicit fb endpoint setup by quirk (bsc#1051510).\n\n - altera-stapl: check for a null key before strcasecmp'ing it (bsc#1051510).\n\n - apparmor: Fix aa_label_build() error handling for failed merges (bsc#1051510).\n\n - applicom: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n\n - aquantia: Setup max_mtu in ndev to enable jumbo frames (bsc#1051510).\n\n - arm64: fault: avoid send SIGBUS two times (bsc#1126393).\n\n - arm: 8808/1: kexec:offline panic_smp_self_stop CPU (bsc#1051510).\n\n - arm/arm64: KVM: Rename function kvm_arch_dev_ioctl_check_extension() (bsc#1126393).\n\n - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510).\n\n - arm: OMAP2+: hwmod: Fix some section annotations (bsc#1051510).\n\n - arm: pxa: avoid section mismatch warning (bsc#1051510).\n\n - arm: tango: Improve ARCH_MULTIPLATFORM compatibility (bsc#1051510).\n\n - ASoC: atom: fix a missing check of snd_pcm_lib_malloc_pages (bsc#1051510).\n\n - ASoC: dapm: change snprintf to scnprintf for possible overflow (bsc#1051510).\n\n - ASoC: fsl_esai: fix register setting issue in RIGHT_J mode (bsc#1051510).\n\n - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on i.MX8M (bsc#1051510).\n\n - ASoC: imx-audmux: change snprintf to scnprintf for possible overflow (bsc#1051510).\n\n - ASoC: imx-sgtl5000: put of nodes if finding codec fails (bsc#1051510).\n\n - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic field (bsc#1051510).\n\n - ASoC: msm8916-wcd-analog: add missing license information (bsc#1051510).\n\n - ASoC: qcom: Fix of-node refcount unbalance in apq8016_sbc_parse_of() (bsc#1051510).\n\n - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count check (bsc#1051510).\n\n - assoc_array: Fix shortcut creation (bsc#1051510).\n\n - ata: ahci: mvebu: remove stale comment (bsc#1051510).\n\n - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom (bsc#1051510).\n\n - ath9k: dynack: check da->enabled first in sampling routines (bsc#1051510).\n\n - ath9k: dynack: make ewma estimation faster (bsc#1051510).\n\n - ath9k: dynack: use authentication messages for 'late' ack (bsc#1051510).\n\n - atm: he: fix sign-extension overflow on large shift (bsc#1051510).\n\n - auxdisplay: hd44780: Fix memory leak on ->remove() (bsc#1051510).\n\n - auxdisplay: ht16k33: fix potential user-after-free on module unload (bsc#1051510).\n\n - ax25: fix possible use-after-free (bsc#1051510).\n\n - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get initial (bsc#1113722)\n\n - batman-adv: Avoid WARN on net_device without parent in netns (bsc#1051510).\n\n - batman-adv: fix uninit-value in batadv_interface_tx() (bsc#1051510).\n\n - batman-adv: Force mac header to start of data on xmit (bsc#1051510).\n\n - bio: Introduce BIO_ALLOCED flag and check it in bio_free (bsc#1128094).\n\n - blk-mq: fix a hung issue when fsync (bsc#1125252).\n\n - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094).\n\n - block_dev: fix crash on chained bios with O_DIRECT (bsc#1128094).\n\n - blockdev: Fix livelocks on loop device (bsc#1124984).\n\n - block: do not use bio->bi_vcnt to figure out segment number (bsc#1128895).\n\n - block: do not warn when doing fsync on read-only devices (bsc#1125252).\n\n - block/loop: Use global lock for ioctl() operation (bsc#1124974).\n\n - block: move bio_integrity_(intervals,bytes) into blkdev.h (bsc#1114585).\n\n - bluetooth: Fix decrementing reference count twice in releasing socket (bsc#1051510).\n\n - bluetooth: Fix locking in bt_accept_enqueue() for BH context (bsc#1051510).\n\n - bluetooth: Fix unnecessary error message for HCI request completion (bsc#1051510).\n\n - bluetooth: hci_ldisc: Initialize hci_dev before open() (bsc#1051510).\n\n - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (bsc#1051510).\n\n - bnxt_en: Fix typo in firmware message timeout logic (bsc#1086282 ).\n\n - bnxt_en: Wait longer for the firmware message response to complete (bsc#1086282).\n\n - bpf: decrease usercnt if bpf_map_new_fd() fails in bpf_map_get_fd_by_id() (bsc#1083647).\n\n - bpf: drop refcount if bpf_map_new_fd() fails in map_create() (bsc#1083647).\n\n - bpf: fix lockdep false positive in percpu_freelist (bsc#1083647).\n\n - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second imm field (bsc#1083647).\n\n - bpf: fix sanitation rewrite in case of non-pointers (bsc#1083647).\n\n - bpf: Fix syscall's stackmap lookup potential deadlock (bsc#1083647).\n\n - bpf, lpm: fix lookup bug in map_delete_elem (bsc#1083647).\n\n - bpf/verifier: fix verifier instability (bsc#1056787).\n\n - bsg: Do not copy sense if no response buffer is allocated (bsc#1106811,bsc#1126555).\n\n - btrfs: dedupe_file_range ioctl: remove 16MiB restriction (bsc#1127494).\n\n - btrfs: do not unnecessarily pass write_lock_level when processing leaf (bsc#1126802).\n\n - btrfs: ensure that a DUP or RAID1 block group has exactly two stripes (bsc#1128451).\n\n - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497).\n\n - btrfs: fix corruption reading shared and compressed extents after hole punching (bsc#1126476).\n\n - btrfs: fix deadlock between clone/dedupe and rename (bsc#1130518).\n\n - btrfs: fix deadlock when allocating tree block during leaf/node split (bsc#1126806).\n\n - btrfs: fix deadlock when using free space tree due to block group creation (bsc#1126804).\n\n - btrfs: fix fsync after succession of renames and unlink/rmdir (bsc#1126488).\n\n - btrfs: fix fsync after succession of renames of different files (bsc#1126481).\n\n - btrfs: fix invalid-free in btrfs_extent_same (bsc#1127498).\n\n - btrfs: fix reading stale metadata blocks after degraded raid1 mounts (bsc#1126803).\n\n - btrfs: fix use-after-free of cmp workspace pages (bsc#1127603).\n\n - btrfs: grab write lock directly if write_lock_level is the max level (bsc#1126802).\n\n - btrfs: Improve btrfs_search_slot description (bsc#1126802).\n\n - btrfs: move get root out of btrfs_search_slot to a helper (bsc#1126802).\n\n - btrfs: qgroup: Cleanup old subtree swap code (bsc#1063638).\n\n - btrfs: qgroup: Do not trace subtree if we're dropping reloc tree (bsc#1063638).\n\n - btrfs: qgroup: Finish rescan when hit the last leaf of extent tree (bsc#1129327).\n\n - btrfs: qgroup: Introduce function to find all new tree blocks of reloc tree (bsc#1063638).\n\n - btrfs: qgroup: Introduce function to trace two swaped extents (bsc#1063638).\n\n - btrfs: qgroup: Introduce per-root swapped blocks infrastructure (bsc#1063638).\n\n - btrfs: qgroup: Introduce trace event to analyse the number of dirty extents accounted (bsc#1063638 dependency).\n\n - btrfs: qgroup: Make qgroup async transaction commit more aggressive (bsc#1113042).\n\n - btrfs: qgroup: Only trace data extents in leaves if we're relocating data block group (bsc#1063638).\n\n - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap (bsc#1063638).\n\n - btrfs: qgroup: Search commit root for rescan to avoid missing extent (bsc#1129326).\n\n - btrfs: qgroup: Use delayed subtree rescan for balance (bsc#1063638).\n\n - btrfs: qgroup: Use generation-aware subtree swap to mark dirty extents (bsc#1063638).\n\n - btrfs: quota: Set rescan progress to (u64)-1 if we hit last leaf (bsc#1129327).\n\n - btrfs: relocation: Delay reloc tree deletion after merge_reloc_roots (bsc#1063638).\n\n - btrfs: reloc: Fix NULL pointer dereference due to expanded reloc_root lifespan (bsc#1129497).\n\n - btrfs: remove always true check in unlock_up (bsc#1126802).\n\n - btrfs: remove superfluous free_extent_buffer in read_block_for_search (bsc#1126802).\n\n - btrfs: remove unnecessary level check in balance_level (bsc#1126802).\n\n - btrfs: remove unused check of skip_locking (bsc#1126802).\n\n - btrfs: reuse cmp workspace in EXTENT_SAME ioctl (bsc#1127495).\n\n - btrfs: send, fix race with transaction commits that create snapshots (bsc#1126802).\n\n - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481).\n\n - btrfs: split btrfs_extent_same (bsc#1127493).\n\n - btrfs: use kvzalloc for EXTENT_SAME temporary data (bsc#1127496).\n\n - btrfs: use more straightforward extent_buffer_uptodate check (bsc#1126802).\n\n - cdc-wdm: pass return value of recover_from_urb_loss (bsc#1051510).\n\n - ceph: avoid repeatedly adding inode to mdsc->snap_flush_list (bsc#1126790).\n\n - ceph: clear inode pointer when snap realm gets dropped by its inode (bsc#1125799).\n\n - cfg80211: extend range deviation for DMG (bsc#1051510).\n\n - ch: add missing mutex_lock()/mutex_unlock() in ch_release() (bsc#1124235).\n\n - ch: fixup refcounting imbalance for SCSI devices (bsc#1124235).\n\n - cifs: allow guest mounts to work for smb3.11 (bsc#1051510).\n\n - cifs: Always resolve hostname before reconnecting (bsc#1051510).\n\n - cifs: connect to servername instead of IP for IPC$ share (bsc#1051510).\n\n - cifs: Fix NULL pointer dereference of devname (bnc#1129519).\n\n - cifs: invalidate cache when we truncate a file (bsc#1051510).\n\n - cifs: OFD locks do not conflict with eachothers (bsc#1051510).\n\n - clk: armada-370: fix refcount leak in a370_clk_init() (bsc#1051510).\n\n - clk: armada-xp: fix refcount leak in axp_clk_init() (bsc#1051510).\n\n - clk: clk-twl6040: Fix imprecise external abort for pdmclk (bsc#1051510).\n\n - clk: dove: fix refcount leak in dove_clk_init() (bsc#1051510).\n\n - clk: highbank: fix refcount leak in hb_clk_init() (bsc#1051510).\n\n - clk: imx6q: fix refcount leak in imx6q_clocks_init() (bsc#1051510).\n\n - clk: imx6sl: ensure MMDC CH0 handshake is bypassed (bsc#1051510).\n\n - clk: imx6sx: fix refcount leak in imx6sx_clocks_init() (bsc#1051510).\n\n - clk: imx7d: fix refcount leak in imx7d_clocks_init() (bsc#1051510).\n\n - clk: ingenic: Fix doc of ingenic_cgu_div_info (bsc#1051510).\n\n - clk: ingenic: Fix round_rate misbehaving with non-integer dividers (bsc#1051510).\n\n - clk: kirkwood: fix refcount leak in kirkwood_clk_init() (bsc#1051510).\n\n - clk: mv98dx3236: fix refcount leak in mv98dx3236_clk_init() (bsc#1051510).\n\n - clk: qoriq: fix refcount leak in clockgen_init() (bsc#1051510).\n\n - clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() (bsc#1051510).\n\n - clk: socfpga: fix refcount leak (bsc#1051510).\n\n - clk: sunxi: A31: Fix wrong AHB gate number (bsc#1051510).\n\n - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all audio module clocks (bsc#1051510).\n\n - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when ungating it (bsc#1051510).\n\n - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit (bsc#1051510).\n\n - clk: uniphier: Fix update register for CPU-gear (bsc#1051510).\n\n - clk: vc5: Abort clock configuration without upstream clock (bsc#1051510).\n\n - clk: vf610: fix refcount leak in vf610_clocks_init() (bsc#1051510).\n\n - clocksource/drivers/exynos_mct: Clear timer interrupt when shutdown (bsc#1051510).\n\n - clocksource/drivers/exynos_mct: Fix error path in timer resources initialization (bsc#1051510).\n\n - clocksource/drivers/exynos_mct: Move one-shot check from tick clear to ISR (bsc#1051510).\n\n - clocksource/drivers/integrator-ap: Add missing of_node_put() (bsc#1051510).\n\n - clocksource/drivers/sun5i: Fail gracefully when clock rate is unavailable (bsc#1051510).\n\n - configfs: fix registered group removal (bsc#1051510).\n\n - copy_mount_string: Limit string length to PATH_MAX (bsc#1082943).\n\n - cpcap-charger: generate events for userspace (bsc#1051510).\n\n - cpufreq: Cap the default transition delay value to 10 ms (bsc#1127042).\n\n - cpufreq: conservative: Take limits changes into account properly (bsc#1051510).\n\n - cpufreq: governor: Avoid accessing invalid governor_data (bsc#1051510).\n\n - cpufreq: governor: Drop min_sampling_rate (bsc#1127042).\n\n - cpufreq: governor: Ensure sufficiently large sampling intervals (bsc#1127042).\n\n - cpufreq: pxa2xx: remove incorrect __init annotation (bsc#1051510).\n\n - cpufreq: tegra124: add missing of_node_put() (bsc#1051510).\n\n - cpufreq: Use transition_delay_us for legacy governors as well (bsc#1127042).\n\n - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510).\n\n - crypto: aes_ti - disable interrupts while accessing S-box (bsc#1051510).\n\n - crypto: ahash - fix another early termination in hash walk (bsc#1051510).\n\n - crypto: arm64/aes-ccm - fix logical bug in AAD MAC handling (bsc#1051510).\n\n - crypto: arm/crct10dif - revert to C code for short inputs (bsc#1051510).\n\n - crypto: brcm - Fix some set-but-not-used warning (bsc#1051510).\n\n - crypto: caam - fixed handling of sg list (bsc#1051510).\n\n - crypto: cavium/zip - fix collision with generic cra_driver_name (bsc#1051510).\n\n - crypto: crypto4xx - add missing of_node_put after of_device_is_available (bsc#1051510).\n\n - crypto: crypto4xx - Fix wrong ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments (bsc#1051510).\n\n - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails (bsc#1051510).\n\n - crypto: testmgr - skip crc32c context test for ahash algorithms (bsc#1051510).\n\n - crypto: tgr192 - fix unaligned memory access (bsc#1051510).\n\n - crypto: ux500 - Use proper enum in cryp_set_dma_transfer (bsc#1051510).\n\n - crypto: ux500 - Use proper enum in hash_set_dma_transfer (bsc#1051510).\n\n - cw1200: drop useless LIST_HEAD (bsc#1051510).\n\n - cw1200: Fix concurrency use-after-free bugs in cw1200_hw_scan() (bsc#1051510).\n\n - cw1200: fix missing unlock on error in cw1200_hw_scan() (bsc#1051510).\n\n - dccp: fool proof ccid_hc_[rt]x_parse_options() (bsc#1051510).\n\n - debugfs: fix debugfs_rename parameter checking (bsc#1051510).\n\n - device property: Fix the length used in PROPERTY_ENTRY_STRING() (bsc#1051510).\n\n - dlm: Do not swamp the CPU with callbacks queued during recovery (bsc#1051510).\n\n - dmaengine: at_hdmac: drop useless LIST_HEAD (bsc#1051510).\n\n - dmaengine: at_xdmac: Fix wrongfull report of a channel as in use (bsc#1051510).\n\n - dmaengine: bcm2835: Fix abort of transactions (bsc#1051510).\n\n - dmaengine: bcm2835: Fix interrupt race on RT (bsc#1051510).\n\n - dmaengine: dmatest: Abort test in case of mapping error (bsc#1051510).\n\n - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510).\n\n - dmaengine: imx-dma: fix wrong callback invoke (bsc#1051510).\n\n - dmaengine: mv_xor: Use correct device for DMA API (bsc#1051510).\n\n - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510).\n\n - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510).\n\n - dmaengine: st_fdma: drop useless LIST_HEAD (bsc#1051510).\n\n - dmaengine: stm32-dma: fix incomplete configuration in cyclic mode (bsc#1051510).\n\n - dma: Introduce dma_max_mapping_size() (bsc#1120008).\n\n - doc: rcu: Suspicious RCU usage is a warning (bsc#1051510).\n\n - Do not log confusing message on reconnect by default (bsc#1129664).\n\n - driver core: Do not resume suppliers under device_links_write_lock() (bsc#1051510).\n\n - drivers: hv: vmbus: Check for ring when getting debug info (bsc#1126389, bsc#1126579).\n\n - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo kABI (bsc#1126389, bsc#1126579).\n\n - drivers: hv: vmbus: Return -EINVAL for the sys files for unopened channels (bsc#1126389, bsc#1126579).\n\n - drm/amdgpu: Add delay after enable RLC ucode (bsc#1051510).\n\n - drm/ast: Fix connector leak during driver unload (bsc#1051510).\n\n - drm/ast: fixed reading monitor EDID not stable issue (bsc#1051510).\n\n - drm/atomic-helper: Complete fake_commit->flip_done potentially earlier (bsc#1051510).\n\n - drm: Block fb changes for async plane updates (bsc#1051510).\n\n - drm/bridge: tc358767: add defines for DP1_SRCCTRL & PHY_2LANE (bsc#1051510).\n\n - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value (bsc#1051510).\n\n - drm/bridge: tc358767: fix output H/V syncs (bsc#1051510).\n\n - drm/bridge: tc358767: fix single lane configuration (bsc#1051510).\n\n - drm/bridge: tc358767: reject modes which require too much BW (bsc#1051510).\n\n - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510).\n\n - drm: Clear state->acquire_ctx before leaving drm_atomic_helper_commit_duplicated_state() (bsc#1051510).\n\n - drm: disable uncached DMA optimization for ARM and arm64 (bsc#1051510).\n\n - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump() (bsc#1113722)\n\n - drm/etnaviv: potential NULL dereference (bsc#1113722)\n\n - drm: Fix error handling in drm_legacy_addctx (bsc#1113722)\n\n - drm/i915/bios: assume eDP is present on port A when there is no VBT (bsc#1051510).\n\n - drm/i915: Block fbdev HPD processing during suspend (bsc#1113722)\n\n - drm/i915/fbdev: Actually configure untiled displays (bsc#1113722)\n\n - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722)\n\n - drm/i915/gvt: free VFIO region space in vgpu detach (bsc#1113722)\n\n - drm/i915/gvt: release shadow batch buffer and wa_ctx before destroy one workload (bsc#1051510).\n\n - drm/i915/opregion: fix version check (bsc#1113722)\n\n - drm/i915/opregion: rvda is relative from opregion base in opregion (bsc#1113722)\n\n - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with WC set (bsc#1113722)\n\n - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510).\n\n - drm/i915: Relax mmap VMA check (bsc#1051510).\n\n - drm/i915: Use the correct crtc when sanitizing plane mapping (bsc#1113722)\n\n - drm/imx: ignore plane updates on disabled crtcs (bsc#1051510).\n\n - drm/imx: imx-ldb: add missing of_node_puts (bsc#1051510).\n\n - drm/meson: add missing of_node_put (bsc#1051510).\n\n - drm/modes: Prevent division by zero htotal (bsc#1051510).\n\n - drm/msm: Fix error return checking (bsc#1051510).\n\n - drm/msm: Grab a vblank reference when waiting for commit_done (bsc#1051510).\n\n - drm/msm: Unblock writer if reader closes file (bsc#1051510).\n\n - drm/nouveau/bios/ramcfg: fix missing parentheses when calculating RON (bsc#1113722)\n\n - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync failure (bsc#1051510).\n\n - drm/nouveau: Do not spew kernel WARNING for each timeout (bsc#1126480).\n\n - drm/nouveau: Do not WARN_ON VCPI allocation failures (bsc#1113722)\n\n - drm/nouveau/falcon: avoid touching registers if engine is off (bsc#1051510).\n\n - drm/nouveau/pmu: do not print reply values if exec is false (bsc#1113722)\n\n - drm/radeon/evergreen_cs: fix missing break in switch statement (bsc#1113722)\n\n - drm: Reorder set_property_atomic to avoid returning with an active ww_ctx (bsc#1051510).\n\n - drm/rockchip: fix for mailbox read size (bsc#1051510).\n\n - drm/shmob: Fix return value check in shmob_drm_probe (bsc#1113722)\n\n - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock at init (bsc#1051510).\n\n - drm/vmwgfx: Do not double-free the mode stored in par->set_mode (bsc#1103429)\n\n - earlycon: Initialize port->uartclk based on clock-frequency property (bsc#1051510).\n\n - earlycon: Remove hardcoded port->uartclk initialization in of_setup_earlycon (bsc#1051510).\n\n - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,)\n\n - Enable livepatch test drivers in lib/ Livepatch kselftests need those.\n\n - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK (bsc#1051510).\n\n - enic: fix checksum validation for IPv6 (bsc#1051510).\n\n - esp6: fix memleak on error path in esp6_input (bsc#1051510).\n\n - esp: Fix locking on page fragment allocation (bsc#1051510).\n\n - esp: Fix memleaks on error paths (bsc#1051510).\n\n - esp: Fix skb tailroom calculation (bsc#1051510).\n\n - ext4: avoid kernel warning when writing the superblock to a dead device (bsc#1124981).\n\n - ext4: Avoid panic during forced reboot (bsc#1126356).\n\n - ext4: check for shutdown and r/o file system in ext4_write_inode() (bsc#1124978).\n\n - ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bsc#1124980).\n\n - ext4: force inode writes when nfsd calls commit_metadata() (bsc#1125125).\n\n - ext4: include terminating u32 in size of xattr entries when expanding inodes (bsc#1124976).\n\n - ext4: make sure enough credits are reserved for dioread_nolock writes (bsc#1124979).\n\n - ext4: track writeback errors using the generic tracking infrastructure (bsc#1124982).\n\n - fbdev: chipsfb: remove set but not used variable 'size' (bsc#1113722)\n\n - firmware/efi: Add NULL pointer checks in efivars API functions (bsc#1051510).\n\n - floppy: check_events callback should not return a negative number (bsc#1051510).\n\n - fs/dax: deposit pagetable even when installing zero page (bsc#1126740).\n\n - fs/dcache: Fix incorrect nr_dentry_unused accounting in shrink_dcache_sb() (git-fixes).\n\n - fs/devpts: always delete dcache dentry-s in dput() (git-fixes).\n\n - fuse: call pipe_buf_release() under pipe lock (bsc#1051510).\n\n - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS (bsc#1051510).\n\n - fuse: decrement NR_WRITEBACK_TEMP on the right page (bsc#1051510).\n\n - fuse: handle zero sized retrieve correctly (bsc#1051510).\n\n - futex: Fix (possible) missed wakeup (bsc#1050549).\n\n - gdrom: fix a memory leak bug (bsc#1051510).\n\n - geneve: cleanup hard coded value for Ethernet header length (bsc#1123456).\n\n - geneve: correctly handle ipv6.disable module parameter (bsc#1051510).\n\n - geneve, vxlan: Do not check skb_dst() twice (bsc#1123456).\n\n - geneve, vxlan: Do not set exceptions if skb->len < mtu (bsc#1123456).\n\n - genwqe: Fix size check (bsc#1051510).\n\n - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601).\n\n - gianfar: fix a flooded alignment reports because of padding issue (bsc#1051510).\n\n - gianfar: Fix Rx byte accounting for ndev stats (bsc#1051510).\n\n - gianfar: prevent integer wrapping in the rx handler (bsc#1051510).\n\n - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722)\n\n - gpu: ipu-v3: Fix i.MX51 CSI control registers offset (bsc#1113722)\n\n - gpu: ipu-v3: image-convert: Prevent race between run and unprepare (bsc#1051510).\n\n - gro_cells: make sure device is up in gro_cells_receive() (git-fixes).\n\n - hid: lenovo: Add checks to fix of_led_classdev_register (bsc#1051510).\n\n - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable (git-fixes).\n\n - hvc_opal: do not set tb_ticks_per_usec in udbg_init_opal_common() (bsc#1051510).\n\n - hv: reduce storvsc_ringbuffer_size from 1M to 128K to simplify booting with 1k vcpus ().\n\n - hv: v4.12 API for hyperv-iommu (bsc#1122822).\n\n - hwmon: (lm80) fix a missing check of bus read in lm80 probe (bsc#1051510).\n\n - hwmon: (lm80) fix a missing check of the status of SMBus read (bsc#1051510).\n\n - hwmon: (lm80) Fix missing unlock on error in set_fan_div() (bsc#1051510).\n\n - hwmon: (tmp421) Correct the misspelling of the tmp442 compatible attribute in OF device ID table (bsc#1051510).\n\n - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver (bsc#1122822).\n\n - i2c-axxia: check for error conditions first (bsc#1051510).\n\n - i2c: bcm2835: Clear current buffer pointers and counts after a transfer (bsc#1051510).\n\n - i2c: cadence: Fix the hold bit setting (bsc#1051510).\n\n - i2c: omap: Use noirq system sleep pm ops to idle device for suspend (bsc#1051510).\n\n - i2c: sh_mobile: add support for r8a77990 (R-Car E3) (bsc#1051510).\n\n - i2c: tegra: fix maximum transfer size (bsc#1051510).\n\n - ib/core: Destroy QP if XRC QP fails (bsc#1046306).\n\n - ib/core: Fix potential memory leak while creating MAD agents (bsc#1046306).\n\n - ib/core: Unregister notifier before freeing MAD security (bsc#1046306).\n\n - ib/hfi1: Close race condition on user context disable and close (bsc#1060463).\n\n - ib/mlx5: Unmap DMA addr from HCA before IOMMU (bsc#1046305 ).\n\n - ibmvnic: Report actual backing device speed and duplex values (bsc#1129923).\n\n - ibmvscsi: Fix empty event pool access during host removal (bsc#1119019).\n\n - ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019).\n\n - ieee802154: ca8210: fix possible u8 overflow in ca8210_rx_done (bsc#1051510).\n\n - igb: Fix an issue that PME is not enabled during runtime suspend (bsc#1051510).\n\n - iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID (bsc#1051510).\n\n - iio: adc: exynos-adc: Fix NULL pointer exception on unbind (bsc#1051510).\n\n - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values to millicelsius (bsc#1051510).\n\n - Input: bma150 - register input device after setting private data (bsc#1051510).\n\n - input: cap11xx - switch to using set_brightness_blocking() (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for touchpad in Lenovo V330-15ISK (bsc#1051510).\n\n - Input: elan_i2c - add id for touchpad found in Lenovo s21e-20 (bsc#1051510).\n\n - Input: elantech - enable 3rd button support on Fujitsu CELSIUS H780 (bsc#1051510).\n\n - input: matrix_keypad - use flush_delayed_work() (bsc#1051510).\n\n - Input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV (git-fixes).\n\n - input: st-keyscan - fix potential zalloc NULL dereference (bsc#1051510).\n\n - input: uinput - fix undefined behavior in uinput_validate_absinfo() (bsc#1120902).\n\n - Input: wacom_serial4 - add support for Wacom ArtPad II tablet (bsc#1051510).\n\n - intel_th: Do not reference unassigned outputs (bsc#1051510).\n\n - intel_th: gth: Fix an off-by-one in output unassigning (bsc#1051510).\n\n - iomap: fix integer truncation issues in the zeroing and dirtying helpers (bsc#1125947).\n\n - iomap: warn on zero-length mappings (bsc#1127062).\n\n - iommu/amd: Fix NULL dereference bug in match_hid_uid (bsc#1130336).\n\n - iommu/amd: fix sg->dma_address for sg->offset bigger than PAGE_SIZE (bsc#1130337).\n\n - iommu/amd: Reserve exclusion range in iova-domain (bsc#1130425).\n\n - iommu/dmar: Fix buffer overflow during PCI bus notification (bsc#1129181).\n\n - iommu: Document iommu_ops.is_attach_deferred() (bsc#1129182).\n\n - iommu: Do not print warning when IOMMU driver only supports unmanaged domains (bsc#1130130).\n\n - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables (bsc#1129205).\n\n - iommu/vt-d: Check capability before disabling protected memory (bsc#1130338).\n\n - iommu/vt-d: Check identity map for hot-added devices (bsc#1129183).\n\n - iommu/vt-d: Fix NULL pointer reference in intel_svm_bind_mm() (bsc#1129184).\n\n - ip6: fix PMTU discovery when using /127 subnets (git-fixes).\n\n - ip6mr: Do not call __IP6_INC_STATS() from preemptible context (git-fixes).\n\n - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit (bsc#1123456).\n\n - ip6_tunnel: use the right value for ipv4 min mtu check in ip6_tnl_xmit (bsc#1123456).\n\n - ipsec: check return value of skb_to_sgvec always (bsc#1051510).\n\n - ipv4/route: fail early when inet dev is missing (git-fixes).\n\n - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982).\n\n - ipv6: addrlabel: per netns list (bsc#1122982).\n\n - ipv6: Consider sk_bound_dev_if when binding a socket to an address (networking-stable-19_02_01).\n\n - ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (networking-stable-19_01_22).\n\n - ipv6: fix kernel-infoleak in ipv6_local_error() (networking-stable-19_01_20).\n\n - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982).\n Refresh patches.suse/ip6_vti-fix-a-null-pointer-deference-when-d estroy-vt.patch\n\n - ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (networking-stable-19_01_22).\n\n - ipvlan, l3mdev: fix broken l3s mode wrt local routes (networking-stable-19_02_01).\n\n - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on their size (bsc#1051510).\n\n - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for Device table (bsc#1051510).\n\n - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA node (bsc#1051510).\n\n - irqchip/gic-v3-its: Fix ITT_entry_size accessor (bsc#1051510).\n\n - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on enable/disable (bsc#1051510).\n\n - iscsi_ibft: Fix missing break in switch statement (bsc#1051510).\n\n - isdn: avm: Fix string plus integer warning from Clang (bsc#1051510).\n\n - isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() (bsc#1051510).\n\n - isdn: i4l: isdn_tty: Fix some concurrency double-free bugs (bsc#1051510).\n\n - iser: set sector for ambiguous mr status errors (bsc#1051510).\n\n - iwlwifi: mvm: avoid possible access out of array (bsc#1051510).\n\n - iwlwifi: mvm: fix A-MPDU reference assignment (bsc#1051510).\n\n - iwlwifi: mvm: fix firmware statistics usage (bsc#1129770).\n\n - iwlwifi: mvm: fix RSS config command (bsc#1051510).\n\n - iwlwifi: pcie: fix emergency path (bsc#1051510).\n\n - iwlwifi: pcie: fix TX while flushing (bsc#1120902).\n\n - ixgbe: Be more careful when modifying MAC filters (bsc#1051510).\n\n - ixgbe: check return value of napi_complete_done() (bsc#1051510).\n\n - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps (bsc#1051510).\n\n - kabi: cpufreq: keep min_sampling_rate in struct dbs_data (bsc#1127042).\n\n - kabi: handle addition of ip6addrlbl_table into struct netns_ipv6 (bsc#1122982).\n\n - kabi: handle addition of uevent_sock into struct net (bsc#1122982).\n\n - kabi: Preserve kABI for dma_max_mapping_size() (bsc#1120008).\n\n - kabi: protect vhost_log_write (kabi).\n\n - kabi: restore ip_tunnel_delete_net() (bsc#1122982).\n\n - kabi workaround for ath9k ath_node.ackto type change (bsc#1051510).\n\n - kABI workaround for bt_accept_enqueue() change (bsc#1051510).\n\n - kallsyms: Handle too long symbols in kallsyms.c (bsc#1126805).\n\n - kasan: fix shadow_size calculation error in kasan_module_alloc (bsc#1051510).\n\n - kbuild: fix false positive warning/error about missing libelf (bsc#1051510).\n\n - kconfig: fix file name and line number of warn_ignored_character() (bsc#1051510).\n\n - kconfig: fix line numbers for if-entries in menu tree (bsc#1051510).\n\n - kconfig: fix memory leak when EOF is encountered in quotation (bsc#1051510).\n\n - kconfig: fix the rule of mainmenu_stmt symbol (bsc#1051510).\n\n - keys: allow reaching the keys quotas exactly (bsc#1051510).\n\n - keys: Timestamp new keys (bsc#1051510).\n\n - kgdboc: fix KASAN global-out-of-bounds bug in param_set_kgdboc_var() (bsc#1051510).\n\n - kgdboc: Fix restrict error (bsc#1051510).\n\n - kgdboc: Fix warning with module build (bsc#1051510).\n\n - kobject: add kobject_uevent_net_broadcast() (bsc#1122982).\n\n - kobject: copy env blob in one go (bsc#1122982).\n\n - kobject: factorize skb setup in kobject_uevent_net_broadcast() (bsc#1122982).\n\n - kprobes: Return error if we fail to reuse kprobe instead of BUG_ON() (bsc#1051510).\n\n - kvm: mmu: Fix race in emulated page table writes (bsc#1129284).\n\n - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if alloc_kvm_area() fails (bsc#1129291).\n\n - kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT (bsc#1129292).\n\n - kvm: nVMX: Set VM instruction error for VMPTRLD of unbacked page (bsc#1129293).\n\n - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests (bsc#1129294).\n\n - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs (bsc#1127082).\n\n - kvm: x86: Fix single-step debugging (bsc#1129295).\n\n - kvm: x86: Use jmp to invoke kvm_spurious_fault() from .fixup (bsc#1129296).\n\n - l2tp: copy 4 more bytes to linear part if necessary (networking-stable-19_02_01).\n\n - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes).\n\n - l2tp: fix reading optional fields of L2TPv3 (networking-stable-19_02_01).\n\n - leds: lp5523: fix a missing check of return value of lp55xx_read (bsc#1051510).\n\n - leds: lp55xx: fix null deref on firmware load failure (bsc#1051510).\n\n - libceph: avoid KEEPALIVE_PENDING races in ceph_con_keepalive() (bsc#1125800).\n\n - libceph: handle an empty authorize reply (bsc#1126789).\n\n - libceph: wait for latest osdmap in ceph_monc_blacklist_add() (bsc#1130427).\n\n - lib/div64.c: off by one in shift (bsc#1051510).\n\n - libertas_tf: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).\n\n - libnvdimm: Fix altmap reservation size calculation (bsc#1127682).\n\n - libnvdimm/label: Clear 'updating' flag after label-set update (bsc#1129543).\n\n - libnvdimm/pmem: Honor force_raw for legacy pmem regions (bsc#1129551).\n\n - lightnvm: fail fast on passthrough commands (bsc#1125780).\n\n - livepatch: Change unsigned long old_addr -> void\n *old_func in struct klp_func (bsc#1071995).\n\n - livepatch: Consolidate klp_free functions (bsc#1071995 ).\n\n - livepatch: core: Return EOPNOTSUPP instead of ENOSYS (bsc#1071995).\n\n - livepatch: Define a macro for new API identification (bsc#1071995).\n\n - livepatch: Do not block the removal of patches loaded after a forced transition (bsc#1071995).\n\n - livepatch: Introduce klp_for_each_patch macro (bsc#1071995 ).\n\n - livepatch: Module coming and going callbacks can proceed with all listed patches (bsc#1071995).\n\n - livepatch: Proper error handling in the shadow variables selftest (bsc#1071995).\n\n - livepatch: Remove ordering (stacking) of the livepatches (bsc#1071995).\n\n - livepatch: Remove signal sysfs attribute (bsc#1071995 ).\n\n - livepatch: return -ENOMEM on ptr_id() allocation failure (bsc#1071995).\n\n - livepatch: Send a fake signal periodically (bsc#1071995 ).\n\n - livepatch: Shuffle klp_enable_patch()/klp_disable_patch() code (bsc#1071995).\n\n - livepatch: Simplify API by removing registration step (bsc#1071995).\n\n - llc: do not use sk_eat_skb() (bsc#1051510).\n\n - locking/rwsem: Fix (possible) missed wakeup (bsc#1050549).\n\n - loop: drop caches if offset or block_size are changed (bsc#1124975).\n\n - loop: Reintroduce lo_ctl_mutex removed by commit 310ca162d (bsc#1124974).\n\n - mac80211: Add attribute aligned(2) to struct 'action' (bsc#1051510).\n\n - mac80211: do not initiate TDLS connection if station is not associated to AP (bsc#1051510).\n\n - mac80211: ensure that mgmt tx skbs have tailroom for encryption (bsc#1051510).\n\n - mac80211: fix miscounting of ttl-dropped frames (bsc#1051510).\n\n - mac80211: fix radiotap vendor presence bitmap handling (bsc#1051510).\n\n - mac80211: Fix Tx aggregation session tear down with ITXQs (bsc#1051510).\n\n - mac80211: Free mpath object when rhashtable insertion fails (bsc#1051510).\n\n - mac80211_hwsim: propagate genlmsg_reply return code (bsc#1051510).\n\n - mac80211: Restore vif beacon interval if start ap fails (bsc#1051510).\n\n - macvlan: Only deliver one copy of the frame to the macvlan interface (bsc#1051510).\n\n - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush timeout issue (bsc#1051510).\n\n - mdio_bus: Fix use-after-free on device_register fails (bsc#1051510).\n\n - media: adv*/tc358743/ths8200: fill in min width/height/pixelclock (bsc#1051510).\n\n - media: DaVinci-VPBE: fix error handling in vpbe_initialize() (bsc#1051510).\n\n - media: dt-bindings: media: i2c: Fix i2c address for OV5645 camera sensor (bsc#1051510).\n\n - media: mtk-vcodec: Release device nodes in mtk_vcodec_init_enc_pm() (bsc#1051510).\n\n - media: rc: mce_kbd decoder: fix stuck keys (bsc#1100132).\n\n - media: s5k4ecgx: delete a bogus error message (bsc#1051510).\n\n - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt enumeration (bsc#1051510).\n\n - media: s5p-jpeg: Correct step and max values for V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510).\n\n - media: s5p-mfc: fix incorrect bus assignment in virtual child device (bsc#1051510).\n\n - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming (bsc#1051510).\n\n - media: uvcvideo: Fix 'type' check leading to overflow (bsc#1051510).\n\n - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510).\n\n - media: v4l2: i2c: ov7670: Fix PLL bypass register values (bsc#1051510).\n\n - media: vb2: do not call __vb2_queue_cancel if vb2_start_streaming failed (bsc#1119086).\n\n - memremap: fix softlockup reports at teardown (bnc#1130154).\n\n - memstick: Prevent memstick host from getting runtime suspended during card detection (bsc#1051510).\n\n - mfd: db8500-prcmu: Fix some section annotations (bsc#1051510).\n\n - mfd: mc13xxx: Fix a missing check of a register-read failure (bsc#1051510).\n\n - mfd: mt6397: Do not call irq_domain_remove if PMIC unsupported (bsc#1051510).\n\n - mfd: qcom_rpm: write fw_version to CTRL_REG (bsc#1051510).\n\n - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while registering mfd cells (bsc#1051510).\n\n - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up error path in probe() (bsc#1051510).\n\n - mfd: twl-core: Fix section annotations on (,un)protect_pm_master (bsc#1051510).\n\n - mfd: wm5110: Add missing ASRC rate register (bsc#1051510).\n\n - misc: hpilo: Do not claim unsupported hardware (bsc#1129330).\n\n - misc: hpilo: Exclude unsupported device via blacklist (bsc#1129330).\n\n - mISDN: fix a race in dev_expire_timer() (bsc#1051510).\n\n - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of local variable (git-fixes).\n\n - mlxsw: spectrum: Disable lag port TX before removing it (networking-stable-19_01_22).\n\n - mmap: introduce sane default mmap limits (git fixes (mm/mmap)).\n\n - mmap: relax file size limit for regular files (git fixes (mm/mmap)).\n\n - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD (bsc#1051510).\n\n - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS (bsc#1051510).\n\n - mmc: omap: fix the maximum timeout setting (bsc#1051510).\n\n - mmc: pxamci: fix enum type confusion (bsc#1051510).\n\n - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during probe (bsc#1051510).\n\n - mmc: sdhci-esdhc-imx: fix HS400 timing issue (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510).\n\n - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510).\n\n - mmc: spi: Fix card detection during probe (bsc#1051510).\n\n - mm: do not drop unused pages when userfaultd is running (git fixes (mm/userfaultfd)).\n\n - mm: Fix modifying of page protection by insert_pfn() (bsc#1126740).\n\n - mm: Fix warning in insert_pfn() (bsc#1126740).\n\n - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git fixes (mm/hmm)).\n\n - mm: hwpoison: use do_send_sig_info() instead of force_sig() (git fixes (mm/hwpoison)).\n\n - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in rmap_walk_ksm() (git fixes (mm/ksm)).\n\n - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git fixes (mm/madvise)).\n\n - mm,memory_hotplug: fix scan_movable_pages() for gigantic hugepages (bsc#1127731).\n\n - mm: migrate: do not rely on __PageMovable() of newpage after unlocking it (git fixes (mm/migrate)).\n\n - mm, oom: fix use-after-free in oom_kill_process (git fixes (mm/oom)).\n\n - mm: use swp_offset as key in shmem_replace_page() (git fixes (mm/shmem)).\n\n - mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed (git fixes (mm/vmscan)).\n\n - Move upstreamed ALSA and BT patches into sorted section\n\n - Move upstreamed libnvdimm patch into sorted section\n\n - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bsc#1051510).\n\n - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bsc#1051510).\n\n - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bsc#1051510).\n\n - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bsc#1051510).\n\n - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bsc#1051510).\n\n - mtdchar: fix overflows in adjustment of `count` (bsc#1051510).\n\n - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510).\n\n - mtd: docg3: do not set conflicting BCH_CONST_PARAMS option (bsc#1051510).\n\n - mtd/maps: fix solutionengine.c printk format warnings (bsc#1051510).\n\n - mtd: mtd_oobtest: Handle bitflips during reads (bsc#1051510).\n\n - mtd: nand: atmel: fix buffer overflow in atmel_pmecc_user (bsc#1051510).\n\n - mtd: nand: atmel: Fix get_sectorsize() function (bsc#1051510).\n\n - mtd: nand: atmel: fix of_irq_get() error check (bsc#1051510).\n\n - mtd: nand: brcmnand: Disable prefetch by default (bsc#1051510).\n\n - mtd: nand: brcmnand: Zero bitflip is not an error (bsc#1051510).\n\n - mtd: nand: denali_pci: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510).\n\n - mtd: nand: fix interpretation of NAND_CMD_NONE in nand_command[_lp]() (bsc#1051510).\n\n - mtd: nand: Fix nand_do_read_oob() return value (bsc#1051510).\n\n - mtd: nand: Fix writing mtdoops to nand flash (bsc#1051510).\n\n - mtd: nand: fsl_ifc: Fix nand waitfunc return value (bsc#1051510).\n\n - mtd: nand: gpmi: Fix failure when a erased page has a bitflip at BBM (bsc#1051510).\n\n - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0 (bsc#1051510).\n\n - mtd: nand: mtk: fix infinite ECC decode IRQ issue (bsc#1051510).\n\n - mtd: nand: omap2: Fix subpage write (bsc#1051510).\n\n - mtd: nand: pxa3xx: Fix READOOB implementation (bsc#1051510).\n\n - mtd: nand: qcom: Add a NULL check for devm_kasprintf() (bsc#1051510).\n\n - mtd: nandsim: remove debugfs entries in error path (bsc#1051510).\n\n - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510).\n\n - mtd: nand: sunxi: fix potential divide-by-zero error (bsc#1051510).\n\n - mtd: nand: vf610: set correct ooblayout (bsc#1051510).\n\n - mtd: spi-nor: cadence-quadspi: Fix page fault kernel panic (bsc#1051510).\n\n - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic (bsc#1051510).\n\n - mtd: spi-nor: fsl-quadspi: fix read error for flash size larger than 16MB (bsc#1051510).\n\n - mtd: spi-nor: stm32-quadspi: Fix uninitialized error return code (bsc#1051510).\n\n - mv88e6060: disable hardware level MAC learning (bsc#1051510).\n\n - nbd: Use set_blocksize() to set device blocksize (bsc#1124984).\n\n - net: add uevent socket member (bsc#1122982).\n\n - net: aquantia: driver should correctly declare vlan_features bits (bsc#1051510).\n\n - net: aquantia: fixed instack structure overflow (git-fixes).\n\n - net: aquantia: Fix hardware DMA stream overload on large MRRS (bsc#1051510).\n\n - net: bcmgenet: abort suspend on error (bsc#1051510).\n\n - net: bcmgenet: code movement (bsc#1051510).\n\n - net: bcmgenet: fix OF child-node lookup (bsc#1051510).\n\n - net: bcmgenet: remove HFB_CTRL access (bsc#1051510).\n\n - net: bcmgenet: return correct value 'ret' from bcmgenet_power_down (bsc#1051510).\n\n - net: bridge: fix a bug on using a neighbour cache entry without checking its state (networking-stable-19_01_20).\n\n - net: bridge: Fix ethernet header pointer before check skb forwardable (networking-stable-19_01_26).\n\n - net: do not call update_pmtu unconditionally (bsc#1123456).\n\n - net: Do not default Cavium PTP driver to 'y' (bsc#1110096).\n\n - net: dp83640: expire old TX-skb (networking-stable-19_02_10).\n\n - net: dsa: mv88e6xxx: handle unknown duplex modes gracefully in mv88e6xxx_port_set_duplex (git-fixes).\n\n - net: dsa: mv88x6xxx: mv88e6390 errata (networking-stable-19_01_22).\n\n - net: dsa: slave: Do not propagate flag changes on down slave interfaces (networking-stable-19_02_10).\n\n - net: ena: fix race between link up and device initalization (bsc#1083548).\n\n - net: ena: update driver version from 2.0.2 to 2.0.3 (bsc#1129276 bsc#1125342).\n\n - netfilter: check for seqadj ext existence before adding it in nf_nat_setup_info (git-fixes).\n\n - netfilter: nf_tables: check the result of dereferencing base_chain->stats (git-fixes).\n\n - net: Fix usage of pskb_trim_rcsum (networking-stable-19_01_26).\n\n - net: ipv4: Fix memory leak in network namespace dismantle (networking-stable-19_01_26).\n\n - net/mlx4_core: Add masking for a few queries on HCA caps (networking-stable-19_02_01).\n\n - net/mlx4_core: Fix locking in SRIOV mode when switching between events and polling (git-fixes).\n\n - net/mlx4_core: Fix qp mtt size calculation (git-fixes).\n\n - net/mlx4_core: Fix reset flow when in command polling mode (git-fixes).\n\n - net/mlx5e: Allow MAC invalidation while spoofchk is ON (networking-stable-19_02_01).\n\n - net/mlx5e: IPoIB, Fix RX checksum statistics update (git-fixes).\n\n - net/mlx5e: RX, Fix wrong early return in receive queue poll (bsc#1046305).\n\n - net/mlx5: fix uaccess beyond 'count' in debugfs read/write handlers (git-fixes).\n\n - net/mlx5: Release resource on error flow (git-fixes).\n\n - net/mlx5: Return success for PAGE_FAULT_RESUME in internal error state (git-fixes).\n\n - net/mlx5: Use multi threaded workqueue for page fault handling (git-fixes).\n\n - net/ncsi: Fix AEN HNCDSC packet length (git-fixes).\n\n - net/ncsi: Stop monitor if channel times out or is inactive (git-fixes).\n\n - net: netem: fix skb length BUG_ON in __skb_to_sgvec (git-fixes).\n\n - netns: restrict uevents (bsc#1122982).\n\n - net: phy: marvell: Errata for mv88e6390 internal PHYs (networking-stable-19_01_26).\n\n - net: phy: mdio_bus: add missing device_del() in mdiobus_register() error handling (networking-stable-19_01_26).\n\n - net: phy: Micrel KSZ8061: link failure after cable connect (git-fixes).\n\n - netrom: switch to sock timer API (bsc#1051510).\n\n - net/rose: fix NULL ax25_cb kernel panic (networking-stable-19_02_01).\n\n - net/sched: act_tunnel_key: fix memory leak in case of action replace (networking-stable-19_01_26).\n\n - net_sched: refetch skb protocol for each filter (networking-stable-19_01_26).\n\n - net: set default network namespace in init_dummy_netdev() (networking-stable-19_02_01).\n\n - net: stmmac: Fix a race in EEE enable callback (git-fixes).\n\n - net: stmmac: fix broken dma_interrupt handling for multi-queues (git-fixes).\n\n - net: stmmac: handle endianness in dwmac4_get_timestamp (git-fixes).\n\n - net: stmmac: Use mutex instead of spinlock (git-fixes).\n\n - net-sysfs: Fix mem leak in netdev_register_kobject (git-fixes).\n\n - net: systemport: Fix WoL with password after deep sleep (networking-stable-19_02_10).\n\n - net: thunderx: fix NULL pointer dereference in nic_remove (git-fixes).\n\n - nfit: acpi_nfit_ctl(): Check out_obj->type in the right place (bsc#1129547).\n\n - nfit/ars: Attempt a short-ARS whenever the ARS state is idle at boot (bsc#1051510).\n\n - nfit/ars: Attempt short-ARS even in the no_init_ars case (bsc#1051510).\n\n - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes).\n\n - nfsd: fix memory corruption caused by readdir (bsc#1127445).\n\n - niu: fix missing checks of niu_pci_eeprom_read (bsc#1051510).\n\n - ntb_transport: Fix bug with max_mw_size parameter (bsc#1051510).\n\n - nvme-fc: reject reconnect if io queue count is reduced to zero (bsc#1128351).\n\n - nvme: flush namespace scanning work just before removing namespaces (bsc#1108101).\n\n - nvme: kABI fix for scan_lock (bsc#1123882).\n\n - nvme: lock NS list changes while handling command effects (bsc#1123882).\n\n - nvme-loop: fix kernel oops in case of unhandled command (bsc#1126807).\n\n - nvme-multipath: drop optimization for static ANA group IDs (bsc#1113939).\n\n - nvme-pci: fix out of bounds access in nvme_cqe_pending (bsc#1127595).\n\n - nvme: schedule requeue whenever a LIVE state is entered (bsc#1123105).\n\n - of, numa: Validate some distance map rules (bsc#1051510).\n\n - of: unittest: Disable interrupt node tests for old world MAC systems (bsc#1051510).\n\n - openvswitch: Avoid OOB read when parsing flow nlattrs (bsc#1051510).\n\n - openvswitch: fix the incorrect flow action alloc size (bsc#1051510).\n\n - openvswitch: Remove padding from packet before L3+ conntrack processing (bsc#1051510).\n\n - parport_pc: fix find_superio io compare code, should use equal test (bsc#1051510).\n\n - Partially revert 'block: fail op_is_write() requests to (bsc#1125252).\n\n - pci: add USR vendor id and use it in r8169 and w6692 driver (networking-stable-19_01_22).\n\n - pci: designware-ep: dw_pcie_ep_set_msi() should only set MMC bits (bsc#1051510).\n\n - pci: endpoint: functions: Use memcpy_fromio()/memcpy_toio() (bsc#1051510).\n\n - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle 1792 vcpus (bsc#1122822).\n\n - pci/pme: Fix hotplug/sysfs remove deadlock in pcie_pme_remove() (bsc#1051510).\n\n - pci: qcom: Do not deassert reset GPIO during probe (bsc#1129281).\n\n - pcrypt: use format specifier in kobject_add (bsc#1051510).\n\n - perf/x86: Add sysfs entry to freeze counters on SMI (bsc#1121805).\n\n - perf/x86/intel: Delay memory deallocation until x86_pmu_dead_cpu() (bsc#1121805).\n\n - perf/x86/intel: Do not enable freeze-on-smi for PerfMon V1 (bsc#1121805).\n\n - perf/x86/intel: Fix memory corruption (bsc#1121805).\n\n - perf/x86/intel: Generalize dynamic constraint creation (bsc#1121805).\n\n - perf/x86/intel: Implement support for TSX Force Abort (bsc#1121805).\n\n - perf/x86/intel: Make cpuc allocations consistent (bsc#1121805).\n\n - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33 when driving VBUS (bsc#1051510).\n\n - phy: qcom-qmp: Fix failure path in phy_init functions (bsc#1051510).\n\n - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510).\n\n - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role sysfs (bsc#1051510).\n\n - phy: rockchip-emmc: retry calpad busy trimming (bsc#1051510).\n\n - phy: sun4i-usb: add support for missing USB PHY index (bsc#1051510).\n\n - phy: tegra: remove redundant self assignment of 'map' (bsc#1051510).\n\n - phy: work around 'phys' references to usb-nop-xceiv devices (bsc#1051510).\n\n - pinctrl: max77620: Use define directive for max77620_pinconf_param values (bsc#1051510).\n\n - pinctrl: meson: fix pull enable register calculation (bsc#1051510).\n\n - pinctrl: meson: meson8b: fix the GPIO function for the GPIOAO pins (bsc#1051510).\n\n - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins (bsc#1051510).\n\n - pinctrl: meson: meson8: fix the GPIO function for the GPIOAO pins (bsc#1051510).\n\n - pinctrl: msm: fix gpio-hog related boot issues (bsc#1051510).\n\n - pinctrl: sh-pfc: emev2: Add missing pinmux functions (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to lcd0_data24_1 group (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to gether_gmii group (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from qspi_data4_b group (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7791: Remove bogus marks from vin1_b_data18 group (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field (bsc#1051510).\n\n - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration (bsc#1051510).\n\n - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field (bsc#1051510).\n\n - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3 group (bsc#1051510).\n\n - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups (bsc#1051510).\n\n - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field (bsc#1051510).\n\n - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 (bsc#1051510).\n\n - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value (bsc#1051510).\n\n - pinctrl: sunxi: a64: Rename function csi0 to csi (bsc#1051510).\n\n - pinctrl: sunxi: a64: Rename function ts0 to ts (bsc#1051510).\n\n - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11 (bsc#1051510).\n\n - pinctrl: sx150x: handle failure case of devm_kstrdup (bsc#1051510).\n\n - pktcdvd: Fix possible Spectre-v1 for pkt_devs (bsc#1051510).\n\n - platform/x86: Fix unmet dependency warning for SAMSUNG_Q10 (bsc#1051510).\n\n - pm / wakeup: Rework wakeup source timer cancellation (bsc#1051510).\n\n - powercap: intel_rapl: add support for Jacobsville ().\n\n - powerpc/64s: Clear on-stack exception marker upon exception return (bsc#1071995).\n\n - powerpc/livepatch: relax reliable stack tracer checks for first-frame (bsc#1071995).\n\n - powerpc/livepatch: small cleanups in save_stack_trace_tsk_reliable() (bsc#1071995).\n\n - powerpc/pseries: export timebase register sample in lparcfg (bsc#1127750).\n\n - powerpc/pseries/mce: Fix misleading print for TLB mutlihit (bsc#1094244, git-fixes).\n\n - powerpc/pseries: Perform full re-add of CPU for topology update post-migration (bsc#1125728).\n\n - power: supply: charger-manager: Fix incorrect return value (bsc#1051510).\n\n - pptp: dst_release sk_dst_cache in pptp_sock_destruct (git-fixes).\n\n - proc/sysctl: do not return ENOMEM on lookup when a table is unregistering (git-fixes).\n\n - pseries/energy: Use OF accessor function to read ibm,drc-indexes (bsc#1129080).\n\n - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl (bsc#1051510).\n\n - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register (bsc#1051510).\n\n - pwm-backlight: Enable/disable the PWM before/after LCD enable toggle (bsc#1051510).\n\n - qmi_wwan: add MTU default to qmap network interface (networking-stable-19_01_22).\n\n - qmi_wwan: apply SET_DTR quirk to Sierra WP7607 (bsc#1051510).\n\n - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup (bsc#1051510).\n\n - r8169: Add support for new Realtek Ethernet (networking-stable-19_01_22).\n\n - r8169: use PCI_VDEVICE macro (networking-stable-19_01_22).\n\n - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING is set (bsc#1125797).\n\n - rcu: Fix up pending cbs check in rcu_prepare_for_idle (git fixes (kernel/rcu)).\n\n - rcu: Make need_resched() respond to urgent RCU-QS needs (git fixes (kernel/rcu)).\n\n - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285).\n\n - Refresh patches.suse/scsi-do-not-print-reservation-conflict-for- TEST-UNIT.patch (bsc#1119843)\n\n - regulator: act8865: Fix act8600_sudcdc_voltage_ranges setting (bsc#1051510).\n\n - regulator: max77620: Initialize values for DT properties (bsc#1051510).\n\n - regulator: pv88060: Fix array out-of-bounds access (bsc#1051510).\n\n - regulator: pv88080: Fix array out-of-bounds access (bsc#1051510).\n\n - regulator: pv88090: Fix array out-of-bounds access (bsc#1051510).\n\n - regulator: s2mpa01: Fix step values for some LDOs (bsc#1051510).\n\n - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35 (bsc#1051510).\n\n - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim from mA to uA (bsc#1051510).\n\n - Remove blacklist of virtio patch so we can install it (bsc#1114585)\n\n - Remove patches rejected upstream ().\n\n - Revert drm/i915 patches that caused regressions (bsc#1131062)\n\n - Revert 'drm/rockchip: Allow driver to be shutdown on reboot/kexec' (bsc#1051510).\n\n - Revert 'Input: elan_i2c - add ACPI ID for touchpad in ASUS Aspire F5-573G' (bsc#1051510).\n\n - Revert 'ipv4: keep skb->dst around in presence of IP options' (git-fixes).\n\n - Revert 'openvswitch: Fix template leak in error cases.' (bsc#1051510).\n\n - Revert 'scsi: qla2xxx: Fix NVMe Target discovery' (bsc#1125252).\n\n - Revert 'sd: disable logical block provisioning if 'lbpme' is not set' This reverts commit e365f138cb9c9c48b710864a9f37a91b4b93381d. Patch not accepted upstream.\n\n - Revert the previous merge of drm fixes The branch was merged mistakenly and breaks the build. Revert it.\n\n - Revert 'xhci: Reset Renesas uPD72020x USB controller for 32-bit DMA issue' (bsc#1120854).\n\n - rhashtable: Still do rehash when we get EEXIST (bsc#1051510).\n\n - rocker: fix rocker_tlv_put_* functions for KASAN (bsc#1051510).\n\n - rpm/kernel-source.changes.old: Really drop old changelogs (bsc#1098995)\n\n - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620 (bsc#1120902).\n\n - rtc: 88pm80x: fix unintended sign extension (bsc#1051510).\n\n - rtc: 88pm860x: fix unintended sign extension (bsc#1051510).\n\n - rtc: cmos: ignore bogus century byte (bsc#1051510).\n\n - rtc: ds1672: fix unintended sign extension (bsc#1051510).\n\n - rtc: Fix overflow when converting time64_t to rtc_time (bsc#1051510).\n\n - rtc: pm8xxx: fix unintended sign extension (bsc#1051510).\n\n - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event process back in rtnetlink_event (git-fixes).\n\n - rtnetlink: bring NETDEV_CHANGEUPPER event process back in rtnetlink_event (git-fixes).\n\n - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process back in rtnetlink_event (git-fixes).\n\n - rtnetlink: check DO_SETLINK_NOTIFY correctly in do_setlink (git-fixes).\n\n - rxrpc: bad unlock balance in rxrpc_recvmsg (networking-stable-19_02_10).\n\n - s390/cio: Fix how vfio-ccw checks pinned pages (git-fixes).\n\n - s390/cpum_cf: Reject request for sampling in event initialization (git-fixes).\n\n - s390/early: improve machine detection (git-fixes).\n\n - s390/mm: always force a load of the primary ASCE on context switch (git-fixes).\n\n - s390/mm: fix addressing exception after suspend/resume (bsc#1125252).\n\n - s390/qeth: cancel close_dev work before removing a card (LTC#175898, bsc#1127561).\n\n - s390/qeth: conclude all event processing before offlining a card (LTC#175901, bsc#1127567).\n\n - s390/qeth: fix use-after-free in error path (bsc#1127534).\n\n - s390/qeth: invoke softirqs after napi_schedule() (git-fixes).\n\n - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU (git-fixes).\n\n - s390/smp: fix CPU hotplug deadlock with CPU rescan (git-fixes).\n\n - s390/sthyi: Fix machine name validity indication (git-fixes).\n\n - sata_rcar: fix deferred probing (bsc#1051510).\n\n - sc16is7xx: Fix for multi-channel stall (bsc#1051510).\n\n - sched: Do not re-read h_load_next during hierarchical load calculation (bnc#1120909).\n\n - sched/wake_q: Document wake_q_add() (bsc#1050549).\n\n - sched/wake_q: Fix wakeup ordering for wake_q (bsc#1050549).\n\n - sched/wake_q: Reduce reference counting for special users (bsc#1050549).\n\n - sch_multiq: fix double free on init failure (bsc#1051510).\n\n - scripts/git_sort/git_sort.py: add vfs 'fixes' branch\n\n - scsi: core: reset host byte in DID_NEXUS_FAILURE case (bsc#1122764).\n\n - scsi: csiostor: remove flush_scheduled_work() (bsc#1127363).\n\n - scsi: fix queue cleanup race before queue initialization is done (bsc#1125252).\n\n - scsi: ibmvscsi: Fix empty event pool access during host removal (bsc#1119019).\n\n - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent modificaiton (bsc#1119019).\n\n - scsi: libiscsi: fix possible NULL pointer dereference in case of TMF (bsc#1127378).\n\n - scsi: libiscsi: Fix race between iscsi_xmit_task and iscsi_complete_task (bsc#1122192).\n\n - scsi: lpfc: Add log messages to aid in debugging fc4type discovery issues (bsc#1121317).\n\n - scsi: lpfc: Correct MDS loopback diagnostics support (bsc#1121317).\n\n - scsi: lpfc: do not set queue->page_count to 0 if pc_sli4_params.wqpcnt is invalid (bsc#1121317).\n\n - scsi: lpfc: Fix discovery failure when PLOGI is defered (bsc#1121317).\n\n - scsi: lpfc: Fix link state reporting for trunking when adapter is offline (bsc#1121317).\n\n - scsi: lpfc: fix remoteport access (bsc#1125252).\n\n - scsi: lpfc: remove an unnecessary NULL check (bsc#1121317).\n\n - scsi: lpfc: update fault value on successful trunk events (bsc#1121317).\n\n - scsi: lpfc: Update lpfc version to 12.0.0.10 (bsc#1121317).\n\n - scsi: mpt3sas: Add ioc_<level> logging macros (bsc#1117108).\n\n - scsi: mpt3sas: Annotate switch/case fall-through (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and reply_q_name to %s: (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT without logging levels (bsc#1117108).\n\n - scsi: mpt3sas: Convert mlsleading uses of pr_<level> with MPT3SAS_FMT (bsc#1117108).\n\n - scsi: mpt3sas: Convert uses of pr_<level> with MPT3SAS_FMT to ioc_<level> (bsc#1117108).\n\n - scsi: mpt3sas: Fix a race condition in mpt3sas_base_hard_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Fix indentation (bsc#1117108).\n\n - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108).\n\n - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd (bsc#1117108).\n\n - scsi: mpt3sas: Remove KERN_WARNING from panic uses (bsc#1117108).\n\n - scsi: mpt3sas: Remove set-but-not-used variables (bsc#1117108).\n\n - scsi: mpt3sas: Remove unnecessary parentheses and simplify null checks (bsc#1117108).\n\n - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT (bsc#1117108).\n\n - scsi: mpt3sas: Split _base_reset_handler(), mpt3sas_scsih_reset_handler() and mpt3sas_ctl_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Swap I/O memory read value back to cpu endianness (bsc#1117108).\n\n - scsi: mpt3sas: switch to generic DMA API (bsc#1117108).\n\n - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108).\n\n - scsi: mptsas: Fixup device hotplug for VMware ESXi (bsc#1129046).\n\n - scsi: qla2xxx: Enable FC-NVME on NPIV ports (bsc#1094555).\n\n - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC (bsc#1094555).\n\n - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port (bsc#1094555).\n\n - scsi: qla2xxx: Fix NPIV handling for FC-NVMe (bsc#1094555).\n\n - scsi: qla2xxx: Initialize port speed to avoid setting lower speed (bsc#1094555).\n\n - scsi: qla2xxx: Modify fall-through annotations (bsc#1094555).\n\n - scsi: qla2xxx: Remove unnecessary self assignment (bsc#1094555).\n\n - scsi: qla2xxx: Simplify conditional check (bsc#1094555).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.12-k (bsc#1094555).\n\n - scsi: storvsc: Fix a race in sub-channel creation that can cause panic ().\n\n - scsi: sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() (bsc#1125315).\n\n - scsi: virtio_scsi: fix pi_bytes(out,in) on 4 KiB block size devices (bsc#1114585).\n\n - sctp: add a ceiling to optlen in some sockopts (bnc#1129163).\n\n - sctp: improve the events for sctp stream adding (networking-stable-19_02_01).\n\n - sctp: improve the events for sctp stream reset (networking-stable-19_02_01).\n\n - sd: disable logical block provisioning if 'lbpme' is not set (bsc#1086095 bsc#1078355).\n\n - selftests/livepatch: add DYNAMIC_DEBUG config dependency (bsc#1071995).\n\n - selftests/livepatch: introduce tests (bsc#1071995).\n\n - selinux: always allow mounting submounts (bsc#1051510).\n\n - seq_buf: Make seq_buf_puts() null-terminate the buffer (bsc#1051510).\n\n - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart (bsc#1051510).\n\n - serial: 8250_pci: Fix number of ports for ACCES serial cards (bsc#1051510).\n\n - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() (bsc#1051510).\n\n - serial: fix race between flush_to_ldisc and tty_open (bsc#1051510).\n\n - serial: fsl_lpuart: clear parity enable bit when disable parity (bsc#1051510).\n\n - serial: fsl_lpuart: fix maximum acceptable baud rate with over-sampling (bsc#1051510).\n\n - serial: imx: Update cached mctrl value when changing RTS (bsc#1051510).\n\n - serial: uartps: Fix stuck ISR if RX disabled with non-empty FIFO (bsc#1051510).\n\n - skge: potential memory corruption in skge_get_regs() (bsc#1051510).\n\n - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79 (bsc#1051510).\n\n - sky2: Increase D3 delay again (bsc#1051510).\n\n - smb311: Improve checking of negotiate security contexts (bsc#1051510).\n\n - smb3: Enable encryption for SMB3.1.1 (bsc#1051510).\n\n - smb3: Fix 3.11 encryption to Windows and handle encrypted smb3 tcon (bsc#1051510).\n\n - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510).\n\n - smb3: remove noisy warning message on mount (bsc#1129664).\n\n - soc: bcm: brcmstb: Do not leak device tree node reference (bsc#1051510).\n\n - soc: fsl: qbman: avoid race in clearing QMan interrupt (bsc#1051510).\n\n - soc/tegra: Do not leak device tree node reference (bsc#1051510).\n\n - spi: pxa2xx: Setup maximum supported DMA transfer length (bsc#1051510).\n\n - spi: ti-qspi: Fix mmap read when more than one CS in use (bsc#1051510).\n\n - spi/topcliff_pch: Fix potential NULL dereference on allocation error (bsc#1051510).\n\n - splice: do not merge into linked buffers (git-fixes).\n\n - staging: comedi: ni_660x: fix missing break in switch statement (bsc#1051510).\n\n - staging:iio:ad2s90: Make probe handle spi_setup failure (bsc#1051510).\n\n - staging: iio: ad7780: update voltage on read (bsc#1051510).\n\n - staging: iio: adc: ad7280a: handle error from\n __ad7280_read32() (bsc#1051510).\n\n - staging: iio: adt7316: allow adt751x to use internal vref for all dacs (bsc#1051510).\n\n - staging: iio: adt7316: fix register and bit definitions (bsc#1051510).\n\n - staging: iio: adt7316: fix the dac read calculation (bsc#1051510).\n\n - staging: iio: adt7316: fix the dac write calculation (bsc#1051510).\n\n - staging: rtl8723bs: Fix build error with Clang when inlining is disabled (bsc#1051510).\n\n - staging: speakup: Replace strncpy with memcpy (bsc#1051510).\n\n - staging: wilc1000: fix to set correct value for 'vif_num' (bsc#1051510).\n\n - supported.conf\n\n - svm: Add mutex_lock to protect apic_access_page_done on AMD systems (bsc#1129285).\n\n - svm: Fix improper check when deactivate AVIC (bsc#1130335).\n\n - swiotlb: Add is_swiotlb_active() function (bsc#1120008).\n\n - swiotlb: Introduce swiotlb_max_mapping_size() (bsc#1120008).\n\n - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags overwrite (bsc#1051510).\n\n - switchtec: Remove immediate status check after submitting MRPC command (bsc#1051510).\n\n - sysfs: Disable lockdep for driver bind/unbind files (bsc#1051510).\n\n - tcp: batch tcp_net_metrics_exit (bsc#1122982).\n\n - tcp: change txhash on SYN-data timeout (networking-stable-19_01_20).\n\n - tcp: handle inet_csk_reqsk_queue_add() failures (git-fixes).\n\n - team: avoid complex list operations in team_nl_cmd_options_set() (bsc#1051510).\n\n - team: Free BPF filter when unregistering netdev (bsc#1051510).\n\n - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs (bsc#1051510).\n\n - thermal: do not clear passive state during system sleep (bsc#1051510).\n\n - thermal/drivers/hisi: Encapsulate register writes into helpers (bsc#1051510).\n\n - thermal/drivers/hisi: Fix configuration register setting (bsc#1051510).\n\n - thermal: generic-adc: Fix adc to temp interpolation (bsc#1051510).\n\n - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON is not set (bsc#1051510).\n\n - thermal/intel_powerclamp: fix truncated kthread name ().\n\n - thermal: mediatek: fix register index error (bsc#1051510).\n\n - timekeeping: Use proper seqcount initializer (bsc#1051510).\n\n - tipc: eliminate KMSAN uninit-value in strcmp complaint (bsc#1051510).\n\n - tipc: error path leak fixes in tipc_enable_bearer() (bsc#1051510).\n\n - tipc: fix a race condition of releasing subscriber object (bsc#1051510).\n\n - tipc: fix bug in function tipc_nl_node_dump_monitor (bsc#1051510).\n\n - tipc: fix infinite loop when dumping link monitor summary (bsc#1051510).\n\n - tipc: fix RDM/DGRAM connect() regression (bsc#1051510).\n\n - tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bsc#1051510).\n\n - tipc: fix uninit-value in tipc_nl_compat_doit (bsc#1051510).\n\n - tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bsc#1051510).\n\n - tipc: fix uninit-value in tipc_nl_compat_link_set (bsc#1051510).\n\n - tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bsc#1051510).\n\n - tpm: fix kdoc for tpm2_flush_context_cmd() (bsc#1051510).\n\n - tpm: Fix some name collisions with drivers/char/tpm.h (bsc#1051510).\n\n - tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented (bsc#1051510).\n\n - tpm: Return the actual size when receiving an unsupported command (bsc#1051510).\n\n - tpm: suppress transmit cmd error logs when TPM 1.2 is disabled/deactivated (bsc#1051510).\n\n - tpm_tis_spi: Pass the SPI IRQ down to the driver (bsc#1051510).\n\n - tpm/tpm_crb: Avoid unaligned reads in crb_recv() (bsc#1051510).\n\n - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) (bsc#1051510).\n\n - tpm: tpm_i2c_nuvoton: use correct command duration for TPM 2.x (bsc#1051510).\n\n - tpm: tpm_try_transmit() refactor error flow (bsc#1051510).\n\n - tracing: Do not free iter->trace in fail path of tracing_open_pipe() (bsc#1129581).\n\n - tracing/uprobes: Fix output for multiple string arguments (bsc#1126495).\n\n - tracing: Use strncpy instead of memcpy for string keys in hist triggers (bsc#1129625).\n\n - Tree connect for SMB3.1.1 must be signed for non-encrypted shares (bsc#1051510).\n\n - tty: ipwireless: Fix potential NULL pointer dereference (bsc#1051510).\n\n - tty: serial: samsung: Properly set flags in autoCTS mode (bsc#1051510).\n\n - ucc_geth: Reset BQL queue when stopping device (networking-stable-19_02_01).\n\n - ucma: fix a use-after-free in ucma_resolve_ip() (bsc#1051510).\n\n - uevent: add alloc_uevent_skb() helper (bsc#1122982).\n\n - uio: Reduce return paths from uio_write() (bsc#1051510).\n\n - Update config files. Remove conditional support for SMB2 and SMB3 :\n\n - Update patches.arch/s390-sles15-zcrypt-fix-specification-except ion.patch (LTC#174936, bsc#1123060, bsc#1123061).\n\n - Update patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch (bsc#1051510, bsc#1121789).\n\n - Update patches.fixes/acpi-nfit-Fix-command-supported-detection.\n patch (bsc#1051510, bsc#1121789). Add more detailed bugzilla reference.\n\n - uprobes: Fix handle_swbp() vs. unregister() + register() race once more (bsc#1051510).\n\n - usb: Add new USB LPM helpers (bsc#1120902).\n\n - usb: cdc-acm: fix race during wakeup blocking TX traffic (bsc#1129770).\n\n - usb: common: Consider only available nodes for dr_mode (bsc#1129770).\n\n - usb: Consolidate LPM checks to avoid enabling LPM twice (bsc#1120902).\n\n - usb: core: only clean up what we allocated (bsc#1051510).\n\n - usb: dwc3: Correct the logic for checking TRB full in\n __dwc3_prepare_one_trb() (bsc#1051510).\n\n - usb: dwc3: gadget: Disable CSP for stream OUT ep (bsc#1051510).\n\n - usb: dwc3: gadget: Fix the uninitialized link_state when udc starts (bsc#1051510).\n\n - usb: dwc3: gadget: Handle 0 xfer length for OUT EP (bsc#1051510).\n\n - usb: dwc3: gadget: synchronize_irq dwc irq in suspend (bsc#1051510).\n\n - usb: gadget: f_hid: fix deadlock in f_hidg_write() (bsc#1129770).\n\n - usb: gadget: musb: fix short isoc packets with inventra dma (bsc#1051510).\n\n - usb: gadget: Potential NULL dereference on allocation error (bsc#1051510).\n\n - usb: gadget: udc: net2272: Fix bitwise and boolean operations (bsc#1051510).\n\n - usb: hub: delay hub autosuspend if USB3 port is still link training (bsc#1051510).\n\n - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable) (bsc#1051510).\n\n - usb: musb: dsps: fix otg state machine (bsc#1051510).\n\n - usb: musb: dsps: fix runtime pm for peripheral mode (bsc#1120902).\n\n - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510).\n\n - usb: phy: am335x: fix race condition in _probe (bsc#1051510).\n\n - usb: phy: fix link errors (bsc#1051510).\n\n - usb: phy: twl6030-usb: fix possible use-after-free on remove (bsc#1051510).\n\n - usb: serial: cp210x: add ID for Ingenico 3070 (bsc#1129770).\n\n - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 (bsc#1129770).\n\n - usb: serial: mos7720: fix mos_parport refcount imbalance on error path (bsc#1129770).\n\n - usb: serial: option: add Telit ME910 ECM composition (bsc#1129770).\n\n - usb: serial: option: set driver_info for SIM5218 and compatibles (bsc#1129770).\n\n - usb: serial: pl2303: add new PID to support PL2303TB (bsc#1051510).\n\n - usb: serial: simple: add Motorola Tetra TPG2200 device id (bsc#1051510).\n\n - veth: set peer GSO values (bsc#1051510).\n\n - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes).\n\n - vfio: ccw: process ssch with interrupts disabled (git-fixes).\n\n - vfs: Add iomap_seek_hole and iomap_seek_data helpers (bsc#1070995).\n\n - vfs: Add page_cache_seek_hole_data helper (bsc#1070995).\n\n - vfs: in iomap seek_(hole,data), return -ENXIO for negative offsets (bsc#1070995).\n\n - vhost: correctly check the return value of translate_desc() in log_used() (bsc#1051510).\n\n - vhost: log dirty page correctly (networking-stable-19_01_26).\n\n - vhost/vsock: fix uninitialized vhost_vsock->guest_cid (bsc#1051510).\n\n - video: clps711x-fb: release disp device node in probe() (bsc#1051510).\n\n - virtio-blk: Consider virtio_max_dma_size() for maximum segment size (bsc#1120008).\n\n - virtio: Introduce virtio_max_dma_size() (bsc#1120008).\n\n - virtio_net: Do not call free_old_xmit_skbs for xdp_frames (networking-stable-19_02_01).\n\n - virtio/s390: avoid race on vcdev->config (git-fixes).\n\n - virtio/s390: fix race in ccw_io_helper() (git-fixes).\n\n - vmci: Support upto 64-bit PPNs (bsc#1127286).\n\n - vsock: cope with memory allocation failure at socket creation time (bsc#1051510).\n\n - vxge: ensure data0 is initialized in when fetching firmware version information (bsc#1051510).\n\n - vxlan: Fix GRO cells race condition between receive and link delete (git-fixes).\n\n - vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (git-fixes).\n\n - vxlan: update skb dst pmtu on tx path (bsc#1123456).\n\n - w90p910_ether: remove incorrect __init annotation (bsc#1051510).\n\n - watchdog: docs: kernel-api: do not reference removed functions (bsc#1051510).\n\n - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805).\n\n - x86/a.out: Clear the dump structure initially (bsc#1114279).\n\n - x86/apic: Provide apic_ack_irq() (bsc#1122822).\n\n - x86/boot/e820: Avoid overwriting e820_table_firmware (bsc#1127154).\n\n - x86/boot/e820: Introduce the bootloader provided e820_table_firmware[] table (bsc#1127154).\n\n - x86/boot/e820: Rename the e820_table_firmware to e820_table_kexec (bsc#1127154).\n\n - x86/cpu: Add Atom Tremont (Jacobsville) ().\n\n - x86/CPU/AMD: Set the CPB bit unconditionally on F17h (bsc#1114279).\n\n - x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (bsc#1127307).\n\n - x86/Hyper-V: Set x2apic destination mode to physical when x2apic is available (bsc#1122822).\n\n - x86/kaslr: Fix incorrect i8254 outb() parameters (bsc#1114279).\n\n - x86/mce: Improve error message when kernel cannot recover, p2 (bsc#1114279).\n\n - x86/mtrr: Do not copy uninitialized gentry fields back to userspace (bsc#1114279).\n\n - x86/pkeys: Properly copy pkey state at fork() (bsc#1129366).\n\n - x86/platform/UV: Use efi_runtime_lock to serialise BIOS calls (bsc#1125614).\n\n - x86: respect memory size limiting via mem= parameter (bsc#1117645).\n\n - x86/vdso: Remove obsolete 'fake section table' reservation (bsc#1114279).\n\n - x86/xen: dont add memory above max allowed allocation (bsc#1117645).\n\n - xen, cpu_hotplug: Prevent an out of bounds access (bsc#1065600).\n\n - xen: fix dom0 boot on huge systems (bsc#1127836).\n\n - xen/manage: do not complain about an empty value in control/sysrq node (bsc#1065600).\n\n - xen: remove pre-xen3 fallback handlers (bsc#1065600).\n\n - xfs: add option to mount with barrier=0 or barrier=1 (bsc#1088133).\n\n - xfs: fix contiguous dquot chunk iteration livelock (bsc#1070995).\n\n - xfs: remove filestream item xfs_inode reference (bsc#1127961).\n\n - xfs: rewrite xfs_dq_get_next_id using xfs_iext_lookup_extent (bsc#1070995).\n\n - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA (bsc#1070995).\n\n - yama: Check for pid death before checking ancestry (bsc#1051510).\n\n - yam: fix a missing-check bug (bsc#1051510).\n\n - zswap: re-check zswap_is_full() after do zswap_shrink() (bsc#1051510).\n\n - x86/uaccess: Do not leak the AC flag into __put_user() value evaluation (bsc#1114279).", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-04-15T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-1193)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2024", "CVE-2019-3819", "CVE-2019-7308", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9213"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-1193.NASL", "href": "https://www.tenable.com/plugins/nessus/124050", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-1193.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124050);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2019-2024\", \"CVE-2019-3819\", \"CVE-2019-7308\", \"CVE-2019-8912\", \"CVE-2019-8980\", \"CVE-2019-9213\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-1193)\");\n script_summary(english:\"Check for the openSUSE-2019-1193 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 was updated to receive various security and\nbugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-2024: A use-after-free when disconnecting a\n source was fixed which could lead to crashes.\n bnc#1129179).\n\n - CVE-2019-3819: A flaw was found in the Linux kernel in\n the function hid_debug_events_read() in\n drivers/hid/hid-debug.c file which may enter an infinite\n loop with certain parameters passed from a userspace. A\n local privileged user ('root') can cause a system lock\n up and a denial of service. Versions from v4.18 and\n newer are vulnerable (bnc#1123161).\n\n - CVE-2019-7308: kernel/bpf/verifier.c performed\n undesirable out-of-bounds speculation on pointer\n arithmetic in various cases, including cases of\n different branches with different state or limits to\n sanitize, leading to side-channel attacks (bnc#1124055).\n\n - CVE-2019-8912: af_alg_release() in crypto/af_alg.c\n neglected to set a NULL value for a certain structure\n member, which leads to a use-after-free in\n sockfs_setattr (bnc#1125907).\n\n - CVE-2019-8980: A memory leak in the kernel_read_file\n function in fs/exec.c allowed attackers to cause a\n denial of service (memory consumption) by triggering\n vfs_read failures (bnc#1126209).\n\n - CVE-2019-9213: expand_downwards in mm/mmap.c lacked a\n check for the mmap minimum address, which made it easier\n for attackers to exploit kernel NULL pointer\n dereferences on non-SMAP platforms. This is related to a\n capability check for the wrong task (bnc#1128166).\n\nThe following non-security bugs were fixed :\n\n - 9p/net: fix memory leak in p9_client_create\n (bsc#1051510).\n\n - 9p: use inode->i_lock to protect i_size_write() under\n 32-bit (bsc#1051510).\n\n - acpi: acpi_pad: Do not launch acpi_pad threads on idle\n cpus (bsc#1113399).\n\n - acpi/APEI: Clear GHES block_status before panic()\n (bsc#1051510).\n\n - acpi/device_sysfs: Avoid OF modalias creation for\n removed device (bsc#1051510).\n\n - acpi/nfit: Fix bus command validation (bsc#1051510).\n\n - acpi: NUMA: Use correct type for printing addresses on\n i386-PAE (bsc#1051510).\n\n - acpi / video: Extend chassis-type detection with a\n 'Lunch Box' check (bsc#1051510).\n\n - acpi / video: Refactor and fix dmi_is_desktop()\n (bsc#1051510).\n\n - alsa: bebob: use more identical mod_alias for Saffire\n Pro 10 I/O against Liquid Saffire 56 (bsc#1051510).\n\n - alsa: compress: prevent potential divide by zero bugs\n (bsc#1051510).\n\n - alsa: echoaudio: add a check for ioremap_nocache\n (bsc#1051510).\n\n - alsa: firewire: add const qualifier to identifiers for\n read-only symbols (bsc#1051510).\n\n - alsa: firewire-motu: add a flag for AES/EBU on XLR\n interface (bsc#1051510).\n\n - alsa: firewire-motu: add specification flag for position\n of flag for MIDI messages (bsc#1051510).\n\n - alsa: firewire-motu: add support for MOTU Audio Express\n (bsc#1051510).\n\n - alsa: firewire-motu: add support for Motu Traveler\n (bsc#1051510).\n\n - alsa: firewire-motu: fix construction of PCM frame for\n capture direction (bsc#1051510).\n\n - alsa: firewire-motu: use 'version' field of unit\n directory to identify model (bsc#1051510).\n\n - alsa: hda - add Lenovo IdeaCentre B550 to the\n power_save_blacklist (bsc#1051510).\n\n - alsa: hda - Add quirk for HP EliteBook 840 G5\n (bsc#1051510).\n\n - alsa: hda - Enforces runtime_resume after S3 and S4 for\n each codec (bsc#1051510).\n\n - alsa: hda/realtek - Add support for Acer Aspire\n E5-523G/ES1-432 headset mic (bsc#1051510).\n\n - alsa: hda/realtek: Disable PC beep in passthrough on\n alc285 (bsc#1051510).\n\n - alsa: hda/realtek: Enable ASUS X441MB and X705FD headset\n MIC with ALC256 (bsc#1051510).\n\n - alsa: hda/realtek: Enable audio jacks of ASUS UX362FA\n with ALC294 (bsc#1051510).\n\n - alsa: hda/realtek: Enable headset MIC of Acer AIO with\n ALC286 (bsc#1051510).\n\n - alsa: hda/realtek: Enable headset MIC of Acer Aspire\n Z24-890 with ALC286 (bsc#1051510).\n\n - alsa: hda/realtek: Enable headset mic of ASUS P5440FF\n with ALC256 (bsc#1051510).\n\n - alsa: hda/realtek - Headset microphone and internal\n speaker support for System76 oryp5 (bsc#1051510).\n\n - alsa: hda/realtek - Headset microphone support for\n System76 darp5 (bsc#1051510).\n\n - alsa: hda/realtek - Reduce click noise on Dell Precision\n 5820 headphone (bsc#1126131).\n\n - alsa: hda - Record the current power state before\n suspend/resume calls (bsc#1051510).\n\n - alsa: opl3: fix mismatch between snd_opl3_drum_switch\n definition and declaration (bsc#1051510).\n\n - alsa: pcm: Do not suspend stream in unrecoverable PCM\n state (bsc#1051510).\n\n - alsa: pcm: Fix possible OOB access in PCM oss plugins\n (bsc#1051510).\n\n - alsa: rawmidi: Fix potential Spectre v1 vulnerability\n (bsc#1051510).\n\n - alsa: sb8: add a check for request_region (bsc#1051510).\n\n - alsa: seq: oss: Fix Spectre v1 vulnerability\n (bsc#1051510).\n\n - alsa: usb-audio: Fix implicit fb endpoint setup by quirk\n (bsc#1051510).\n\n - altera-stapl: check for a null key before strcasecmp'ing\n it (bsc#1051510).\n\n - apparmor: Fix aa_label_build() error handling for failed\n merges (bsc#1051510).\n\n - applicom: Fix potential Spectre v1 vulnerabilities\n (bsc#1051510).\n\n - aquantia: Setup max_mtu in ndev to enable jumbo frames\n (bsc#1051510).\n\n - arm64: fault: avoid send SIGBUS two times (bsc#1126393).\n\n - arm: 8808/1: kexec:offline panic_smp_self_stop CPU\n (bsc#1051510).\n\n - arm/arm64: KVM: Rename function\n kvm_arch_dev_ioctl_check_extension() (bsc#1126393).\n\n - arm: iop32x/n2100: fix PCI IRQ mapping (bsc#1051510).\n\n - arm: OMAP2+: hwmod: Fix some section annotations\n (bsc#1051510).\n\n - arm: pxa: avoid section mismatch warning (bsc#1051510).\n\n - arm: tango: Improve ARCH_MULTIPLATFORM compatibility\n (bsc#1051510).\n\n - ASoC: atom: fix a missing check of\n snd_pcm_lib_malloc_pages (bsc#1051510).\n\n - ASoC: dapm: change snprintf to scnprintf for possible\n overflow (bsc#1051510).\n\n - ASoC: fsl_esai: fix register setting issue in RIGHT_J\n mode (bsc#1051510).\n\n - ASoC: fsl: Fix SND_SOC_EUKREA_TLV320 build error on\n i.MX8M (bsc#1051510).\n\n - ASoC: imx-audmux: change snprintf to scnprintf for\n possible overflow (bsc#1051510).\n\n - ASoC: imx-sgtl5000: put of nodes if finding codec fails\n (bsc#1051510).\n\n - ASoC: Intel: Haswell/Broadwell: fix setting for .dynamic\n field (bsc#1051510).\n\n - ASoC: msm8916-wcd-analog: add missing license\n information (bsc#1051510).\n\n - ASoC: qcom: Fix of-node refcount unbalance in\n apq8016_sbc_parse_of() (bsc#1051510).\n\n - ASoC: rsnd: fixup rsnd_ssi_master_clk_start() user count\n check (bsc#1051510).\n\n - assoc_array: Fix shortcut creation (bsc#1051510).\n\n - ata: ahci: mvebu: remove stale comment (bsc#1051510).\n\n - ath9k: Avoid OF no-EEPROM quirks without qca,no-eeprom\n (bsc#1051510).\n\n - ath9k: dynack: check da->enabled first in sampling\n routines (bsc#1051510).\n\n - ath9k: dynack: make ewma estimation faster\n (bsc#1051510).\n\n - ath9k: dynack: use authentication messages for 'late'\n ack (bsc#1051510).\n\n - atm: he: fix sign-extension overflow on large shift\n (bsc#1051510).\n\n - auxdisplay: hd44780: Fix memory leak on ->remove()\n (bsc#1051510).\n\n - auxdisplay: ht16k33: fix potential user-after-free on\n module unload (bsc#1051510).\n\n - ax25: fix possible use-after-free (bsc#1051510).\n\n - backlight: pwm_bl: Use gpiod_get_value_cansleep() to get\n initial (bsc#1113722)\n\n - batman-adv: Avoid WARN on net_device without parent in\n netns (bsc#1051510).\n\n - batman-adv: fix uninit-value in batadv_interface_tx()\n (bsc#1051510).\n\n - batman-adv: Force mac header to start of data on xmit\n (bsc#1051510).\n\n - bio: Introduce BIO_ALLOCED flag and check it in bio_free\n (bsc#1128094).\n\n - blk-mq: fix a hung issue when fsync (bsc#1125252).\n\n - block_dev: fix crash on chained bios with O_DIRECT\n (bsc#1128094).\n\n - block_dev: fix crash on chained bios with O_DIRECT\n (bsc#1128094).\n\n - blockdev: Fix livelocks on loop device (bsc#1124984).\n\n - block: do not use bio->bi_vcnt to figure out segment\n number (bsc#1128895).\n\n - block: do not warn when doing fsync on read-only devices\n (bsc#1125252).\n\n - block/loop: Use global lock for ioctl() operation\n (bsc#1124974).\n\n - block: move bio_integrity_(intervals,bytes) into\n blkdev.h (bsc#1114585).\n\n - bluetooth: Fix decrementing reference count twice in\n releasing socket (bsc#1051510).\n\n - bluetooth: Fix locking in bt_accept_enqueue() for BH\n context (bsc#1051510).\n\n - bluetooth: Fix unnecessary error message for HCI request\n completion (bsc#1051510).\n\n - bluetooth: hci_ldisc: Initialize hci_dev before open()\n (bsc#1051510).\n\n - bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit\n set in hci_uart_set_proto() (bsc#1051510).\n\n - bnxt_en: Fix typo in firmware message timeout logic\n (bsc#1086282 ).\n\n - bnxt_en: Wait longer for the firmware message response\n to complete (bsc#1086282).\n\n - bpf: decrease usercnt if bpf_map_new_fd() fails in\n bpf_map_get_fd_by_id() (bsc#1083647).\n\n - bpf: drop refcount if bpf_map_new_fd() fails in\n map_create() (bsc#1083647).\n\n - bpf: fix lockdep false positive in percpu_freelist\n (bsc#1083647).\n\n - bpf: fix replace_map_fd_with_map_ptr's ldimm64 second\n imm field (bsc#1083647).\n\n - bpf: fix sanitation rewrite in case of non-pointers\n (bsc#1083647).\n\n - bpf: Fix syscall's stackmap lookup potential deadlock\n (bsc#1083647).\n\n - bpf, lpm: fix lookup bug in map_delete_elem\n (bsc#1083647).\n\n - bpf/verifier: fix verifier instability (bsc#1056787).\n\n - bsg: Do not copy sense if no response buffer is\n allocated (bsc#1106811,bsc#1126555).\n\n - btrfs: dedupe_file_range ioctl: remove 16MiB restriction\n (bsc#1127494).\n\n - btrfs: do not unnecessarily pass write_lock_level when\n processing leaf (bsc#1126802).\n\n - btrfs: ensure that a DUP or RAID1 block group has\n exactly two stripes (bsc#1128451).\n\n - btrfs: fix clone vs chattr NODATASUM race (bsc#1127497).\n\n - btrfs: fix corruption reading shared and compressed\n extents after hole punching (bsc#1126476).\n\n - btrfs: fix deadlock between clone/dedupe and rename\n (bsc#1130518).\n\n - btrfs: fix deadlock when allocating tree block during\n leaf/node split (bsc#1126806).\n\n - btrfs: fix deadlock when using free space tree due to\n block group creation (bsc#1126804).\n\n - btrfs: fix fsync after succession of renames and\n unlink/rmdir (bsc#1126488).\n\n - btrfs: fix fsync after succession of renames of\n different files (bsc#1126481).\n\n - btrfs: fix invalid-free in btrfs_extent_same\n (bsc#1127498).\n\n - btrfs: fix reading stale metadata blocks after degraded\n raid1 mounts (bsc#1126803).\n\n - btrfs: fix use-after-free of cmp workspace pages\n (bsc#1127603).\n\n - btrfs: grab write lock directly if write_lock_level is\n the max level (bsc#1126802).\n\n - btrfs: Improve btrfs_search_slot description\n (bsc#1126802).\n\n - btrfs: move get root out of btrfs_search_slot to a\n helper (bsc#1126802).\n\n - btrfs: qgroup: Cleanup old subtree swap code\n (bsc#1063638).\n\n - btrfs: qgroup: Do not trace subtree if we're dropping\n reloc tree (bsc#1063638).\n\n - btrfs: qgroup: Finish rescan when hit the last leaf of\n extent tree (bsc#1129327).\n\n - btrfs: qgroup: Introduce function to find all new tree\n blocks of reloc tree (bsc#1063638).\n\n - btrfs: qgroup: Introduce function to trace two swaped\n extents (bsc#1063638).\n\n - btrfs: qgroup: Introduce per-root swapped blocks\n infrastructure (bsc#1063638).\n\n - btrfs: qgroup: Introduce trace event to analyse the\n number of dirty extents accounted (bsc#1063638\n dependency).\n\n - btrfs: qgroup: Make qgroup async transaction commit more\n aggressive (bsc#1113042).\n\n - btrfs: qgroup: Only trace data extents in leaves if\n we're relocating data block group (bsc#1063638).\n\n - btrfs: qgroup: Refactor btrfs_qgroup_trace_subtree_swap\n (bsc#1063638).\n\n - btrfs: qgroup: Search commit root for rescan to avoid\n missing extent (bsc#1129326).\n\n - btrfs: qgroup: Use delayed subtree rescan for balance\n (bsc#1063638).\n\n - btrfs: qgroup: Use generation-aware subtree swap to mark\n dirty extents (bsc#1063638).\n\n - btrfs: quota: Set rescan progress to (u64)-1 if we hit\n last leaf (bsc#1129327).\n\n - btrfs: relocation: Delay reloc tree deletion after\n merge_reloc_roots (bsc#1063638).\n\n - btrfs: reloc: Fix NULL pointer dereference due to\n expanded reloc_root lifespan (bsc#1129497).\n\n - btrfs: remove always true check in unlock_up\n (bsc#1126802).\n\n - btrfs: remove superfluous free_extent_buffer in\n read_block_for_search (bsc#1126802).\n\n - btrfs: remove unnecessary level check in balance_level\n (bsc#1126802).\n\n - btrfs: remove unused check of skip_locking\n (bsc#1126802).\n\n - btrfs: reuse cmp workspace in EXTENT_SAME ioctl\n (bsc#1127495).\n\n - btrfs: send, fix race with transaction commits that\n create snapshots (bsc#1126802).\n\n - btrfs: simplify IS_ERR/PTR_ERR checks (bsc#1126481).\n\n - btrfs: split btrfs_extent_same (bsc#1127493).\n\n - btrfs: use kvzalloc for EXTENT_SAME temporary data\n (bsc#1127496).\n\n - btrfs: use more straightforward extent_buffer_uptodate\n check (bsc#1126802).\n\n - cdc-wdm: pass return value of recover_from_urb_loss\n (bsc#1051510).\n\n - ceph: avoid repeatedly adding inode to\n mdsc->snap_flush_list (bsc#1126790).\n\n - ceph: clear inode pointer when snap realm gets dropped\n by its inode (bsc#1125799).\n\n - cfg80211: extend range deviation for DMG (bsc#1051510).\n\n - ch: add missing mutex_lock()/mutex_unlock() in\n ch_release() (bsc#1124235).\n\n - ch: fixup refcounting imbalance for SCSI devices\n (bsc#1124235).\n\n - cifs: allow guest mounts to work for smb3.11\n (bsc#1051510).\n\n - cifs: Always resolve hostname before reconnecting\n (bsc#1051510).\n\n - cifs: connect to servername instead of IP for IPC$ share\n (bsc#1051510).\n\n - cifs: Fix NULL pointer dereference of devname\n (bnc#1129519).\n\n - cifs: invalidate cache when we truncate a file\n (bsc#1051510).\n\n - cifs: OFD locks do not conflict with eachothers\n (bsc#1051510).\n\n - clk: armada-370: fix refcount leak in a370_clk_init()\n (bsc#1051510).\n\n - clk: armada-xp: fix refcount leak in axp_clk_init()\n (bsc#1051510).\n\n - clk: clk-twl6040: Fix imprecise external abort for\n pdmclk (bsc#1051510).\n\n - clk: dove: fix refcount leak in dove_clk_init()\n (bsc#1051510).\n\n - clk: highbank: fix refcount leak in hb_clk_init()\n (bsc#1051510).\n\n - clk: imx6q: fix refcount leak in imx6q_clocks_init()\n (bsc#1051510).\n\n - clk: imx6sl: ensure MMDC CH0 handshake is bypassed\n (bsc#1051510).\n\n - clk: imx6sx: fix refcount leak in imx6sx_clocks_init()\n (bsc#1051510).\n\n - clk: imx7d: fix refcount leak in imx7d_clocks_init()\n (bsc#1051510).\n\n - clk: ingenic: Fix doc of ingenic_cgu_div_info\n (bsc#1051510).\n\n - clk: ingenic: Fix round_rate misbehaving with\n non-integer dividers (bsc#1051510).\n\n - clk: kirkwood: fix refcount leak in kirkwood_clk_init()\n (bsc#1051510).\n\n - clk: mv98dx3236: fix refcount leak in\n mv98dx3236_clk_init() (bsc#1051510).\n\n - clk: qoriq: fix refcount leak in clockgen_init()\n (bsc#1051510).\n\n - clk: samsung: exynos4: fix refcount leak in\n exynos4_get_xom() (bsc#1051510).\n\n - clk: socfpga: fix refcount leak (bsc#1051510).\n\n - clk: sunxi: A31: Fix wrong AHB gate number\n (bsc#1051510).\n\n - clk: sunxi-ng: a33: Set CLK_SET_RATE_PARENT for all\n audio module clocks (bsc#1051510).\n\n - clk: sunxi-ng: sun8i-a23: Enable PLL-MIPI LDOs when\n ungating it (bsc#1051510).\n\n - clk: sunxi-ng: v3s: Fix TCON reset de-assert bit\n (bsc#1051510).\n\n - clk: uniphier: Fix update register for CPU-gear\n (bsc#1051510).\n\n - clk: vc5: Abort clock configuration without upstream\n clock (bsc#1051510).\n\n - clk: vf610: fix refcount leak in vf610_clocks_init()\n (bsc#1051510).\n\n - clocksource/drivers/exynos_mct: Clear timer interrupt\n when shutdown (bsc#1051510).\n\n - clocksource/drivers/exynos_mct: Fix error path in timer\n resources initialization (bsc#1051510).\n\n - clocksource/drivers/exynos_mct: Move one-shot check from\n tick clear to ISR (bsc#1051510).\n\n - clocksource/drivers/integrator-ap: Add missing\n of_node_put() (bsc#1051510).\n\n - clocksource/drivers/sun5i: Fail gracefully when clock\n rate is unavailable (bsc#1051510).\n\n - configfs: fix registered group removal (bsc#1051510).\n\n - copy_mount_string: Limit string length to PATH_MAX\n (bsc#1082943).\n\n - cpcap-charger: generate events for userspace\n (bsc#1051510).\n\n - cpufreq: Cap the default transition delay value to 10 ms\n (bsc#1127042).\n\n - cpufreq: conservative: Take limits changes into account\n properly (bsc#1051510).\n\n - cpufreq: governor: Avoid accessing invalid governor_data\n (bsc#1051510).\n\n - cpufreq: governor: Drop min_sampling_rate (bsc#1127042).\n\n - cpufreq: governor: Ensure sufficiently large sampling\n intervals (bsc#1127042).\n\n - cpufreq: pxa2xx: remove incorrect __init annotation\n (bsc#1051510).\n\n - cpufreq: tegra124: add missing of_node_put()\n (bsc#1051510).\n\n - cpufreq: Use transition_delay_us for legacy governors as\n well (bsc#1127042).\n\n - cpuidle: big.LITTLE: fix refcount leak (bsc#1051510).\n\n - crypto: aes_ti - disable interrupts while accessing\n S-box (bsc#1051510).\n\n - crypto: ahash - fix another early termination in hash\n walk (bsc#1051510).\n\n - crypto: arm64/aes-ccm - fix logical bug in AAD MAC\n handling (bsc#1051510).\n\n - crypto: arm/crct10dif - revert to C code for short\n inputs (bsc#1051510).\n\n - crypto: brcm - Fix some set-but-not-used warning\n (bsc#1051510).\n\n - crypto: caam - fixed handling of sg list (bsc#1051510).\n\n - crypto: cavium/zip - fix collision with generic\n cra_driver_name (bsc#1051510).\n\n - crypto: crypto4xx - add missing of_node_put after\n of_device_is_available (bsc#1051510).\n\n - crypto: crypto4xx - Fix wrong\n ppc4xx_trng_probe()/ppc4xx_trng_remove() arguments\n (bsc#1051510).\n\n - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey()\n fails (bsc#1051510).\n\n - crypto: testmgr - skip crc32c context test for ahash\n algorithms (bsc#1051510).\n\n - crypto: tgr192 - fix unaligned memory access\n (bsc#1051510).\n\n - crypto: ux500 - Use proper enum in cryp_set_dma_transfer\n (bsc#1051510).\n\n - crypto: ux500 - Use proper enum in hash_set_dma_transfer\n (bsc#1051510).\n\n - cw1200: drop useless LIST_HEAD (bsc#1051510).\n\n - cw1200: Fix concurrency use-after-free bugs in\n cw1200_hw_scan() (bsc#1051510).\n\n - cw1200: fix missing unlock on error in cw1200_hw_scan()\n (bsc#1051510).\n\n - dccp: fool proof ccid_hc_[rt]x_parse_options()\n (bsc#1051510).\n\n - debugfs: fix debugfs_rename parameter checking\n (bsc#1051510).\n\n - device property: Fix the length used in\n PROPERTY_ENTRY_STRING() (bsc#1051510).\n\n - dlm: Do not swamp the CPU with callbacks queued during\n recovery (bsc#1051510).\n\n - dmaengine: at_hdmac: drop useless LIST_HEAD\n (bsc#1051510).\n\n - dmaengine: at_xdmac: Fix wrongfull report of a channel\n as in use (bsc#1051510).\n\n - dmaengine: bcm2835: Fix abort of transactions\n (bsc#1051510).\n\n - dmaengine: bcm2835: Fix interrupt race on RT\n (bsc#1051510).\n\n - dmaengine: dmatest: Abort test in case of mapping error\n (bsc#1051510).\n\n - dmaengine: dw: drop useless LIST_HEAD (bsc#1051510).\n\n - dmaengine: imx-dma: fix wrong callback invoke\n (bsc#1051510).\n\n - dmaengine: mv_xor: Use correct device for DMA API\n (bsc#1051510).\n\n - dmaengine: pl330: drop useless LIST_HEAD (bsc#1051510).\n\n - dmaengine: sa11x0: drop useless LIST_HEAD (bsc#1051510).\n\n - dmaengine: st_fdma: drop useless LIST_HEAD\n (bsc#1051510).\n\n - dmaengine: stm32-dma: fix incomplete configuration in\n cyclic mode (bsc#1051510).\n\n - dma: Introduce dma_max_mapping_size() (bsc#1120008).\n\n - doc: rcu: Suspicious RCU usage is a warning\n (bsc#1051510).\n\n - Do not log confusing message on reconnect by default\n (bsc#1129664).\n\n - driver core: Do not resume suppliers under\n device_links_write_lock() (bsc#1051510).\n\n - drivers: hv: vmbus: Check for ring when getting debug\n info (bsc#1126389, bsc#1126579).\n\n - drivers: hv: vmbus: preserve hv_ringbuffer_get_debuginfo\n kABI (bsc#1126389, bsc#1126579).\n\n - drivers: hv: vmbus: Return -EINVAL for the sys files for\n unopened channels (bsc#1126389, bsc#1126579).\n\n - drm/amdgpu: Add delay after enable RLC ucode\n (bsc#1051510).\n\n - drm/ast: Fix connector leak during driver unload\n (bsc#1051510).\n\n - drm/ast: fixed reading monitor EDID not stable issue\n (bsc#1051510).\n\n - drm/atomic-helper: Complete fake_commit->flip_done\n potentially earlier (bsc#1051510).\n\n - drm: Block fb changes for async plane updates\n (bsc#1051510).\n\n - drm/bridge: tc358767: add defines for DP1_SRCCTRL &\n PHY_2LANE (bsc#1051510).\n\n - drm/bridge: tc358767: fix initial DP0/1_SRCCTRL value\n (bsc#1051510).\n\n - drm/bridge: tc358767: fix output H/V syncs\n (bsc#1051510).\n\n - drm/bridge: tc358767: fix single lane configuration\n (bsc#1051510).\n\n - drm/bridge: tc358767: reject modes which require too\n much BW (bsc#1051510).\n\n - drm/bufs: Fix Spectre v1 vulnerability (bsc#1051510).\n\n - drm: Clear state->acquire_ctx before leaving\n drm_atomic_helper_commit_duplicated_state()\n (bsc#1051510).\n\n - drm: disable uncached DMA optimization for ARM and arm64\n (bsc#1051510).\n\n - drm/etnaviv: NULL vs IS_ERR() buf in etnaviv_core_dump()\n (bsc#1113722)\n\n - drm/etnaviv: potential NULL dereference (bsc#1113722)\n\n - drm: Fix error handling in drm_legacy_addctx\n (bsc#1113722)\n\n - drm/i915/bios: assume eDP is present on port A when\n there is no VBT (bsc#1051510).\n\n - drm/i915: Block fbdev HPD processing during suspend\n (bsc#1113722)\n\n - drm/i915/fbdev: Actually configure untiled displays\n (bsc#1113722)\n\n - drm/i915: Flush GPU relocs harder for gen3 (bsc#1113722)\n\n - drm/i915/gvt: free VFIO region space in vgpu detach\n (bsc#1113722)\n\n - drm/i915/gvt: release shadow batch buffer and wa_ctx\n before destroy one workload (bsc#1051510).\n\n - drm/i915/opregion: fix version check (bsc#1113722)\n\n - drm/i915/opregion: rvda is relative from opregion base\n in opregion (bsc#1113722)\n\n - drm/i915: Prevent a race during I915_GEM_MMAP ioctl with\n WC set (bsc#1113722)\n\n - drm/i915: Redefine some Whiskey Lake SKUs (bsc#1051510).\n\n - drm/i915: Relax mmap VMA check (bsc#1051510).\n\n - drm/i915: Use the correct crtc when sanitizing plane\n mapping (bsc#1113722)\n\n - drm/imx: ignore plane updates on disabled crtcs\n (bsc#1051510).\n\n - drm/imx: imx-ldb: add missing of_node_puts\n (bsc#1051510).\n\n - drm/meson: add missing of_node_put (bsc#1051510).\n\n - drm/modes: Prevent division by zero htotal\n (bsc#1051510).\n\n - drm/msm: Fix error return checking (bsc#1051510).\n\n - drm/msm: Grab a vblank reference when waiting for\n commit_done (bsc#1051510).\n\n - drm/msm: Unblock writer if reader closes file\n (bsc#1051510).\n\n - drm/nouveau/bios/ramcfg: fix missing parentheses when\n calculating RON (bsc#1113722)\n\n - drm/nouveau/debugfs: Fix check of pm_runtime_get_sync\n failure (bsc#1051510).\n\n - drm/nouveau: Do not spew kernel WARNING for each timeout\n (bsc#1126480).\n\n - drm/nouveau: Do not WARN_ON VCPI allocation failures\n (bsc#1113722)\n\n - drm/nouveau/falcon: avoid touching registers if engine\n is off (bsc#1051510).\n\n - drm/nouveau/pmu: do not print reply values if exec is\n false (bsc#1113722)\n\n - drm/radeon/evergreen_cs: fix missing break in switch\n statement (bsc#1113722)\n\n - drm: Reorder set_property_atomic to avoid returning with\n an active ww_ctx (bsc#1051510).\n\n - drm/rockchip: fix for mailbox read size (bsc#1051510).\n\n - drm/shmob: Fix return value check in shmob_drm_probe\n (bsc#1113722)\n\n - drm/sun4i: tcon: Prepare and enable TCON channel 0 clock\n at init (bsc#1051510).\n\n - drm/vmwgfx: Do not double-free the mode stored in\n par->set_mode (bsc#1103429)\n\n - earlycon: Initialize port->uartclk based on\n clock-frequency property (bsc#1051510).\n\n - earlycon: Remove hardcoded port->uartclk initialization\n in of_setup_earlycon (bsc#1051510).\n\n - Enable CONFIG_RDMA_RXE=m also for ppc64le (bsc#1107665,)\n\n - Enable livepatch test drivers in lib/ Livepatch\n kselftests need those.\n\n - enic: fix build warning without CONFIG_CPUMASK_OFFSTACK\n (bsc#1051510).\n\n - enic: fix checksum validation for IPv6 (bsc#1051510).\n\n - esp6: fix memleak on error path in esp6_input\n (bsc#1051510).\n\n - esp: Fix locking on page fragment allocation\n (bsc#1051510).\n\n - esp: Fix memleaks on error paths (bsc#1051510).\n\n - esp: Fix skb tailroom calculation (bsc#1051510).\n\n - ext4: avoid kernel warning when writing the superblock\n to a dead device (bsc#1124981).\n\n - ext4: Avoid panic during forced reboot (bsc#1126356).\n\n - ext4: check for shutdown and r/o file system in\n ext4_write_inode() (bsc#1124978).\n\n - ext4: fix a potential fiemap/page fault deadlock w/\n inline_data (bsc#1124980).\n\n - ext4: force inode writes when nfsd calls\n commit_metadata() (bsc#1125125).\n\n - ext4: include terminating u32 in size of xattr entries\n when expanding inodes (bsc#1124976).\n\n - ext4: make sure enough credits are reserved for\n dioread_nolock writes (bsc#1124979).\n\n - ext4: track writeback errors using the generic tracking\n infrastructure (bsc#1124982).\n\n - fbdev: chipsfb: remove set but not used variable 'size'\n (bsc#1113722)\n\n - firmware/efi: Add NULL pointer checks in efivars API\n functions (bsc#1051510).\n\n - floppy: check_events callback should not return a\n negative number (bsc#1051510).\n\n - fs/dax: deposit pagetable even when installing zero page\n (bsc#1126740).\n\n - fs/dcache: Fix incorrect nr_dentry_unused accounting in\n shrink_dcache_sb() (git-fixes).\n\n - fs/devpts: always delete dcache dentry-s in dput()\n (git-fixes).\n\n - fuse: call pipe_buf_release() under pipe lock\n (bsc#1051510).\n\n - fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN\n returns ENOSYS (bsc#1051510).\n\n - fuse: decrement NR_WRITEBACK_TEMP on the right page\n (bsc#1051510).\n\n - fuse: handle zero sized retrieve correctly\n (bsc#1051510).\n\n - futex: Fix (possible) missed wakeup (bsc#1050549).\n\n - gdrom: fix a memory leak bug (bsc#1051510).\n\n - geneve: cleanup hard coded value for Ethernet header\n length (bsc#1123456).\n\n - geneve: correctly handle ipv6.disable module parameter\n (bsc#1051510).\n\n - geneve, vxlan: Do not check skb_dst() twice\n (bsc#1123456).\n\n - geneve, vxlan: Do not set exceptions if skb->len < mtu\n (bsc#1123456).\n\n - genwqe: Fix size check (bsc#1051510).\n\n - gfs2: Revert 'Fix loop in gfs2_rbm_find' (bsc#1120601).\n\n - gianfar: fix a flooded alignment reports because of\n padding issue (bsc#1051510).\n\n - gianfar: Fix Rx byte accounting for ndev stats\n (bsc#1051510).\n\n - gianfar: prevent integer wrapping in the rx handler\n (bsc#1051510).\n\n - gpu: ipu-v3: Fix CSI offsets for imx53 (bsc#1113722)\n\n - gpu: ipu-v3: Fix i.MX51 CSI control registers offset\n (bsc#1113722)\n\n - gpu: ipu-v3: image-convert: Prevent race between run and\n unprepare (bsc#1051510).\n\n - gro_cells: make sure device is up in gro_cells_receive()\n (git-fixes).\n\n - hid: lenovo: Add checks to fix of_led_classdev_register\n (bsc#1051510).\n\n - hpet: Fix missing '=' character in the __setup() code of\n hpet_mmap_enable (git-fixes).\n\n - hvc_opal: do not set tb_ticks_per_usec in\n udbg_init_opal_common() (bsc#1051510).\n\n - hv: reduce storvsc_ringbuffer_size from 1M to 128K to\n simplify booting with 1k vcpus ().\n\n - hv: v4.12 API for hyperv-iommu (bsc#1122822).\n\n - hwmon: (lm80) fix a missing check of bus read in lm80\n probe (bsc#1051510).\n\n - hwmon: (lm80) fix a missing check of the status of SMBus\n read (bsc#1051510).\n\n - hwmon: (lm80) Fix missing unlock on error in\n set_fan_div() (bsc#1051510).\n\n - hwmon: (tmp421) Correct the misspelling of the tmp442\n compatible attribute in OF device ID table\n (bsc#1051510).\n\n - HYPERV/IOMMU: Add Hyper-V stub IOMMU driver\n (bsc#1122822).\n\n - i2c-axxia: check for error conditions first\n (bsc#1051510).\n\n - i2c: bcm2835: Clear current buffer pointers and counts\n after a transfer (bsc#1051510).\n\n - i2c: cadence: Fix the hold bit setting (bsc#1051510).\n\n - i2c: omap: Use noirq system sleep pm ops to idle device\n for suspend (bsc#1051510).\n\n - i2c: sh_mobile: add support for r8a77990 (R-Car E3)\n (bsc#1051510).\n\n - i2c: tegra: fix maximum transfer size (bsc#1051510).\n\n - ib/core: Destroy QP if XRC QP fails (bsc#1046306).\n\n - ib/core: Fix potential memory leak while creating MAD\n agents (bsc#1046306).\n\n - ib/core: Unregister notifier before freeing MAD security\n (bsc#1046306).\n\n - ib/hfi1: Close race condition on user context disable\n and close (bsc#1060463).\n\n - ib/mlx5: Unmap DMA addr from HCA before IOMMU\n (bsc#1046305 ).\n\n - ibmvnic: Report actual backing device speed and duplex\n values (bsc#1129923).\n\n - ibmvscsi: Fix empty event pool access during host\n removal (bsc#1119019).\n\n - ibmvscsi: Protect ibmvscsi_head from concurrent\n modificaiton (bsc#1119019).\n\n - ieee802154: ca8210: fix possible u8 overflow in\n ca8210_rx_done (bsc#1051510).\n\n - igb: Fix an issue that PME is not enabled during runtime\n suspend (bsc#1051510).\n\n - iio: accel: kxcjk1013: Add KIOX010A ACPI Hardware-ID\n (bsc#1051510).\n\n - iio: adc: exynos-adc: Fix NULL pointer exception on\n unbind (bsc#1051510).\n\n - iio: chemical: atlas-ph-sensor: correct IIO_TEMP values\n to millicelsius (bsc#1051510).\n\n - Input: bma150 - register input device after setting\n private data (bsc#1051510).\n\n - input: cap11xx - switch to using\n set_brightness_blocking() (bsc#1051510).\n\n - Input: elan_i2c - add ACPI ID for touchpad in Lenovo\n V330-15ISK (bsc#1051510).\n\n - Input: elan_i2c - add id for touchpad found in Lenovo\n s21e-20 (bsc#1051510).\n\n - Input: elantech - enable 3rd button support on Fujitsu\n CELSIUS H780 (bsc#1051510).\n\n - input: matrix_keypad - use flush_delayed_work()\n (bsc#1051510).\n\n - Input: raspberrypi-ts - select CONFIG_INPUT_POLLDEV\n (git-fixes).\n\n - input: st-keyscan - fix potential zalloc NULL\n dereference (bsc#1051510).\n\n - input: uinput - fix undefined behavior in\n uinput_validate_absinfo() (bsc#1120902).\n\n - Input: wacom_serial4 - add support for Wacom ArtPad II\n tablet (bsc#1051510).\n\n - intel_th: Do not reference unassigned outputs\n (bsc#1051510).\n\n - intel_th: gth: Fix an off-by-one in output unassigning\n (bsc#1051510).\n\n - iomap: fix integer truncation issues in the zeroing and\n dirtying helpers (bsc#1125947).\n\n - iomap: warn on zero-length mappings (bsc#1127062).\n\n - iommu/amd: Fix NULL dereference bug in match_hid_uid\n (bsc#1130336).\n\n - iommu/amd: fix sg->dma_address for sg->offset bigger\n than PAGE_SIZE (bsc#1130337).\n\n - iommu/amd: Reserve exclusion range in iova-domain\n (bsc#1130425).\n\n - iommu/dmar: Fix buffer overflow during PCI bus\n notification (bsc#1129181).\n\n - iommu: Document iommu_ops.is_attach_deferred()\n (bsc#1129182).\n\n - iommu: Do not print warning when IOMMU driver only\n supports unmanaged domains (bsc#1130130).\n\n - iommu/io-pgtable-arm-v7s: Only kmemleak_ignore L2 tables\n (bsc#1129205).\n\n - iommu/vt-d: Check capability before disabling protected\n memory (bsc#1130338).\n\n - iommu/vt-d: Check identity map for hot-added devices\n (bsc#1129183).\n\n - iommu/vt-d: Fix NULL pointer reference in\n intel_svm_bind_mm() (bsc#1129184).\n\n - ip6: fix PMTU discovery when using /127 subnets\n (git-fixes).\n\n - ip6mr: Do not call __IP6_INC_STATS() from preemptible\n context (git-fixes).\n\n - ip6_tunnel: get the min mtu properly in ip6_tnl_xmit\n (bsc#1123456).\n\n - ip6_tunnel: use the right value for ipv4 min mtu check\n in ip6_tnl_xmit (bsc#1123456).\n\n - ipsec: check return value of skb_to_sgvec always\n (bsc#1051510).\n\n - ipv4/route: fail early when inet dev is missing\n (git-fixes).\n\n - ipv4: speedup ipv6 tunnels dismantle (bsc#1122982).\n\n - ipv6: addrlabel: per netns list (bsc#1122982).\n\n - ipv6: Consider sk_bound_dev_if when binding a socket to\n an address (networking-stable-19_02_01).\n\n - ipv6: Consider sk_bound_dev_if when binding a socket to\n a v4 mapped address (networking-stable-19_01_22).\n\n - ipv6: fix kernel-infoleak in ipv6_local_error()\n (networking-stable-19_01_20).\n\n - ipv6: speedup ipv6 tunnels dismantle (bsc#1122982).\n Refresh\n patches.suse/ip6_vti-fix-a-null-pointer-deference-when-d\n estroy-vt.patch\n\n - ipv6: Take rcu_read_lock in __inet6_bind for mapped\n addresses (networking-stable-19_01_22).\n\n - ipvlan, l3mdev: fix broken l3s mode wrt local routes\n (networking-stable-19_02_01).\n\n - irqchip/gic-v3-its: Align PCI Multi-MSI allocation on\n their size (bsc#1051510).\n\n - irqchip/gic-v3-its: Avoid parsing _indirect_ twice for\n Device table (bsc#1051510).\n\n - irqchip/gic-v3-its: Do not bind LPI to unavailable NUMA\n node (bsc#1051510).\n\n - irqchip/gic-v3-its: Fix ITT_entry_size accessor\n (bsc#1051510).\n\n - irqchip/mmp: Only touch the PJ4 IRQ & FIQ bits on\n enable/disable (bsc#1051510).\n\n - iscsi_ibft: Fix missing break in switch statement\n (bsc#1051510).\n\n - isdn: avm: Fix string plus integer warning from Clang\n (bsc#1051510).\n\n - isdn: hisax: hfc_pci: Fix a possible concurrency\n use-after-free bug in HFCPCI_l1hw() (bsc#1051510).\n\n - isdn: i4l: isdn_tty: Fix some concurrency double-free\n bugs (bsc#1051510).\n\n - iser: set sector for ambiguous mr status errors\n (bsc#1051510).\n\n - iwlwifi: mvm: avoid possible access out of array\n (bsc#1051510).\n\n - iwlwifi: mvm: fix A-MPDU reference assignment\n (bsc#1051510).\n\n - iwlwifi: mvm: fix firmware statistics usage\n (bsc#1129770).\n\n - iwlwifi: mvm: fix RSS config command (bsc#1051510).\n\n - iwlwifi: pcie: fix emergency path (bsc#1051510).\n\n - iwlwifi: pcie: fix TX while flushing (bsc#1120902).\n\n - ixgbe: Be more careful when modifying MAC filters\n (bsc#1051510).\n\n - ixgbe: check return value of napi_complete_done()\n (bsc#1051510).\n\n - ixgbe: recognize 1000BaseLX SFP modules as 1Gbps\n (bsc#1051510).\n\n - kabi: cpufreq: keep min_sampling_rate in struct dbs_data\n (bsc#1127042).\n\n - kabi: handle addition of ip6addrlbl_table into struct\n netns_ipv6 (bsc#1122982).\n\n - kabi: handle addition of uevent_sock into struct net\n (bsc#1122982).\n\n - kabi: Preserve kABI for dma_max_mapping_size()\n (bsc#1120008).\n\n - kabi: protect vhost_log_write (kabi).\n\n - kabi: restore ip_tunnel_delete_net() (bsc#1122982).\n\n - kabi workaround for ath9k ath_node.ackto type change\n (bsc#1051510).\n\n - kABI workaround for bt_accept_enqueue() change\n (bsc#1051510).\n\n - kallsyms: Handle too long symbols in kallsyms.c\n (bsc#1126805).\n\n - kasan: fix shadow_size calculation error in\n kasan_module_alloc (bsc#1051510).\n\n - kbuild: fix false positive warning/error about missing\n libelf (bsc#1051510).\n\n - kconfig: fix file name and line number of\n warn_ignored_character() (bsc#1051510).\n\n - kconfig: fix line numbers for if-entries in menu tree\n (bsc#1051510).\n\n - kconfig: fix memory leak when EOF is encountered in\n quotation (bsc#1051510).\n\n - kconfig: fix the rule of mainmenu_stmt symbol\n (bsc#1051510).\n\n - keys: allow reaching the keys quotas exactly\n (bsc#1051510).\n\n - keys: Timestamp new keys (bsc#1051510).\n\n - kgdboc: fix KASAN global-out-of-bounds bug in\n param_set_kgdboc_var() (bsc#1051510).\n\n - kgdboc: Fix restrict error (bsc#1051510).\n\n - kgdboc: Fix warning with module build (bsc#1051510).\n\n - kobject: add kobject_uevent_net_broadcast()\n (bsc#1122982).\n\n - kobject: copy env blob in one go (bsc#1122982).\n\n - kobject: factorize skb setup in\n kobject_uevent_net_broadcast() (bsc#1122982).\n\n - kprobes: Return error if we fail to reuse kprobe instead\n of BUG_ON() (bsc#1051510).\n\n - kvm: mmu: Fix race in emulated page table writes\n (bsc#1129284).\n\n - kvm: nVMX: Free the VMREAD/VMWRITE bitmaps if\n alloc_kvm_area() fails (bsc#1129291).\n\n - kvm: nVMX: NMI-window and interrupt-window exiting\n should wake L2 from HLT (bsc#1129292).\n\n - kvm: nVMX: Set VM instruction error for VMPTRLD of\n unbacked page (bsc#1129293).\n\n - kvm: vmx: Set IA32_TSC_AUX for legacy mode guests\n (bsc#1129294).\n\n - kvm: x86: Add AMD's EX_CFG to the list of ignored MSRs\n (bsc#1127082).\n\n - kvm: x86: Fix single-step debugging (bsc#1129295).\n\n - kvm: x86: Use jmp to invoke kvm_spurious_fault() from\n .fixup (bsc#1129296).\n\n - l2tp: copy 4 more bytes to linear part if necessary\n (networking-stable-19_02_01).\n\n - l2tp: fix infoleak in l2tp_ip6_recvmsg() (git-fixes).\n\n - l2tp: fix reading optional fields of L2TPv3\n (networking-stable-19_02_01).\n\n - leds: lp5523: fix a missing check of return value of\n lp55xx_read (bsc#1051510).\n\n - leds: lp55xx: fix null deref on firmware load failure\n (bsc#1051510).\n\n - libceph: avoid KEEPALIVE_PENDING races in\n ceph_con_keepalive() (bsc#1125800).\n\n - libceph: handle an empty authorize reply (bsc#1126789).\n\n - libceph: wait for latest osdmap in\n ceph_monc_blacklist_add() (bsc#1130427).\n\n - lib/div64.c: off by one in shift (bsc#1051510).\n\n - libertas_tf: do not set URB_ZERO_PACKET on IN USB\n transfer (bsc#1051510).\n\n - libnvdimm: Fix altmap reservation size calculation\n (bsc#1127682).\n\n - libnvdimm/label: Clear 'updating' flag after label-set\n update (bsc#1129543).\n\n - libnvdimm/pmem: Honor force_raw for legacy pmem regions\n (bsc#1129551).\n\n - lightnvm: fail fast on passthrough commands\n (bsc#1125780).\n\n - livepatch: Change unsigned long old_addr -> void\n *old_func in struct klp_func (bsc#1071995).\n\n - livepatch: Consolidate klp_free functions (bsc#1071995\n ).\n\n - livepatch: core: Return EOPNOTSUPP instead of ENOSYS\n (bsc#1071995).\n\n - livepatch: Define a macro for new API identification\n (bsc#1071995).\n\n - livepatch: Do not block the removal of patches loaded\n after a forced transition (bsc#1071995).\n\n - livepatch: Introduce klp_for_each_patch macro\n (bsc#1071995 ).\n\n - livepatch: Module coming and going callbacks can proceed\n with all listed patches (bsc#1071995).\n\n - livepatch: Proper error handling in the shadow variables\n selftest (bsc#1071995).\n\n - livepatch: Remove ordering (stacking) of the livepatches\n (bsc#1071995).\n\n - livepatch: Remove signal sysfs attribute (bsc#1071995 ).\n\n - livepatch: return -ENOMEM on ptr_id() allocation failure\n (bsc#1071995).\n\n - livepatch: Send a fake signal periodically (bsc#1071995\n ).\n\n - livepatch: Shuffle\n klp_enable_patch()/klp_disable_patch() code\n (bsc#1071995).\n\n - livepatch: Simplify API by removing registration step\n (bsc#1071995).\n\n - llc: do not use sk_eat_skb() (bsc#1051510).\n\n - locking/rwsem: Fix (possible) missed wakeup\n (bsc#1050549).\n\n - loop: drop caches if offset or block_size are changed\n (bsc#1124975).\n\n - loop: Reintroduce lo_ctl_mutex removed by commit\n 310ca162d (bsc#1124974).\n\n - mac80211: Add attribute aligned(2) to struct 'action'\n (bsc#1051510).\n\n - mac80211: do not initiate TDLS connection if station is\n not associated to AP (bsc#1051510).\n\n - mac80211: ensure that mgmt tx skbs have tailroom for\n encryption (bsc#1051510).\n\n - mac80211: fix miscounting of ttl-dropped frames\n (bsc#1051510).\n\n - mac80211: fix radiotap vendor presence bitmap handling\n (bsc#1051510).\n\n - mac80211: Fix Tx aggregation session tear down with\n ITXQs (bsc#1051510).\n\n - mac80211: Free mpath object when rhashtable insertion\n fails (bsc#1051510).\n\n - mac80211_hwsim: propagate genlmsg_reply return code\n (bsc#1051510).\n\n - mac80211: Restore vif beacon interval if start ap fails\n (bsc#1051510).\n\n - macvlan: Only deliver one copy of the frame to the\n macvlan interface (bsc#1051510).\n\n - mailbox: bcm-flexrm-mailbox: Fix FlexRM ring flush\n timeout issue (bsc#1051510).\n\n - mdio_bus: Fix use-after-free on device_register fails\n (bsc#1051510).\n\n - media: adv*/tc358743/ths8200: fill in min\n width/height/pixelclock (bsc#1051510).\n\n - media: DaVinci-VPBE: fix error handling in\n vpbe_initialize() (bsc#1051510).\n\n - media: dt-bindings: media: i2c: Fix i2c address for\n OV5645 camera sensor (bsc#1051510).\n\n - media: mtk-vcodec: Release device nodes in\n mtk_vcodec_init_enc_pm() (bsc#1051510).\n\n - media: rc: mce_kbd decoder: fix stuck keys\n (bsc#1100132).\n\n - media: s5k4ecgx: delete a bogus error message\n (bsc#1051510).\n\n - media: s5p-jpeg: Check for fmt_ver_flag when doing fmt\n enumeration (bsc#1051510).\n\n - media: s5p-jpeg: Correct step and max values for\n V4L2_CID_JPEG_RESTART_INTERVAL (bsc#1051510).\n\n - media: s5p-mfc: fix incorrect bus assignment in virtual\n child device (bsc#1051510).\n\n - media: uvcvideo: Avoid NULL pointer dereference at the\n end of streaming (bsc#1051510).\n\n - media: uvcvideo: Fix 'type' check leading to overflow\n (bsc#1051510).\n\n - media: v4l2-ctrls.c/uvc: zero v4l2_event (bsc#1051510).\n\n - media: v4l2: i2c: ov7670: Fix PLL bypass register values\n (bsc#1051510).\n\n - media: vb2: do not call __vb2_queue_cancel if\n vb2_start_streaming failed (bsc#1119086).\n\n - memremap: fix softlockup reports at teardown\n (bnc#1130154).\n\n - memstick: Prevent memstick host from getting runtime\n suspended during card detection (bsc#1051510).\n\n - mfd: db8500-prcmu: Fix some section annotations\n (bsc#1051510).\n\n - mfd: mc13xxx: Fix a missing check of a register-read\n failure (bsc#1051510).\n\n - mfd: mt6397: Do not call irq_domain_remove if PMIC\n unsupported (bsc#1051510).\n\n - mfd: qcom_rpm: write fw_version to CTRL_REG\n (bsc#1051510).\n\n - mfd: ti_am335x_tscadc: Use PLATFORM_DEVID_AUTO while\n registering mfd cells (bsc#1051510).\n\n - mfd: tps65218: Use devm_regmap_add_irq_chip and clean up\n error path in probe() (bsc#1051510).\n\n - mfd: twl-core: Fix section annotations on\n (,un)protect_pm_master (bsc#1051510).\n\n - mfd: wm5110: Add missing ASRC rate register\n (bsc#1051510).\n\n - misc: hpilo: Do not claim unsupported hardware\n (bsc#1129330).\n\n - misc: hpilo: Exclude unsupported device via blacklist\n (bsc#1129330).\n\n - mISDN: fix a race in dev_expire_timer() (bsc#1051510).\n\n - mlxsw: __mlxsw_sp_port_headroom_set(): Fix a use of\n local variable (git-fixes).\n\n - mlxsw: spectrum: Disable lag port TX before removing it\n (networking-stable-19_01_22).\n\n - mmap: introduce sane default mmap limits (git fixes\n (mm/mmap)).\n\n - mmap: relax file size limit for regular files (git fixes\n (mm/mmap)).\n\n - mmc: bcm2835: Recover from MMC_SEND_EXT_CSD\n (bsc#1051510).\n\n - mmc: Kconfig: Enable CONFIG_MMC_SDHCI_IO_ACCESSORS\n (bsc#1051510).\n\n - mmc: omap: fix the maximum timeout setting\n (bsc#1051510).\n\n - mmc: pxamci: fix enum type confusion (bsc#1051510).\n\n - mmc: sdhci-brcmstb: handle mmc_of_parse() errors during\n probe (bsc#1051510).\n\n - mmc: sdhci-esdhc-imx: fix HS400 timing issue\n (bsc#1051510).\n\n - mmc: sdhci-of-esdhc: Fix timeout checks (bsc#1051510).\n\n - mmc: sdhci-xenon: Fix timeout checks (bsc#1051510).\n\n - mmc: spi: Fix card detection during probe (bsc#1051510).\n\n - mm: do not drop unused pages when userfaultd is running\n (git fixes (mm/userfaultfd)).\n\n - mm: Fix modifying of page protection by insert_pfn()\n (bsc#1126740).\n\n - mm: Fix warning in insert_pfn() (bsc#1126740).\n\n - mm/hmm: hmm_pfns_bad() was accessing wrong struct (git\n fixes (mm/hmm)).\n\n - mm: hwpoison: use do_send_sig_info() instead of\n force_sig() (git fixes (mm/hwpoison)).\n\n - mm/ksm.c: ignore STABLE_FLAG of rmap_item->address in\n rmap_walk_ksm() (git fixes (mm/ksm)).\n\n - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (git\n fixes (mm/madvise)).\n\n - mm,memory_hotplug: fix scan_movable_pages() for gigantic\n hugepages (bsc#1127731).\n\n - mm: migrate: do not rely on __PageMovable() of newpage\n after unlocking it (git fixes (mm/migrate)).\n\n - mm, oom: fix use-after-free in oom_kill_process (git\n fixes (mm/oom)).\n\n - mm: use swp_offset as key in shmem_replace_page() (git\n fixes (mm/shmem)).\n\n - mm,vmscan: Make unregister_shrinker() no-op if\n register_shrinker() failed (git fixes (mm/vmscan)).\n\n - Move upstreamed ALSA and BT patches into sorted section\n\n - Move upstreamed libnvdimm patch into sorted section\n\n - mtd: cfi_cmdset_0002: Avoid walking all chips when\n unlocking (bsc#1051510).\n\n - mtd: cfi_cmdset_0002: Change write buffer to check\n correct value (bsc#1051510).\n\n - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips\n (bsc#1051510).\n\n - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a\n chip boudary (bsc#1051510).\n\n - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock()\n (bsc#1051510).\n\n - mtdchar: fix overflows in adjustment of `count`\n (bsc#1051510).\n\n - mtdchar: fix usage of mtd_ooblayout_ecc() (bsc#1051510).\n\n - mtd: docg3: do not set conflicting BCH_CONST_PARAMS\n option (bsc#1051510).\n\n - mtd/maps: fix solutionengine.c printk format warnings\n (bsc#1051510).\n\n - mtd: mtd_oobtest: Handle bitflips during reads\n (bsc#1051510).\n\n - mtd: nand: atmel: fix buffer overflow in\n atmel_pmecc_user (bsc#1051510).\n\n - mtd: nand: atmel: Fix get_sectorsize() function\n (bsc#1051510).\n\n - mtd: nand: atmel: fix of_irq_get() error check\n (bsc#1051510).\n\n - mtd: nand: brcmnand: Disable prefetch by default\n (bsc#1051510).\n\n - mtd: nand: brcmnand: Zero bitflip is not an error\n (bsc#1051510).\n\n - mtd: nand: denali_pci: add missing\n MODULE_DESCRIPTION/AUTHOR/LICENSE (bsc#1051510).\n\n - mtd: nand: fix interpretation of NAND_CMD_NONE in\n nand_command[_lp]() (bsc#1051510).\n\n - mtd: nand: Fix nand_do_read_oob() return value\n (bsc#1051510).\n\n - mtd: nand: Fix writing mtdoops to nand flash\n (bsc#1051510).\n\n - mtd: nand: fsl_ifc: Fix nand waitfunc return value\n (bsc#1051510).\n\n - mtd: nand: gpmi: Fix failure when a erased page has a\n bitflip at BBM (bsc#1051510).\n\n - mtd: nand: ifc: update bufnum mask for ver >= 2.0.0\n (bsc#1051510).\n\n - mtd: nand: mtk: fix infinite ECC decode IRQ issue\n (bsc#1051510).\n\n - mtd: nand: omap2: Fix subpage write (bsc#1051510).\n\n - mtd: nand: pxa3xx: Fix READOOB implementation\n (bsc#1051510).\n\n - mtd: nand: qcom: Add a NULL check for devm_kasprintf()\n (bsc#1051510).\n\n - mtd: nandsim: remove debugfs entries in error path\n (bsc#1051510).\n\n - mtd: nand: sunxi: Fix ECC strength choice (bsc#1051510).\n\n - mtd: nand: sunxi: fix potential divide-by-zero error\n (bsc#1051510).\n\n - mtd: nand: vf610: set correct ooblayout (bsc#1051510).\n\n - mtd: spi-nor: cadence-quadspi: Fix page fault kernel\n panic (bsc#1051510).\n\n - mtd: spi-nor: Fix Cadence QSPI page fault kernel panic\n (bsc#1051510).\n\n - mtd: spi-nor: fsl-quadspi: fix read error for flash size\n larger than 16MB (bsc#1051510).\n\n - mtd: spi-nor: stm32-quadspi: Fix uninitialized error\n return code (bsc#1051510).\n\n - mv88e6060: disable hardware level MAC learning\n (bsc#1051510).\n\n - nbd: Use set_blocksize() to set device blocksize\n (bsc#1124984).\n\n - net: add uevent socket member (bsc#1122982).\n\n - net: aquantia: driver should correctly declare\n vlan_features bits (bsc#1051510).\n\n - net: aquantia: fixed instack structure overflow\n (git-fixes).\n\n - net: aquantia: Fix hardware DMA stream overload on large\n MRRS (bsc#1051510).\n\n - net: bcmgenet: abort suspend on error (bsc#1051510).\n\n - net: bcmgenet: code movement (bsc#1051510).\n\n - net: bcmgenet: fix OF child-node lookup (bsc#1051510).\n\n - net: bcmgenet: remove HFB_CTRL access (bsc#1051510).\n\n - net: bcmgenet: return correct value 'ret' from\n bcmgenet_power_down (bsc#1051510).\n\n - net: bridge: fix a bug on using a neighbour cache entry\n without checking its state (networking-stable-19_01_20).\n\n - net: bridge: Fix ethernet header pointer before check\n skb forwardable (networking-stable-19_01_26).\n\n - net: do not call update_pmtu unconditionally\n (bsc#1123456).\n\n - net: Do not default Cavium PTP driver to 'y'\n (bsc#1110096).\n\n - net: dp83640: expire old TX-skb\n (networking-stable-19_02_10).\n\n - net: dsa: mv88e6xxx: handle unknown duplex modes\n gracefully in mv88e6xxx_port_set_duplex (git-fixes).\n\n - net: dsa: mv88x6xxx: mv88e6390 errata\n (networking-stable-19_01_22).\n\n - net: dsa: slave: Do not propagate flag changes on down\n slave interfaces (networking-stable-19_02_10).\n\n - net: ena: fix race between link up and device\n initalization (bsc#1083548).\n\n - net: ena: update driver version from 2.0.2 to 2.0.3\n (bsc#1129276 bsc#1125342).\n\n - netfilter: check for seqadj ext existence before adding\n it in nf_nat_setup_info (git-fixes).\n\n - netfilter: nf_tables: check the result of dereferencing\n base_chain->stats (git-fixes).\n\n - net: Fix usage of pskb_trim_rcsum\n (networking-stable-19_01_26).\n\n - net: ipv4: Fix memory leak in network namespace\n dismantle (networking-stable-19_01_26).\n\n - net/mlx4_core: Add masking for a few queries on HCA caps\n (networking-stable-19_02_01).\n\n - net/mlx4_core: Fix locking in SRIOV mode when switching\n between events and polling (git-fixes).\n\n - net/mlx4_core: Fix qp mtt size calculation (git-fixes).\n\n - net/mlx4_core: Fix reset flow when in command polling\n mode (git-fixes).\n\n - net/mlx5e: Allow MAC invalidation while spoofchk is ON\n (networking-stable-19_02_01).\n\n - net/mlx5e: IPoIB, Fix RX checksum statistics update\n (git-fixes).\n\n - net/mlx5e: RX, Fix wrong early return in receive queue\n poll (bsc#1046305).\n\n - net/mlx5: fix uaccess beyond 'count' in debugfs\n read/write handlers (git-fixes).\n\n - net/mlx5: Release resource on error flow (git-fixes).\n\n - net/mlx5: Return success for PAGE_FAULT_RESUME in\n internal error state (git-fixes).\n\n - net/mlx5: Use multi threaded workqueue for page fault\n handling (git-fixes).\n\n - net/ncsi: Fix AEN HNCDSC packet length (git-fixes).\n\n - net/ncsi: Stop monitor if channel times out or is\n inactive (git-fixes).\n\n - net: netem: fix skb length BUG_ON in __skb_to_sgvec\n (git-fixes).\n\n - netns: restrict uevents (bsc#1122982).\n\n - net: phy: marvell: Errata for mv88e6390 internal PHYs\n (networking-stable-19_01_26).\n\n - net: phy: mdio_bus: add missing device_del() in\n mdiobus_register() error handling\n (networking-stable-19_01_26).\n\n - net: phy: Micrel KSZ8061: link failure after cable\n connect (git-fixes).\n\n - netrom: switch to sock timer API (bsc#1051510).\n\n - net/rose: fix NULL ax25_cb kernel panic\n (networking-stable-19_02_01).\n\n - net/sched: act_tunnel_key: fix memory leak in case of\n action replace (networking-stable-19_01_26).\n\n - net_sched: refetch skb protocol for each filter\n (networking-stable-19_01_26).\n\n - net: set default network namespace in\n init_dummy_netdev() (networking-stable-19_02_01).\n\n - net: stmmac: Fix a race in EEE enable callback\n (git-fixes).\n\n - net: stmmac: fix broken dma_interrupt handling for\n multi-queues (git-fixes).\n\n - net: stmmac: handle endianness in dwmac4_get_timestamp\n (git-fixes).\n\n - net: stmmac: Use mutex instead of spinlock (git-fixes).\n\n - net-sysfs: Fix mem leak in netdev_register_kobject\n (git-fixes).\n\n - net: systemport: Fix WoL with password after deep sleep\n (networking-stable-19_02_10).\n\n - net: thunderx: fix NULL pointer dereference in\n nic_remove (git-fixes).\n\n - nfit: acpi_nfit_ctl(): Check out_obj->type in the right\n place (bsc#1129547).\n\n - nfit/ars: Attempt a short-ARS whenever the ARS state is\n idle at boot (bsc#1051510).\n\n - nfit/ars: Attempt short-ARS even in the no_init_ars case\n (bsc#1051510).\n\n - nfp: bpf: fix ALU32 high bits clearance bug (git-fixes).\n\n - nfsd: fix memory corruption caused by readdir\n (bsc#1127445).\n\n - niu: fix missing checks of niu_pci_eeprom_read\n (bsc#1051510).\n\n - ntb_transport: Fix bug with max_mw_size parameter\n (bsc#1051510).\n\n - nvme-fc: reject reconnect if io queue count is reduced\n to zero (bsc#1128351).\n\n - nvme: flush namespace scanning work just before removing\n namespaces (bsc#1108101).\n\n - nvme: kABI fix for scan_lock (bsc#1123882).\n\n - nvme: lock NS list changes while handling command\n effects (bsc#1123882).\n\n - nvme-loop: fix kernel oops in case of unhandled command\n (bsc#1126807).\n\n - nvme-multipath: drop optimization for static ANA group\n IDs (bsc#1113939).\n\n - nvme-pci: fix out of bounds access in nvme_cqe_pending\n (bsc#1127595).\n\n - nvme: schedule requeue whenever a LIVE state is entered\n (bsc#1123105).\n\n - of, numa: Validate some distance map rules\n (bsc#1051510).\n\n - of: unittest: Disable interrupt node tests for old world\n MAC systems (bsc#1051510).\n\n - openvswitch: Avoid OOB read when parsing flow nlattrs\n (bsc#1051510).\n\n - openvswitch: fix the incorrect flow action alloc size\n (bsc#1051510).\n\n - openvswitch: Remove padding from packet before L3+\n conntrack processing (bsc#1051510).\n\n - parport_pc: fix find_superio io compare code, should use\n equal test (bsc#1051510).\n\n - Partially revert 'block: fail op_is_write() requests to\n (bsc#1125252).\n\n - pci: add USR vendor id and use it in r8169 and w6692\n driver (networking-stable-19_01_22).\n\n - pci: designware-ep: dw_pcie_ep_set_msi() should only set\n MMC bits (bsc#1051510).\n\n - pci: endpoint: functions: Use\n memcpy_fromio()/memcpy_toio() (bsc#1051510).\n\n - pci-hyperv: increase HV_VP_SET_BANK_COUNT_MAX to handle\n 1792 vcpus (bsc#1122822).\n\n - pci/pme: Fix hotplug/sysfs remove deadlock in\n pcie_pme_remove() (bsc#1051510).\n\n - pci: qcom: Do not deassert reset GPIO during probe\n (bsc#1129281).\n\n - pcrypt: use format specifier in kobject_add\n (bsc#1051510).\n\n - perf/x86: Add sysfs entry to freeze counters on SMI\n (bsc#1121805).\n\n - perf/x86/intel: Delay memory deallocation until\n x86_pmu_dead_cpu() (bsc#1121805).\n\n - perf/x86/intel: Do not enable freeze-on-smi for PerfMon\n V1 (bsc#1121805).\n\n - perf/x86/intel: Fix memory corruption (bsc#1121805).\n\n - perf/x86/intel: Generalize dynamic constraint creation\n (bsc#1121805).\n\n - perf/x86/intel: Implement support for TSX Force Abort\n (bsc#1121805).\n\n - perf/x86/intel: Make cpuc allocations consistent\n (bsc#1121805).\n\n - phy: allwinner: sun4i-usb: poll vbus changes on A23/A33\n when driving VBUS (bsc#1051510).\n\n - phy: qcom-qmp: Fix failure path in phy_init functions\n (bsc#1051510).\n\n - phy: qcom-qmp: Fix phy pipe clock gating (bsc#1051510).\n\n - phy: renesas: rcar-gen3-usb2: fix vbus_ctrl for role\n sysfs (bsc#1051510).\n\n - phy: rockchip-emmc: retry calpad busy trimming\n (bsc#1051510).\n\n - phy: sun4i-usb: add support for missing USB PHY index\n (bsc#1051510).\n\n - phy: tegra: remove redundant self assignment of 'map'\n (bsc#1051510).\n\n - phy: work around 'phys' references to usb-nop-xceiv\n devices (bsc#1051510).\n\n - pinctrl: max77620: Use define directive for\n max77620_pinconf_param values (bsc#1051510).\n\n - pinctrl: meson: fix pull enable register calculation\n (bsc#1051510).\n\n - pinctrl: meson: meson8b: fix the GPIO function for the\n GPIOAO pins (bsc#1051510).\n\n - pinctrl: meson: meson8b: fix the sdxc_a data 1..3 pins\n (bsc#1051510).\n\n - pinctrl: meson: meson8: fix the GPIO function for the\n GPIOAO pins (bsc#1051510).\n\n - pinctrl: msm: fix gpio-hog related boot issues\n (bsc#1051510).\n\n - pinctrl: sh-pfc: emev2: Add missing pinmux functions\n (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7740: Add missing LCD0 marks to\n lcd0_data24_1 group (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7740: Add missing REF125CK pin to\n gether_gmii group (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7778: Fix HSPI pin numbers and names\n (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7791: Fix scifb2_data_c pin group\n (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7791: Remove bogus ctrl marks from\n qspi_data4_b group (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7791: Remove bogus marks from\n vin1_b_data18 group (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7792: Fix vin1_data18_b pin group\n (bsc#1051510).\n\n - pinctrl: sh-pfc: r8a7794: Remove bogus IPSR9 field\n (bsc#1051510).\n\n - pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register\n configuration (bsc#1051510).\n\n - pinctrl: sh-pfc: sh7269: Add missing PCIOR0 field\n (bsc#1051510).\n\n - pinctrl: sh-pfc: sh73a0: Add missing TO pin to tpu4_to3\n group (bsc#1051510).\n\n - pinctrl: sh-pfc: sh73a0: Fix fsic_spdif pin groups\n (bsc#1051510).\n\n - pinctrl: sh-pfc: sh7734: Add missing IPSR11 field\n (bsc#1051510).\n\n - pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10\n (bsc#1051510).\n\n - pinctrl: sh-pfc: sh7734: Remove bogus IPSR10 value\n (bsc#1051510).\n\n - pinctrl: sunxi: a64: Rename function csi0 to csi\n (bsc#1051510).\n\n - pinctrl: sunxi: a64: Rename function ts0 to ts\n (bsc#1051510).\n\n - pinctrl: sunxi: a83t: Fix IRQ offset typo for PH11\n (bsc#1051510).\n\n - pinctrl: sx150x: handle failure case of devm_kstrdup\n (bsc#1051510).\n\n - pktcdvd: Fix possible Spectre-v1 for pkt_devs\n (bsc#1051510).\n\n - platform/x86: Fix unmet dependency warning for\n SAMSUNG_Q10 (bsc#1051510).\n\n - pm / wakeup: Rework wakeup source timer cancellation\n (bsc#1051510).\n\n - powercap: intel_rapl: add support for Jacobsville ().\n\n - powerpc/64s: Clear on-stack exception marker upon\n exception return (bsc#1071995).\n\n - powerpc/livepatch: relax reliable stack tracer checks\n for first-frame (bsc#1071995).\n\n - powerpc/livepatch: small cleanups in\n save_stack_trace_tsk_reliable() (bsc#1071995).\n\n - powerpc/pseries: export timebase register sample in\n lparcfg (bsc#1127750).\n\n - powerpc/pseries/mce: Fix misleading print for TLB\n mutlihit (bsc#1094244, git-fixes).\n\n - powerpc/pseries: Perform full re-add of CPU for topology\n update post-migration (bsc#1125728).\n\n - power: supply: charger-manager: Fix incorrect return\n value (bsc#1051510).\n\n - pptp: dst_release sk_dst_cache in pptp_sock_destruct\n (git-fixes).\n\n - proc/sysctl: do not return ENOMEM on lookup when a table\n is unregistering (git-fixes).\n\n - pseries/energy: Use OF accessor function to read\n ibm,drc-indexes (bsc#1129080).\n\n - ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl\n (bsc#1051510).\n\n - ptp: Fix pass zero to ERR_PTR() in ptp_clock_register\n (bsc#1051510).\n\n - pwm-backlight: Enable/disable the PWM before/after LCD\n enable toggle (bsc#1051510).\n\n - qmi_wwan: add MTU default to qmap network interface\n (networking-stable-19_01_22).\n\n - qmi_wwan: apply SET_DTR quirk to Sierra WP7607\n (bsc#1051510).\n\n - qmi_wwan: Fix qmap header retrieval in qmimux_rx_fixup\n (bsc#1051510).\n\n - r8169: Add support for new Realtek Ethernet\n (networking-stable-19_01_22).\n\n - r8169: use PCI_VDEVICE macro\n (networking-stable-19_01_22).\n\n - rbd: do not return 0 on unmap if RBD_DEV_FLAG_REMOVING\n is set (bsc#1125797).\n\n - rcu: Fix up pending cbs check in rcu_prepare_for_idle\n (git fixes (kernel/rcu)).\n\n - rcu: Make need_resched() respond to urgent RCU-QS needs\n (git fixes (kernel/rcu)).\n\n - rdma/vmw_pvrdma: Support upto 64-bit PFNs (bsc#1127285).\n\n - Refresh\n patches.suse/scsi-do-not-print-reservation-conflict-for-\n TEST-UNIT.patch (bsc#1119843)\n\n - regulator: act8865: Fix act8600_sudcdc_voltage_ranges\n setting (bsc#1051510).\n\n - regulator: max77620: Initialize values for DT properties\n (bsc#1051510).\n\n - regulator: pv88060: Fix array out-of-bounds access\n (bsc#1051510).\n\n - regulator: pv88080: Fix array out-of-bounds access\n (bsc#1051510).\n\n - regulator: pv88090: Fix array out-of-bounds access\n (bsc#1051510).\n\n - regulator: s2mpa01: Fix step values for some LDOs\n (bsc#1051510).\n\n - regulator: s2mps11: Fix steps for buck7, buck8 and LDO35\n (bsc#1051510).\n\n - regulator: wm831x-dcdc: Fix list of wm831x_dcdc_ilim\n from mA to uA (bsc#1051510).\n\n - Remove blacklist of virtio patch so we can install it\n (bsc#1114585)\n\n - Remove patches rejected upstream ().\n\n - Revert drm/i915 patches that caused regressions\n (bsc#1131062)\n\n - Revert 'drm/rockchip: Allow driver to be shutdown on\n reboot/kexec' (bsc#1051510).\n\n - Revert 'Input: elan_i2c - add ACPI ID for touchpad in\n ASUS Aspire F5-573G' (bsc#1051510).\n\n - Revert 'ipv4: keep skb->dst around in presence of IP\n options' (git-fixes).\n\n - Revert 'openvswitch: Fix template leak in error cases.'\n (bsc#1051510).\n\n - Revert 'scsi: qla2xxx: Fix NVMe Target discovery'\n (bsc#1125252).\n\n - Revert 'sd: disable logical block provisioning if\n 'lbpme' is not set' This reverts commit\n e365f138cb9c9c48b710864a9f37a91b4b93381d. Patch not\n accepted upstream.\n\n - Revert the previous merge of drm fixes The branch was\n merged mistakenly and breaks the build. Revert it.\n\n - Revert 'xhci: Reset Renesas uPD72020x USB controller for\n 32-bit DMA issue' (bsc#1120854).\n\n - rhashtable: Still do rehash when we get EEXIST\n (bsc#1051510).\n\n - rocker: fix rocker_tlv_put_* functions for KASAN\n (bsc#1051510).\n\n - rpm/kernel-source.changes.old: Really drop old\n changelogs (bsc#1098995)\n\n - rt2800: enable TX_PIN_CFG_RFRX_EN only for MT7620\n (bsc#1120902).\n\n - rtc: 88pm80x: fix unintended sign extension\n (bsc#1051510).\n\n - rtc: 88pm860x: fix unintended sign extension\n (bsc#1051510).\n\n - rtc: cmos: ignore bogus century byte (bsc#1051510).\n\n - rtc: ds1672: fix unintended sign extension\n (bsc#1051510).\n\n - rtc: Fix overflow when converting time64_t to rtc_time\n (bsc#1051510).\n\n - rtc: pm8xxx: fix unintended sign extension\n (bsc#1051510).\n\n - rtnetlink: bring NETDEV_CHANGE_TX_QUEUE_LEN event\n process back in rtnetlink_event (git-fixes).\n\n - rtnetlink: bring NETDEV_CHANGEUPPER event process back\n in rtnetlink_event (git-fixes).\n\n - rtnetlink: bring NETDEV_POST_TYPE_CHANGE event process\n back in rtnetlink_event (git-fixes).\n\n - rtnetlink: check DO_SETLINK_NOTIFY correctly in\n do_setlink (git-fixes).\n\n - rxrpc: bad unlock balance in rxrpc_recvmsg\n (networking-stable-19_02_10).\n\n - s390/cio: Fix how vfio-ccw checks pinned pages\n (git-fixes).\n\n - s390/cpum_cf: Reject request for sampling in event\n initialization (git-fixes).\n\n - s390/early: improve machine detection (git-fixes).\n\n - s390/mm: always force a load of the primary ASCE on\n context switch (git-fixes).\n\n - s390/mm: fix addressing exception after suspend/resume\n (bsc#1125252).\n\n - s390/qeth: cancel close_dev work before removing a card\n (LTC#175898, bsc#1127561).\n\n - s390/qeth: conclude all event processing before\n offlining a card (LTC#175901, bsc#1127567).\n\n - s390/qeth: fix use-after-free in error path\n (bsc#1127534).\n\n - s390/qeth: invoke softirqs after napi_schedule()\n (git-fixes).\n\n - s390/smp: Fix calling smp_call_ipl_cpu() from ipl CPU\n (git-fixes).\n\n - s390/smp: fix CPU hotplug deadlock with CPU rescan\n (git-fixes).\n\n - s390/sthyi: Fix machine name validity indication\n (git-fixes).\n\n - sata_rcar: fix deferred probing (bsc#1051510).\n\n - sc16is7xx: Fix for multi-channel stall (bsc#1051510).\n\n - sched: Do not re-read h_load_next during hierarchical\n load calculation (bnc#1120909).\n\n - sched/wake_q: Document wake_q_add() (bsc#1050549).\n\n - sched/wake_q: Fix wakeup ordering for wake_q\n (bsc#1050549).\n\n - sched/wake_q: Reduce reference counting for special\n users (bsc#1050549).\n\n - sch_multiq: fix double free on init failure\n (bsc#1051510).\n\n - scripts/git_sort/git_sort.py: add vfs 'fixes' branch\n\n - scsi: core: reset host byte in DID_NEXUS_FAILURE case\n (bsc#1122764).\n\n - scsi: csiostor: remove flush_scheduled_work()\n (bsc#1127363).\n\n - scsi: fix queue cleanup race before queue initialization\n is done (bsc#1125252).\n\n - scsi: ibmvscsi: Fix empty event pool access during host\n removal (bsc#1119019).\n\n - scsi: ibmvscsi: Protect ibmvscsi_head from concurrent\n modificaiton (bsc#1119019).\n\n - scsi: libiscsi: fix possible NULL pointer dereference in\n case of TMF (bsc#1127378).\n\n - scsi: libiscsi: Fix race between iscsi_xmit_task and\n iscsi_complete_task (bsc#1122192).\n\n - scsi: lpfc: Add log messages to aid in debugging fc4type\n discovery issues (bsc#1121317).\n\n - scsi: lpfc: Correct MDS loopback diagnostics support\n (bsc#1121317).\n\n - scsi: lpfc: do not set queue->page_count to 0 if\n pc_sli4_params.wqpcnt is invalid (bsc#1121317).\n\n - scsi: lpfc: Fix discovery failure when PLOGI is defered\n (bsc#1121317).\n\n - scsi: lpfc: Fix link state reporting for trunking when\n adapter is offline (bsc#1121317).\n\n - scsi: lpfc: fix remoteport access (bsc#1125252).\n\n - scsi: lpfc: remove an unnecessary NULL check\n (bsc#1121317).\n\n - scsi: lpfc: update fault value on successful trunk\n events (bsc#1121317).\n\n - scsi: lpfc: Update lpfc version to 12.0.0.10\n (bsc#1121317).\n\n - scsi: mpt3sas: Add ioc_<level> logging macros\n (bsc#1117108).\n\n - scsi: mpt3sas: Annotate switch/case fall-through\n (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT and\n reply_q_name to %s: (bsc#1117108).\n\n - scsi: mpt3sas: Convert logging uses with MPT3SAS_FMT\n without logging levels (bsc#1117108).\n\n - scsi: mpt3sas: Convert mlsleading uses of pr_<level>\n with MPT3SAS_FMT (bsc#1117108).\n\n - scsi: mpt3sas: Convert uses of pr_<level> with\n MPT3SAS_FMT to ioc_<level> (bsc#1117108).\n\n - scsi: mpt3sas: Fix a race condition in\n mpt3sas_base_hard_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Fix indentation (bsc#1117108).\n\n - scsi: mpt3sas: Improve kernel-doc headers (bsc#1117108).\n\n - scsi: mpt3sas: Introduce struct mpt3sas_nvme_cmd\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove KERN_WARNING from panic uses\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove set-but-not-used variables\n (bsc#1117108).\n\n - scsi: mpt3sas: Remove unnecessary parentheses and\n simplify null checks (bsc#1117108).\n\n - scsi: mpt3sas: Remove unused macro MPT3SAS_FMT\n (bsc#1117108).\n\n - scsi: mpt3sas: Split _base_reset_handler(),\n mpt3sas_scsih_reset_handler() and\n mpt3sas_ctl_reset_handler() (bsc#1117108).\n\n - scsi: mpt3sas: Swap I/O memory read value back to cpu\n endianness (bsc#1117108).\n\n - scsi: mpt3sas: switch to generic DMA API (bsc#1117108).\n\n - scsi: mpt3sas: Use dma_pool_zalloc (bsc#1117108).\n\n - scsi: mptsas: Fixup device hotplug for VMware ESXi\n (bsc#1129046).\n\n - scsi: qla2xxx: Enable FC-NVME on NPIV ports\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix a typo in MODULE_PARM_DESC\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix for FC-NVMe discovery for NPIV port\n (bsc#1094555).\n\n - scsi: qla2xxx: Fix NPIV handling for FC-NVMe\n (bsc#1094555).\n\n - scsi: qla2xxx: Initialize port speed to avoid setting\n lower speed (bsc#1094555).\n\n - scsi: qla2xxx: Modify fall-through annotations\n (bsc#1094555).\n\n - scsi: qla2xxx: Remove unnecessary self assignment\n (bsc#1094555).\n\n - scsi: qla2xxx: Simplify conditional check (bsc#1094555).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.12-k\n (bsc#1094555).\n\n - scsi: storvsc: Fix a race in sub-channel creation that\n can cause panic ().\n\n - scsi: sym53c8xx: fix NULL pointer dereference panic in\n sym_int_sir() (bsc#1125315).\n\n - scsi: virtio_scsi: fix pi_bytes(out,in) on 4 KiB block\n size devices (bsc#1114585).\n\n - sctp: add a ceiling to optlen in some sockopts\n (bnc#1129163).\n\n - sctp: improve the events for sctp stream adding\n (networking-stable-19_02_01).\n\n - sctp: improve the events for sctp stream reset\n (networking-stable-19_02_01).\n\n - sd: disable logical block provisioning if 'lbpme' is not\n set (bsc#1086095 bsc#1078355).\n\n - selftests/livepatch: add DYNAMIC_DEBUG config dependency\n (bsc#1071995).\n\n - selftests/livepatch: introduce tests (bsc#1071995).\n\n - selinux: always allow mounting submounts (bsc#1051510).\n\n - seq_buf: Make seq_buf_puts() null-terminate the buffer\n (bsc#1051510).\n\n - serial: 8250_of: assume reg-shift of 2 for mrvl,mmp-uart\n (bsc#1051510).\n\n - serial: 8250_pci: Fix number of ports for ACCES serial\n cards (bsc#1051510).\n\n - serial: 8250_pci: Have ACCES cards that use the four\n port Pericom PI7C9X7954 chip use the pci_pericom_setup()\n (bsc#1051510).\n\n - serial: fix race between flush_to_ldisc and tty_open\n (bsc#1051510).\n\n - serial: fsl_lpuart: clear parity enable bit when disable\n parity (bsc#1051510).\n\n - serial: fsl_lpuart: fix maximum acceptable baud rate\n with over-sampling (bsc#1051510).\n\n - serial: imx: Update cached mctrl value when changing RTS\n (bsc#1051510).\n\n - serial: uartps: Fix stuck ISR if RX disabled with\n non-empty FIFO (bsc#1051510).\n\n - skge: potential memory corruption in skge_get_regs()\n (bsc#1051510).\n\n - sky2: Disable MSI on Dell Inspiron 1545 and Gateway P-79\n (bsc#1051510).\n\n - sky2: Increase D3 delay again (bsc#1051510).\n\n - smb311: Improve checking of negotiate security contexts\n (bsc#1051510).\n\n - smb3: Enable encryption for SMB3.1.1 (bsc#1051510).\n\n - smb3: Fix 3.11 encryption to Windows and handle\n encrypted smb3 tcon (bsc#1051510).\n\n - smb3: Fix SMB3.1.1 guest mounts to Samba (bsc#1051510).\n\n - smb3: remove noisy warning message on mount\n (bsc#1129664).\n\n - soc: bcm: brcmstb: Do not leak device tree node\n reference (bsc#1051510).\n\n - soc: fsl: qbman: avoid race in clearing QMan interrupt\n (bsc#1051510).\n\n - soc/tegra: Do not leak device tree node reference\n (bsc#1051510).\n\n - spi: pxa2xx: Setup maximum supported DMA transfer length\n (bsc#1051510).\n\n - spi: ti-qspi: Fix mmap read when more than one CS in use\n (bsc#1051510).\n\n - spi/topcliff_pch: Fix potential NULL dereference on\n allocation error (bsc#1051510).\n\n - splice: do not merge into linked buffers (git-fixes).\n\n - staging: comedi: ni_660x: fix missing break in switch\n statement (bsc#1051510).\n\n - staging:iio:ad2s90: Make probe handle spi_setup failure\n (bsc#1051510).\n\n - staging: iio: ad7780: update voltage on read\n (bsc#1051510).\n\n - staging: iio: adc: ad7280a: handle error from\n __ad7280_read32() (bsc#1051510).\n\n - staging: iio: adt7316: allow adt751x to use internal\n vref for all dacs (bsc#1051510).\n\n - staging: iio: adt7316: fix register and bit definitions\n (bsc#1051510).\n\n - staging: iio: adt7316: fix the dac read calculation\n (bsc#1051510).\n\n - staging: iio: adt7316: fix the dac write calculation\n (bsc#1051510).\n\n - staging: rtl8723bs: Fix build error with Clang when\n inlining is disabled (bsc#1051510).\n\n - staging: speakup: Replace strncpy with memcpy\n (bsc#1051510).\n\n - staging: wilc1000: fix to set correct value for\n 'vif_num' (bsc#1051510).\n\n - supported.conf\n\n - svm: Add mutex_lock to protect apic_access_page_done on\n AMD systems (bsc#1129285).\n\n - svm: Fix improper check when deactivate AVIC\n (bsc#1130335).\n\n - swiotlb: Add is_swiotlb_active() function (bsc#1120008).\n\n - swiotlb: Introduce swiotlb_max_mapping_size()\n (bsc#1120008).\n\n - switchtec: Fix SWITCHTEC_IOCTL_EVENT_IDX_ALL flags\n overwrite (bsc#1051510).\n\n - switchtec: Remove immediate status check after\n submitting MRPC command (bsc#1051510).\n\n - sysfs: Disable lockdep for driver bind/unbind files\n (bsc#1051510).\n\n - tcp: batch tcp_net_metrics_exit (bsc#1122982).\n\n - tcp: change txhash on SYN-data timeout\n (networking-stable-19_01_20).\n\n - tcp: handle inet_csk_reqsk_queue_add() failures\n (git-fixes).\n\n - team: avoid complex list operations in\n team_nl_cmd_options_set() (bsc#1051510).\n\n - team: Free BPF filter when unregistering netdev\n (bsc#1051510).\n\n - thermal: bcm2835: Fix crash in bcm2835_thermal_debugfs\n (bsc#1051510).\n\n - thermal: do not clear passive state during system sleep\n (bsc#1051510).\n\n - thermal/drivers/hisi: Encapsulate register writes into\n helpers (bsc#1051510).\n\n - thermal/drivers/hisi: Fix configuration register setting\n (bsc#1051510).\n\n - thermal: generic-adc: Fix adc to temp interpolation\n (bsc#1051510).\n\n - thermal: hwmon: inline helpers when CONFIG_THERMAL_HWMON\n is not set (bsc#1051510).\n\n - thermal/intel_powerclamp: fix truncated kthread name ().\n\n - thermal: mediatek: fix register index error\n (bsc#1051510).\n\n - timekeeping: Use proper seqcount initializer\n (bsc#1051510).\n\n - tipc: eliminate KMSAN uninit-value in strcmp complaint\n (bsc#1051510).\n\n - tipc: error path leak fixes in tipc_enable_bearer()\n (bsc#1051510).\n\n - tipc: fix a race condition of releasing subscriber\n object (bsc#1051510).\n\n - tipc: fix bug in function tipc_nl_node_dump_monitor\n (bsc#1051510).\n\n - tipc: fix infinite loop when dumping link monitor\n summary (bsc#1051510).\n\n - tipc: fix RDM/DGRAM connect() regression (bsc#1051510).\n\n - tipc: fix uninit-value in tipc_nl_compat_bearer_enable\n (bsc#1051510).\n\n - tipc: fix uninit-value in tipc_nl_compat_doit\n (bsc#1051510).\n\n - tipc: fix uninit-value in\n tipc_nl_compat_link_reset_stats (bsc#1051510).\n\n - tipc: fix uninit-value in tipc_nl_compat_link_set\n (bsc#1051510).\n\n - tipc: fix uninit-value in tipc_nl_compat_name_table_dump\n (bsc#1051510).\n\n - tpm: fix kdoc for tpm2_flush_context_cmd()\n (bsc#1051510).\n\n - tpm: Fix some name collisions with drivers/char/tpm.h\n (bsc#1051510).\n\n - tpm: return a TPM_RC_COMMAND_CODE response if command is\n not implemented (bsc#1051510).\n\n - tpm: Return the actual size when receiving an\n unsupported command (bsc#1051510).\n\n - tpm: suppress transmit cmd error logs when TPM 1.2 is\n disabled/deactivated (bsc#1051510).\n\n - tpm_tis_spi: Pass the SPI IRQ down to the driver\n (bsc#1051510).\n\n - tpm/tpm_crb: Avoid unaligned reads in crb_recv()\n (bsc#1051510).\n\n - tpm/tpm_i2c_infineon: switch to i2c_lock_bus(...,\n I2C_LOCK_SEGMENT) (bsc#1051510).\n\n - tpm: tpm_i2c_nuvoton: use correct command duration for\n TPM 2.x (bsc#1051510).\n\n - tpm: tpm_try_transmit() refactor error flow\n (bsc#1051510).\n\n - tracing: Do not free iter->trace in fail path of\n tracing_open_pipe() (bsc#1129581).\n\n - tracing/uprobes: Fix output for multiple string\n arguments (bsc#1126495).\n\n - tracing: Use strncpy instead of memcpy for string keys\n in hist triggers (bsc#1129625).\n\n - Tree connect for SMB3.1.1 must be signed for\n non-encrypted shares (bsc#1051510).\n\n - tty: ipwireless: Fix potential NULL pointer dereference\n (bsc#1051510).\n\n - tty: serial: samsung: Properly set flags in autoCTS mode\n (bsc#1051510).\n\n - ucc_geth: Reset BQL queue when stopping device\n (networking-stable-19_02_01).\n\n - ucma: fix a use-after-free in ucma_resolve_ip()\n (bsc#1051510).\n\n - uevent: add alloc_uevent_skb() helper (bsc#1122982).\n\n - uio: Reduce return paths from uio_write() (bsc#1051510).\n\n - Update config files. Remove conditional support for SMB2\n and SMB3 :\n\n - Update\n patches.arch/s390-sles15-zcrypt-fix-specification-except\n ion.patch (LTC#174936, bsc#1123060, bsc#1123061).\n\n - Update\n patches.fixes/acpi-nfit-Block-function-zero-DSMs.patch\n (bsc#1051510, bsc#1121789).\n\n - Update\n patches.fixes/acpi-nfit-Fix-command-supported-detection.\n patch (bsc#1051510, bsc#1121789). Add more detailed\n bugzilla reference.\n\n - uprobes: Fix handle_swbp() vs. unregister() + register()\n race once more (bsc#1051510).\n\n - usb: Add new USB LPM helpers (bsc#1120902).\n\n - usb: cdc-acm: fix race during wakeup blocking TX traffic\n (bsc#1129770).\n\n - usb: common: Consider only available nodes for dr_mode\n (bsc#1129770).\n\n - usb: Consolidate LPM checks to avoid enabling LPM twice\n (bsc#1120902).\n\n - usb: core: only clean up what we allocated\n (bsc#1051510).\n\n - usb: dwc3: Correct the logic for checking TRB full in\n __dwc3_prepare_one_trb() (bsc#1051510).\n\n - usb: dwc3: gadget: Disable CSP for stream OUT ep\n (bsc#1051510).\n\n - usb: dwc3: gadget: Fix the uninitialized link_state when\n udc starts (bsc#1051510).\n\n - usb: dwc3: gadget: Handle 0 xfer length for OUT EP\n (bsc#1051510).\n\n - usb: dwc3: gadget: synchronize_irq dwc irq in suspend\n (bsc#1051510).\n\n - usb: gadget: f_hid: fix deadlock in f_hidg_write()\n (bsc#1129770).\n\n - usb: gadget: musb: fix short isoc packets with inventra\n dma (bsc#1051510).\n\n - usb: gadget: Potential NULL dereference on allocation\n error (bsc#1051510).\n\n - usb: gadget: udc: net2272: Fix bitwise and boolean\n operations (bsc#1051510).\n\n - usb: hub: delay hub autosuspend if USB3 port is still\n link training (bsc#1051510).\n\n - usb: mtu3: fix the issue about SetFeature(U1/U2_Enable)\n (bsc#1051510).\n\n - usb: musb: dsps: fix otg state machine (bsc#1051510).\n\n - usb: musb: dsps: fix runtime pm for peripheral mode\n (bsc#1120902).\n\n - usbnet: smsc95xx: fix rx packet alignment (bsc#1051510).\n\n - usb: phy: am335x: fix race condition in _probe\n (bsc#1051510).\n\n - usb: phy: fix link errors (bsc#1051510).\n\n - usb: phy: twl6030-usb: fix possible use-after-free on\n remove (bsc#1051510).\n\n - usb: serial: cp210x: add ID for Ingenico 3070\n (bsc#1129770).\n\n - usb: serial: ftdi_sio: add ID for Hjelmslund Electronics\n USB485 (bsc#1129770).\n\n - usb: serial: mos7720: fix mos_parport refcount imbalance\n on error path (bsc#1129770).\n\n - usb: serial: option: add Telit ME910 ECM composition\n (bsc#1129770).\n\n - usb: serial: option: set driver_info for SIM5218 and\n compatibles (bsc#1129770).\n\n - usb: serial: pl2303: add new PID to support PL2303TB\n (bsc#1051510).\n\n - usb: serial: simple: add Motorola Tetra TPG2200 device\n id (bsc#1051510).\n\n - veth: set peer GSO values (bsc#1051510).\n\n - vfio: ccw: fix cleanup if cp_prefetch fails (git-fixes).\n\n - vfio: ccw: process ssch with interrupts disabled\n (git-fixes).\n\n - vfs: Add iomap_seek_hole and iomap_seek_data helpers\n (bsc#1070995).\n\n - vfs: Add page_cache_seek_hole_data helper (bsc#1070995).\n\n - vfs: in iomap seek_(hole,data), return -ENXIO for\n negative offsets (bsc#1070995).\n\n - vhost: correctly check the return value of\n translate_desc() in log_used() (bsc#1051510).\n\n - vhost: log dirty page correctly\n (networking-stable-19_01_26).\n\n - vhost/vsock: fix uninitialized vhost_vsock->guest_cid\n (bsc#1051510).\n\n - video: clps711x-fb: release disp device node in probe()\n (bsc#1051510).\n\n - virtio-blk: Consider virtio_max_dma_size() for maximum\n segment size (bsc#1120008).\n\n - virtio: Introduce virtio_max_dma_size() (bsc#1120008).\n\n - virtio_net: Do not call free_old_xmit_skbs for\n xdp_frames (networking-stable-19_02_01).\n\n - virtio/s390: avoid race on vcdev->config (git-fixes).\n\n - virtio/s390: fix race in ccw_io_helper() (git-fixes).\n\n - vmci: Support upto 64-bit PPNs (bsc#1127286).\n\n - vsock: cope with memory allocation failure at socket\n creation time (bsc#1051510).\n\n - vxge: ensure data0 is initialized in when fetching\n firmware version information (bsc#1051510).\n\n - vxlan: Fix GRO cells race condition between receive and\n link delete (git-fixes).\n\n - vxlan: test dev->flags & IFF_UP before calling\n gro_cells_receive() (git-fixes).\n\n - vxlan: update skb dst pmtu on tx path (bsc#1123456).\n\n - w90p910_ether: remove incorrect __init annotation\n (bsc#1051510).\n\n - watchdog: docs: kernel-api: do not reference removed\n functions (bsc#1051510).\n\n - x86: Add TSX Force Abort CPUID/MSR (bsc#1121805).\n\n - x86/a.out: Clear the dump structure initially\n (bsc#1114279).\n\n - x86/apic: Provide apic_ack_irq() (bsc#1122822).\n\n - x86/boot/e820: Avoid overwriting e820_table_firmware\n (bsc#1127154).\n\n - x86/boot/e820: Introduce the bootloader provided\n e820_table_firmware[] table (bsc#1127154).\n\n - x86/boot/e820: Rename the e820_table_firmware to\n e820_table_kexec (bsc#1127154).\n\n - x86/cpu: Add Atom Tremont (Jacobsville) ().\n\n - x86/CPU/AMD: Set the CPB bit unconditionally on F17h\n (bsc#1114279).\n\n - x86/efi: Allocate e820 buffer before calling\n efi_exit_boot_service (bsc#1127307).\n\n - x86/Hyper-V: Set x2apic destination mode to physical\n when x2apic is available (bsc#1122822).\n\n - x86/kaslr: Fix incorrect i8254 outb() parameters\n (bsc#1114279).\n\n - x86/mce: Improve error message when kernel cannot\n recover, p2 (bsc#1114279).\n\n - x86/mtrr: Do not copy uninitialized gentry fields back\n to userspace (bsc#1114279).\n\n - x86/pkeys: Properly copy pkey state at fork()\n (bsc#1129366).\n\n - x86/platform/UV: Use efi_runtime_lock to serialise BIOS\n calls (bsc#1125614).\n\n - x86: respect memory size limiting via mem= parameter\n (bsc#1117645).\n\n - x86/vdso: Remove obsolete 'fake section table'\n reservation (bsc#1114279).\n\n - x86/xen: dont add memory above max allowed allocation\n (bsc#1117645).\n\n - xen, cpu_hotplug: Prevent an out of bounds access\n (bsc#1065600).\n\n - xen: fix dom0 boot on huge systems (bsc#1127836).\n\n - xen/manage: do not complain about an empty value in\n control/sysrq node (bsc#1065600).\n\n - xen: remove pre-xen3 fallback handlers (bsc#1065600).\n\n - xfs: add option to mount with barrier=0 or barrier=1\n (bsc#1088133).\n\n - xfs: fix contiguous dquot chunk iteration livelock\n (bsc#1070995).\n\n - xfs: remove filestream item xfs_inode reference\n (bsc#1127961).\n\n - xfs: rewrite xfs_dq_get_next_id using\n xfs_iext_lookup_extent (bsc#1070995).\n\n - xfs: Switch to iomap for SEEK_HOLE / SEEK_DATA\n (bsc#1070995).\n\n - yama: Check for pid death before checking ancestry\n (bsc#1051510).\n\n - yam: fix a missing-check bug (bsc#1051510).\n\n - zswap: re-check zswap_is_full() after do zswap_shrink()\n (bsc#1051510).\n\n - x86/uaccess: Do not leak the AC flag into __put_user()\n value evaluation (bsc#1114279).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1046306\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1060463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1063638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1070995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082943\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083647\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086095\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1086282\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1088133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1100132\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1103429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106811\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108101\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113939\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1117645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120008\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1120909\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1121805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1122982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123456\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123882\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124055\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124235\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124978\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124979\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124980\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1124984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125125\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125342\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125728\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125797\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1125947\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126209\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126356\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126476\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126480\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126481\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126789\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126790\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126804\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1126807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127286\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127307\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127445\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127493\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127495\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127496\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127534\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127561\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127567\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127595\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127731\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127836\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127961\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128094\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128451\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1128895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129046\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129080\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129179\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129183\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129205\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129276\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129281\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129285\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129291\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129292\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129294\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129327\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129330\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129497\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129543\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129547\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129551\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129581\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130336\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130425\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1130518\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131062\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=824948\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8912\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.58.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.58.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T16:01:06", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4670 advisory.\n\n - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e.\n depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target.\n Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. (CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout() and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup. (CVE-2019-11815)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command, because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (CVE-2019-3459)\n\n - A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (root) can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. (CVE-2019-3819)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4670)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14633", "CVE-2018-20836", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11884", "CVE-2019-3459", "CVE-2019-3819"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4670.NASL", "href": "https://www.tenable.com/plugins/nessus/125755", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4670.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125755);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2018-14633\",\n \"CVE-2018-20836\",\n \"CVE-2019-3459\",\n \"CVE-2019-3819\",\n \"CVE-2019-11810\",\n \"CVE-2019-11815\",\n \"CVE-2019-11884\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4670)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4670 advisory.\n\n - A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux\n kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote\n attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the\n iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e.\n depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and\n thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target.\n Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is\n highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. (CVE-2018-14633)\n\n - An issue was discovered in the Linux kernel before 4.20. There is a race condition in smp_task_timedout()\n and smp_task_done() in drivers/scsi/libsas/sas_expander.c, leading to a use-after-free. (CVE-2018-20836)\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a\n race condition leading to a use-after-free, related to net namespace cleanup. (CVE-2019-11815)\n\n - The do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a\n local user to obtain potentially sensitive information from kernel stack memory via a HIDPCONNADD command,\n because a name field may not end with a '\\0' character. (CVE-2019-11884)\n\n - A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before\n 5.1-rc1. (CVE-2019-3459)\n\n - A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c\n file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged\n user (root) can cause a system lock up and a denial of service. Versions from v4.18 and newer are\n vulnerable. (CVE-2019-3819)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4670.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-11815\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/09/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.28.1.el6uek', '4.1.12-124.28.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4670');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.28.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.28.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.28.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.28.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.28.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.28.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:30:14", "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.162 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\n - CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\n - CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\n - CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\n - CVE-2018-9516: A lack of certain checks in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file might have resulted in receiving userspace buffer overflow and an out-of-bounds write or to the infinite loop. (bnc#1108498).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: iphc: reset mac_header after decompress to fix panic (bnc#1012382).\n\n - Add azure kernel description.\n\n - Add bug reference to patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack\n -fix1.patch\n\n - Add graphviz to buildreq for image conversion\n\n - Add reference to bsc#1104124 to patches.fixes/fs-aio-fix-the-increment-of-aio-nr-and-cou nting-agai.patch\n\n - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bnc#1012382).\n\n - ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760 (bnc#1012382).\n\n - apparmor: remove no-op permission check in policy_unpack (git-fixes).\n\n - ARC: build: Get rid of toolchain check (bnc#1012382).\n\n - ARC: clone syscall to setp r25 as thread pointer (bnc#1012382).\n\n - arch/hexagon: fix kernel/dma.c build warning (bnc#1012382).\n\n - arch-symbols: use bash as interpreter since the script uses bashism.\n\n - arm64: cpufeature: Track 32bit EL0 support (bnc#1012382).\n\n - arm64: jump_label.h: use asm_volatile_goto macro instead of 'asm goto' (bnc#1012382).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from userspace (bnc#1012382).\n\n - arm64: KVM: Tighten guest core register access from userspace (bnc#1012382).\n\n - ARM: dts: at91: add new compatibility string for macb on sama5d3 (bnc#1012382).\n\n - ARM: dts: dra7: fix DCAN node addresses (bnc#1012382).\n\n - ARM: mvebu: declare asm symbols as character arrays in pmsu.c (bnc#1012382).\n\n - ASoC: dapm: Fix potential DAI widget pointer deref when linking DAIs (bnc#1012382).\n\n - ASoC: sigmadsp: safeload should not have lower byte limit (bnc#1012382).\n\n - ASoC: wm8804: Add ACPI support (bnc#1012382).\n\n - ath10k: fix scan crash due to incorrect length calculation (bnc#1012382).\n\n - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait (bnc#1012382).\n\n - ath10k: protect ath10k_htt_rx_ring_free with rx_ring.lock (bnc#1012382).\n\n - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009 (bnc#1012382).\n\n - bnxt_en: Fix TX timeout during netpoll (bnc#1012382).\n\n - bonding: avoid possible dead-lock (bnc#1012382).\n\n - bpf: fix cb access in socket filter programs on tail calls (bsc#1012382).\n\n - bpf: fix map not being uncharged during map creation failure (bsc#1012382).\n\n - bpf, s390: fix potential memleak when later bpf_jit_prog fails (git-fixes).\n\n - bpf, s390x: do not reload skb pointers in non-skb context (git-fixes).\n\n - bsc#1106913: Replace with upstream variants Delete patches.suse/11-x86-mm-only-set-ibpb-when-the-new-thread\n -cannot-ptrace-current-thread.patch.\n\n - bs-upload-kernel: do not set %opensuse_bs Since SLE15 it is not set in the distribution project so do not set it for kernel projects either.\n\n - btrfs: add a comp_refs() helper (dependency for bsc#1031392).\n\n - btrfs: add missing initialization in btrfs_check_shared (Git-fixes bsc#1112262).\n\n - btrfs: add tracepoints for outstanding extents mods (dependency for bsc#1031392).\n\n - btrfs: add wrapper for counting BTRFS_MAX_EXTENT_SIZE (dependency for bsc#1031392).\n\n - btrfs: cleanup extent locking sequence (dependency for bsc#1031392).\n\n - btrfs: defrag: use btrfs_mod_outstanding_extents in cluster_pages_for_defrag (Follow up fixes for bsc#1031392).\n\n - btrfs: delayed-inode: Remove wrong qgroup meta reservation calls (bsc#1031392).\n\n - btrfs: delayed-inode: Use new qgroup meta rsv for delayed inode and item (bsc#1031392).\n\n - btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667).\n\n - btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).\n\n - btrfs: fix error handling in btrfs_dev_replace_start (bsc#1107535).\n\n - Btrfs: fix invalid attempt to free reserved space on failure to cow range (dependency for bsc#1031392).\n\n - btrfs: fix missing error return in btrfs_drop_snapshot (Git-fixes bsc#1109919).\n\n - btrfs: Fix race condition between delayed refs and blockgroup removal (Git-fixes bsc#1112263).\n\n - btrfs: Fix wrong btrfs_delalloc_release_extents parameter (bsc#1031392).\n\n - Btrfs: kill trans in run_delalloc_nocow and btrfs_cross_ref_exist (dependency for bsc#1031392).\n\n - btrfs: make the delalloc block rsv per inode (dependency for bsc#1031392).\n\n - Btrfs: pass delayed_refs directly to btrfs_find_delayed_ref_head (dependency for bsc#1031392).\n\n - btrfs: qgroup: Add quick exit for non-fs extents (dependency for bsc#1031392).\n\n - btrfs: qgroup: Cleanup btrfs_qgroup_prepare_account_extents function (dependency for bsc#1031392).\n\n - btrfs: qgroup: Cleanup the remaining old reservation counters (bsc#1031392).\n\n - btrfs: qgroup: Commit transaction in advance to reduce early EDQUOT (bsc#1031392).\n\n - btrfs: qgroup: Do not use root->qgroup_meta_rsv for qgroup (bsc#1031392).\n\n - btrfs: qgroup: Fix wrong qgroup reservation update for relationship modification (bsc#1031392).\n\n - btrfs: qgroup: Introduce function to convert META_PREALLOC into META_PERTRANS (bsc#1031392).\n\n - btrfs: qgroup: Introduce helpers to update and access new qgroup rsv (bsc#1031392).\n\n - btrfs: qgroup: Make qgroup_reserve and its callers to use separate reservation type (bsc#1031392).\n\n - btrfs: qgroup: Skeleton to support separate qgroup reservation type (bsc#1031392).\n\n - btrfs: qgroups: opencode qgroup_free helper (dependency for bsc#1031392).\n\n - btrfs: qgroup: Split meta rsv type into meta_prealloc and meta_pertrans (bsc#1031392).\n\n - btrfs: qgroup: Update trace events for metadata reservation (bsc#1031392).\n\n - btrfs: qgroup: Update trace events to use new separate rsv types (bsc#1031392).\n\n - btrfs: qgroup: Use independent and accurate per inode qgroup rsv (bsc#1031392).\n\n - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record qgroup meta reserved space (bsc#1031392).\n\n - btrfs: qgroup: Use separate meta reservation type for delalloc (bsc#1031392).\n\n - btrfs: remove type argument from comp_tree_refs (dependency for bsc#1031392).\n\n - Btrfs: rework outstanding_extents (dependency for bsc#1031392).\n\n - btrfs: switch args for comp_*_refs (dependency for bsc#1031392).\n\n - btrfs: Take trans lock before access running trans in check_delayed_ref (Follow up fixes for bsc#1031392).\n\n - ceph: avoid a use-after-free in ceph_destroy_options() (bsc#1112007).\n\n - cfg80211: fix a type issue in ieee80211_chandef_to_operating_class() (bnc#1012382).\n\n - cfg80211: nl80211_update_ft_ies() to validate NL80211_ATTR_IE (bnc#1012382).\n\n - cgroup: Fix deadlock in cpu hotplug path (bnc#1012382).\n\n - cgroup, netclassid: add a preemption point to write_classid (bnc#1098996).\n\n - CIFS: check for STATUS_USER_SESSION_DELETED (bsc#1112902).\n\n - cifs: connect to servername instead of IP for IPC$ share (bsc#1106359).\n\n - cifs: fix memory leak in SMB2_open() (bsc#1112894).\n\n - cifs: Fix use after free of a mid_q_entry (bsc#1112903).\n\n - cifs: read overflow in is_valid_oplock_break() (bnc#1012382).\n\n - clocksource/drivers/ti-32k: Add CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs (bnc#1012382).\n\n - config.sh: set BUGZILLA_PRODUCT for SLE12-SP3\n\n - crypto: mxs-dcp - Fix wait logic on chan threads (bnc#1012382).\n\n - crypto: skcipher - Fix -Wstringop-truncation warnings (bnc#1012382).\n\n - Define dependencies of in-kernel KMPs statically This allows us to use rpm's internal dependency generator (bsc#981083).\n\n - dm cache: fix resize crash if user does not reload cache table (bnc#1012382).\n\n - dm thin metadata: fix __udivdi3 undefined on 32-bit (bnc#1012382).\n\n - dm thin metadata: try to avoid ever aborting transactions (bnc#1012382).\n\n - Do not ship firmware (bsc#1054239). Pull firmware from kernel-firmware instead.\n\n - drivers/tty: add error handling for pcmcia_loop_config (bnc#1012382).\n\n - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7 (bnc#1012382).\n\n - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is missing from VBIOS (bnc#1012382).\n\n - drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1106929)\n\n - Drop dtb-source.spec and move the sources to kernel-source (bsc#1011920)\n\n - Drop multiversion(kernel) from the KMP template ()\n\n - e1000: check on netif_running() before calling e1000_up() (bnc#1012382).\n\n - e1000: ensure to free old tx/rx rings in set_ringparam() (bnc#1012382).\n\n - ebtables: arpreply: Add the standard target sanity check (bnc#1012382).\n\n - EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114648).\n\n - Enable kernel-obs-(build,qa) also in the vanilla branches\n\n - ethtool: restore erroneously removed break in dev_ethtool (bsc#1114229).\n\n - fbdev: fix broken menu dependencies (bsc#1106929)\n\n - fbdev/omapfb: fix omapfb_memory_read infoleak (bnc#1012382).\n\n - Fix file list to remove REPORTING-BUGS\n\n - Fix html and pdf creation in Documetation/media/*\n\n - floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (bnc#1012382).\n\n - fs/cifs: do not translate SFM_SLASH (U+F026) to backslash (bnc#1012382).\n\n - fs/cifs: suppress a string overflow warning (bnc#1012382).\n\n - gpio: adp5588: Fix sleep-in-atomic-context bug (bnc#1012382).\n\n - hexagon: modify ffs() and fls() to return int (bnc#1012382).\n\n - HID: hid-ntrig: add error handling for sysfs_create_group (bnc#1012382).\n\n - housekeeping: btrfs selftests: fold backport fix into backport patch\n\n - housekeeping: move btrfs patches to sorted section. No code changes.\n\n - hv: avoid crash in vmbus sysfs files (bnc#1108377).\n\n - hwmon: (adt7475) Make adt7475_read_word() return errors (bnc#1012382).\n\n - hwmon: (ina2xx) fix sysfs shunt resistor read access (bnc#1012382).\n\n - hwrng: core - document the quality field (git-fixes).\n\n - i2c: i2c-scmi: fix for i2c_smbus_write_block_data (bnc#1012382).\n\n - i2c: i801: Allow ACPI AML access I/O ports not reserved for SMBus (bnc#1012382).\n\n - i2c: uniphier-f: issue STOP only for last message or I2C_M_STOP (bnc#1012382).\n\n - i2c: uniphier: issue STOP only for last message or I2C_M_STOP (bnc#1012382).\n\n - IB/srp: Avoid that sg_reset -d $(srp_device) triggers an infinite loop (bnc#1012382).\n\n - Input: atakbd - fix Atari CapsLock behaviour (bnc#1012382).\n\n - Input: atakbd - fix Atari keymap (bnc#1012382).\n\n - Input: elantech - enable middle button of touchpad on ThinkPad P72 (bnc#1012382).\n\n - ip6_tunnel: be careful when accessing the inner header (bnc#1012382).\n\n - ip_tunnel: be careful when accessing the inner header (bnc#1012382).\n\n - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr() (bnc#1012382).\n\n - ixgbe: pci_set_drvdata must be called before register_netdev (Git-fixes bsc#1109923).\n\n - jffs2: return -ERANGE when xattr buffer is too small (bnc#1012382).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bnc#1012382).\n\n - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch (bnc#1012382).\n\n - lib/test_hexdump.c: fix failure on big endian cpu (bsc#1106110).\n\n - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382).\n\n - mac80211: fix a race between restart and CSA flows (bnc#1012382).\n\n - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP mode keys (bnc#1012382).\n\n - mac80211: Fix station bandwidth setting after channel switch (bnc#1012382).\n\n - mac80211_hwsim: correct use of IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382).\n\n - mac80211: mesh: fix HWMP sequence numbering to follow standard (bnc#1012382).\n\n - mac80211: shorten the IBSS debug messages (bnc#1012382).\n\n - mach64: detect the dot clock divider correctly on sparc (bnc#1012382).\n\n - md-cluster: clear another node's suspend_area after the copy is finished (bnc#1012382).\n\n - media: af9035: prevent buffer overflow on write (bnc#1012382).\n\n - media: exynos4-is: Prevent NULL pointer dereference in\n __isp_video_try_fmt() (bnc#1012382).\n\n - media: fsl-viu: fix error handling in viu_of_probe() (bnc#1012382).\n\n - media: omap3isp: zero-initialize the isp cam_xclk(a,b) initial data (bnc#1012382).\n\n - media: omap_vout: Fix a possible NULL pointer dereference in omap_vout_open() (bsc#1050431).\n\n - media: s3c-camif: ignore -ENOIOCTLCMD from v4l2_subdev_call for s_power (bnc#1012382).\n\n - media: soc_camera: ov772x: correct setting of banding filter (bnc#1012382).\n\n - media: tm6000: add error handling for dvb_register_adapter (bnc#1012382).\n\n - media: uvcvideo: Support realtek's UVC 1.5 device (bnc#1012382).\n\n - media: v4l: event: Prevent freeing event subscriptions while accessed (bnc#1012382).\n\n - media: videobuf-dma-sg: Fix dma_(sync,unmap)_sg() calls (bsc#1050431).\n\n - memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n\n - mfd: omap-usb-host: Fix dts probe of children (bnc#1012382).\n\n - mm: madvise(MADV_DODUMP): allow hugetlbfs pages (bnc#1012382).\n\n - mm: /proc/pid/pagemap: hide swap entries from unprivileged users (Git-fixes bsc#1109907).\n\n - mm/vmstat.c: fix outdated vmstat_text (bnc#1012382).\n\n - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly (bnc#1012382).\n\n - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly (git fixes).\n\n - module: exclude SHN_UNDEF symbols from kallsyms api (bnc#1012382).\n\n - move changes without Git-commit out of sorted section\n\n - net: cadence: Fix a sleep-in-atomic-context bug in macb_halt_tx() (bnc#1012382).\n\n - net: hns: fix length and page_offset overflow when CONFIG_ARM64_64K_PAGES (bnc#1012382).\n\n - net: ipv4: update fnhe_pmtu when first hop's MTU changes (bnc#1012382).\n\n - net/ipv6: Display all addresses in output of /proc/net/if_inet6 (bnc#1012382).\n\n - netlabel: check for IPV4MASK in addrinfo_get (bnc#1012382).\n\n - net: macb: disable scatter-gather for macb on sama5d3 (bnc#1012382).\n\n - net/mlx4: Use cpumask_available for eq->affinity_mask (bnc#1012382).\n\n - net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (bnc#1012382).\n\n - net: systemport: Fix wake-up interrupt race during resume (bnc#1012382).\n\n - net/usb: cancel pending work when unbinding smsc75xx (bnc#1012382).\n\n - NFS: add nostatflush mount option (bsc#1065726).\n\n - NFS: Avoid quadratic search when freeing delegations (bsc#1084760).\n\n - nfsd: fix corrupted reply to badly ordered compound (bnc#1012382).\n\n - ocfs2: fix locking for res->tracking and dlm->tracking_list (bnc#1012382).\n\n - of: unittest: Disable interrupt node tests for old world MAC systems (bnc#1012382).\n\n - ovl: Copy inode attributes after setting xattr (bsc#1107299).\n\n - Pass x86 as architecture on x86_64 and i386 (bsc#1093118).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: Reprogram bridge prefetch registers on resume (bnc#1012382).\n\n - perf probe powerpc: Ignore SyS symbols irrespective of endianness (bnc#1012382).\n\n - perf script python: Fix export-to-postgresql.py occasional failure (bnc#1012382).\n\n - PM / core: Clear the direct_complete flag on errors (bnc#1012382).\n\n - powerpc/kdump: Handle crashkernel memory reservation failure (bnc#1012382).\n\n - powerpc/numa: Skip onlining a offline node in kdump path (bsc#1109784).\n\n - powerpc/perf/hv-24x7: Fix passing of catalog version number (bsc#1053043).\n\n - powerpc/pseries: Fix build break for SPLPAR=n and CPU hotplug (bsc#1079524, git-fixes).\n\n - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906, git-fixes).\n\n - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158).\n\n - powerpc/pseries/mm: factorize PTE slot computation (bsc#1109158).\n\n - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE (bsc#1109158).\n\n - powerpc/rtas: Fix a potential race between CPU-Offline & Migration (bsc#1111870).\n\n - power: vexpress: fix corruption in notifier registration (bnc#1012382).\n\n - proc: restrict kernel stack dumps to root (bnc#1012382).\n\n - qlcnic: fix Tx descriptor corruption on 82xx devices (bnc#1012382).\n\n - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing RTL_FLAG_TASK_ENABLED (bnc#1012382).\n\n - RAID10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (bnc#1012382).\n\n - rculist: add list_for_each_entry_from_rcu() (bsc#1084760).\n\n - rculist: Improve documentation for list_for_each_entry_from_rcu() (bsc#1084760).\n\n - RDMA/ucma: check fd type in ucma_migrate_id() (bnc#1012382).\n\n - README: Clean-up trailing whitespace\n\n - reiserfs: add check to detect corrupted directory entry (bsc#1109818).\n\n - reiserfs: do not panic on bad directory entries (bsc#1109818).\n\n - resource: Include resource end in walk_*() interfaces (bsc#1114648).\n\n - Revert 'btrfs: qgroups: Retry after commit on getting EDQUOT' (bsc#1031392).\n\n - Revert 'drm: Do not pass negative delta to ktime_sub_ns()' (bsc#1106929)\n\n - Revert 'drm/i915: Initialize HWS page address after GPU reset' (bsc#1106929)\n\n - Revert 'KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch' (kabi).\n\n - Revert 'media: v4l: event: Prevent freeing event subscriptions while accessed' (kabi).\n\n - Revert 'proc: restrict kernel stack dumps to root' (kabi).\n\n - Revert 'rpm/constraints.in: Lower default disk space requirement from 25G to 24G' This reverts commit 406abda1467c038842febffe264faae1fa2e3c1d. ok, did not wait long enough to see the failure.\n\n - Revert 'Skip intel_crt_init for Dell XPS 8700' (bsc#1106929)\n\n - Revert 'tcp: add tcp_ooo_try_coalesce() helper' (kabi).\n\n - Revert 'tcp: call tcp_drop() from tcp_data_queue_ofo()' (kabi).\n\n - Revert 'tcp: fix a stale ooo_last_skb after a replace' (kabi).\n\n - Revert 'tcp: free batches of packets in tcp_prune_ofo_queue()' (kabi).\n\n - Revert 'tcp: use an RB tree for ooo receive queue' (kabi).\n\n - Revert 'usb: cdc-wdm: Fix a sleep-in-atomic-context bug in service_outstanding_interrupt()' (bnc#1012382).\n\n - Revert 'x86/fpu: Finish excising 'eagerfpu'' (kabi).\n\n - Revert 'x86/fpu: Remove struct fpu::counter' (kabi).\n\n - Revert 'x86/fpu: Remove use_eager_fpu()' (kabi).\n\n - rndis_wlan: potential buffer overflow in rndis_wlan_auth_indication() (bnc#1012382).\n\n - rpm/apply-patches: Fix failure if there are no vanilla patches The grep command returns 1 if there are no patches and we are using pipefail.\n\n - rpm/constraints.in: build ARM on at least 2 cpus\n\n - rpm/constraints.in: Lower default disk space requirement from 25G to 24G 25G is rejected by the build service on ARM.\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (bnc#1012382).\n\n - s390/chsc: Add exception handler for CHSC instruction (git-fixes).\n\n - s390/extmem: fix gcc 8 stringop-overflow warning (bnc#1012382).\n\n - s390/kdump: Fix elfcorehdr size calculation (git-fixes).\n\n - s390/kdump: Make elfcorehdr size calculation ABI compliant (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n\n - s390/qeth: do not dump past end of unknown HW header (bnc#1012382).\n\n - s390/qeth: handle failure on workqueue creation (git-fixes).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - s390/stacktrace: fix address ranges for asynchronous and panic stack (git-fixes).\n\n - scsi: bnx2i: add error handling for ioremap_nocache (bnc#1012382).\n\n - scsi: ibmvscsi: Improve strings handling (bnc#1012382).\n\n - scsi: klist: Make it safe to use klists in atomic context (bnc#1012382).\n\n - scsi: target/iscsi: Make iscsit_ta_authentication() respect the output buffer size (bnc#1012382).\n\n - selftests/efivarfs: add required kernel configs (bnc#1012382).\n\n - serial: cpm_uart: return immediately from console poll (bnc#1012382).\n\n - serial: imx: restore handshaking irq for imx1 (bnc#1012382).\n\n - signal: Properly deliver SIGSEGV from x86 uprobes (bsc#1110006).\n\n - slub: make ->cpu_partial unsigned int (bnc#1012382).\n\n - smb2: fix missing files in root share directory listing (bnc#1012382).\n\n - smb3: fill in statfs fsid and correct namelen (bsc#1112905).\n\n - sound: enable interrupt after dma buffer initialization (bnc#1012382).\n\n - spi: rspi: Fix interrupted DMA transfers (bnc#1012382).\n\n - spi: rspi: Fix invalid SPI use during system suspend (bnc#1012382).\n\n - spi: sh-msiof: Fix handling of write value for SISTR register (bnc#1012382).\n\n - spi: sh-msiof: Fix invalid SPI use during system suspend (bnc#1012382).\n\n - spi: tegra20-slink: explicitly enable/disable clock (bnc#1012382).\n\n - staging: android: ashmem: Fix mmap size validation (bnc#1012382).\n\n - staging: rts5208: fix missing error check on call to rtsx_write_register (bnc#1012382).\n\n - stmmac: fix valid numbers of unicast filter entries (bnc#1012382).\n\n - target: log Data-Out timeouts as errors (bsc#1095805).\n\n - target: log NOP ping timeouts as errors (bsc#1095805).\n\n - target: split out helper for cxn timeout error stashing (bsc#1095805).\n\n - target: stash sess_err_stats on Data-Out timeout (bsc#1095805).\n\n - target: use ISCSI_IQN_LEN in iscsi_target_stat (bsc#1095805).\n\n - tcp: add tcp_ooo_try_coalesce() helper (bnc#1012382).\n\n - tcp: call tcp_drop() from tcp_data_queue_ofo() (bnc#1012382).\n\n - tcp: fix a stale ooo_last_skb after a replace (bnc#1012382).\n\n - tcp: free batches of packets in tcp_prune_ofo_queue() (bnc#1012382).\n\n - tcp: increment sk_drops for dropped rx packets (bnc#1012382).\n\n - tcp: use an RB tree for ooo receive queue (bnc#1012382).\n\n - team: Forbid enslaving team device to itself (bnc#1012382).\n\n - thermal: of-thermal: disable passive polling when thermal zone is disabled (bnc#1012382).\n\n - tools/vm/page-types.c: fix 'defined but not used' warning (bnc#1012382).\n\n - tools/vm/slabinfo.c: fix sign-compare warning (bnc#1012382).\n\n - tpm: Restore functionality to xen vtpm driver (bsc#1020645, git-fixes).\n\n - tsl2550: fix lux1_input error in low light (bnc#1012382).\n\n - ubifs: Check for name being NULL while mounting (bnc#1012382).\n\n - ucma: fix a use-after-free in ucma_resolve_ip() (bnc#1012382).\n\n - USB: fix error handling in usb_driver_claim_interface() (bnc#1012382).\n\n - usb: gadget: fotg210-udc: Fix memory leak of fotg210->ep[i] (bnc#1012382).\n\n - usb: gadget: serial: fix oops when data rx'd after close (bnc#1012382).\n\n - USB: handle NULL config in usb_find_alt_setting() (bnc#1012382).\n\n - USB: remove LPM management from usb_driver_claim_interface() (bnc#1012382).\n\n - USB: serial: kobil_sct: fix modem-status error handling (bnc#1012382).\n\n - USB: serial: simple: add Motorola Tetra MTP6550 id (bnc#1012382).\n\n - USB: usbdevfs: restore warning for nonsensical flags (bnc#1012382).\n\n - USB: usbdevfs: sanitize flags more (bnc#1012382).\n\n - usb: wusbcore: security: cast sizeof to int for comparison (bnc#1012382).\n\n - USB: yurex: Check for truncation in yurex_read() (bnc#1012382).\n\n - Use make --output-sync feature when available (bsc#1012422). The mesages in make output can interleave making it impossible to extract warnings reliably. Since version 4 GNU Make supports --output-sync flag that prints output of each sub-command atomically preventing this issue. Detect the flag and use it if available.\n SLE11 has make 3.81 so it is required to include make 4 in the kernel OBS projects to take advantege of this.\n\n - Use upstream version of pci-hyperv change 35a88a18d7\n\n - uwb: hwa-rc: fix memory leak at probe (bnc#1012382).\n\n - vmci: type promotion bug in qp_host_get_user_memory() (bnc#1012382).\n\n - wlcore: Add missing PM call for wlcore_cmd_wait_for_event_or_timeout() (bnc#1012382).\n\n - wlcore: Fix memory leak in wlcore_cmd_wait_for_event_or_timeout (git-fixes).\n\n - x86/cpufeature: deduplicate X86_FEATURE_L1TF_PTEINV (kabi).\n\n - x86/entry/64: Add two more instruction suffixes (bnc#1012382).\n\n - x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface (bsc#1105931).\n\n - x86/entry/64: sanitize extra registers on syscall entry (bsc#1105931).\n\n - x86/fpu: Finish excising 'eagerfpu' (bnc#1012382).\n\n - x86/fpu: Remove second definition of fpu in\n __fpu__restore_sig() (bsc#1110006).\n\n - x86/fpu: Remove struct fpu::counter (bnc#1012382).\n\n - x86/fpu: Remove use_eager_fpu() (bnc#1012382).\n\n - x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114648).\n\n - x86/numa_emulation: Fix emulated-to-physical node mapping (bnc#1012382).\n\n - x86/paravirt: Fix some warning messages (bnc#1065600).\n\n - x86/percpu: Fix this_cpu_read() (bsc#1110006).\n\n - x86,sched: Allow topologies where NUMA nodes share an LLC (bsc#1091158, bsc#1101555).\n\n - x86/spec_ctrl: Fix spec_ctrl reporting (bsc#1106913, bsc#1111516).\n\n - x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).\n\n - x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).\n\n - x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).\n\n - x86/time: Correct the attribute on jiffies' definition (bsc#1110006).\n\n - x86/tsc: Add missing header to tsc_msr.c (bnc#1012382).\n\n - xen: avoid crash in disable_hotplug_cpu (bnc#1012382 bsc#1106594 bsc#1042422).\n\n - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (bnc#1012382).\n\n - xen/manage: do not complain about an empty value in control/sysrq node (bnc#1012382).\n\n - xhci: Add missing CAS workaround for Intel Sunrise Point xHCI (bnc#1012382).\n\n - xhci: Do not print a warning when setting link state for disabled ports (bnc#1012382).\n\n - rpm/kernel-binary.spec.in: Add missing export BRP_SIGN_FILES (bsc#1115587) The export line was accidentally dropped at merging scripts branch, which resulted in the invalid module signature.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-21T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2018-1427)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10940", "CVE-2018-16658", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-9516"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-docs-pdf", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1427.NASL", "href": "https://www.tenable.com/plugins/nessus/119077", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1427.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119077);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2018-10940\", \"CVE-2018-16658\", \"CVE-2018-18281\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-9516\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2018-1427)\");\n script_summary(english:\"Check for the openSUSE-2018-1427 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 42.3 kernel was updated to 4.4.162 to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2018-18281: The mremap() syscall performs TLB\n flushes after dropping pagetable locks. If a syscall\n such as ftruncate() removes entries from the pagetables\n of a task that is in the middle of mremap(), a stale TLB\n entry can remain for a short time that permits access to\n a physical page after it has been released back to the\n page allocator and reused. (bnc#1113769).\n\n - CVE-2018-18710: An information leak in\n cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could\n be used by local attackers to read kernel memory because\n a cast from unsigned long to int interferes with bounds\n checking. This is similar to CVE-2018-10940 and\n CVE-2018-16658 (bnc#1113751).\n\n - CVE-2018-18690: A local attacker able to set attributes\n on an xfs filesystem could make this filesystem\n non-operational until the next mount by triggering an\n unchecked error condition during an xfs attribute\n change, because xfs_attr_shortform_addname in\n fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE\n operations with conversion of an attr from short to long\n form (bnc#1105025).\n\n - CVE-2018-18386: drivers/tty/n_tty.c allowed local\n attackers (who are able to access pseudo terminals) to\n hang/block further usage of any pseudo terminal devices\n due to an EXTPROC versus ICANON confusion in TIOCINQ\n (bnc#1094825).\n\n - CVE-2018-9516: A lack of certain checks in the\n hid_debug_events_read() function in the\n drivers/hid/hid-debug.c file might have resulted in\n receiving userspace buffer overflow and an out-of-bounds\n write or to the infinite loop. (bnc#1108498).\n\nThe following non-security bugs were fixed :\n\n - 6lowpan: iphc: reset mac_header after decompress to fix\n panic (bnc#1012382).\n\n - Add azure kernel description.\n\n - Add bug reference to\n patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack\n -fix1.patch\n\n - Add graphviz to buildreq for image conversion\n\n - Add reference to bsc#1104124 to\n patches.fixes/fs-aio-fix-the-increment-of-aio-nr-and-cou\n nting-agai.patch\n\n - ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge\n (bnc#1012382).\n\n - ALSA: hda/realtek - Cannot adjust speaker's volume on\n Dell XPS 27 7760 (bnc#1012382).\n\n - apparmor: remove no-op permission check in policy_unpack\n (git-fixes).\n\n - ARC: build: Get rid of toolchain check (bnc#1012382).\n\n - ARC: clone syscall to setp r25 as thread pointer\n (bnc#1012382).\n\n - arch/hexagon: fix kernel/dma.c build warning\n (bnc#1012382).\n\n - arch-symbols: use bash as interpreter since the script\n uses bashism.\n\n - arm64: cpufeature: Track 32bit EL0 support\n (bnc#1012382).\n\n - arm64: jump_label.h: use asm_volatile_goto macro instead\n of 'asm goto' (bnc#1012382).\n\n - arm64: KVM: Sanitize PSTATE.M when being set from\n userspace (bnc#1012382).\n\n - arm64: KVM: Tighten guest core register access from\n userspace (bnc#1012382).\n\n - ARM: dts: at91: add new compatibility string for macb on\n sama5d3 (bnc#1012382).\n\n - ARM: dts: dra7: fix DCAN node addresses (bnc#1012382).\n\n - ARM: mvebu: declare asm symbols as character arrays in\n pmsu.c (bnc#1012382).\n\n - ASoC: dapm: Fix potential DAI widget pointer deref when\n linking DAIs (bnc#1012382).\n\n - ASoC: sigmadsp: safeload should not have lower byte\n limit (bnc#1012382).\n\n - ASoC: wm8804: Add ACPI support (bnc#1012382).\n\n - ath10k: fix scan crash due to incorrect length\n calculation (bnc#1012382).\n\n - ath10k: fix use-after-free in ath10k_wmi_cmd_send_nowait\n (bnc#1012382).\n\n - ath10k: protect ath10k_htt_rx_ring_free with\n rx_ring.lock (bnc#1012382).\n\n - Bluetooth: Add a new Realtek 8723DE ID 0bda:b009\n (bnc#1012382).\n\n - bnxt_en: Fix TX timeout during netpoll (bnc#1012382).\n\n - bonding: avoid possible dead-lock (bnc#1012382).\n\n - bpf: fix cb access in socket filter programs on tail\n calls (bsc#1012382).\n\n - bpf: fix map not being uncharged during map creation\n failure (bsc#1012382).\n\n - bpf, s390: fix potential memleak when later bpf_jit_prog\n fails (git-fixes).\n\n - bpf, s390x: do not reload skb pointers in non-skb\n context (git-fixes).\n\n - bsc#1106913: Replace with upstream variants Delete\n patches.suse/11-x86-mm-only-set-ibpb-when-the-new-thread\n -cannot-ptrace-current-thread.patch.\n\n - bs-upload-kernel: do not set %opensuse_bs Since SLE15 it\n is not set in the distribution project so do not set it\n for kernel projects either.\n\n - btrfs: add a comp_refs() helper (dependency for\n bsc#1031392).\n\n - btrfs: add missing initialization in btrfs_check_shared\n (Git-fixes bsc#1112262).\n\n - btrfs: add tracepoints for outstanding extents mods\n (dependency for bsc#1031392).\n\n - btrfs: add wrapper for counting BTRFS_MAX_EXTENT_SIZE\n (dependency for bsc#1031392).\n\n - btrfs: cleanup extent locking sequence (dependency for\n bsc#1031392).\n\n - btrfs: defrag: use btrfs_mod_outstanding_extents in\n cluster_pages_for_defrag (Follow up fixes for\n bsc#1031392).\n\n - btrfs: delayed-inode: Remove wrong qgroup meta\n reservation calls (bsc#1031392).\n\n - btrfs: delayed-inode: Use new qgroup meta rsv for\n delayed inode and item (bsc#1031392).\n\n - btrfs: Enhance btrfs_trim_fs function to handle error\n better (Dependency for bsc#1113667).\n\n - btrfs: Ensure btrfs_trim_fs can trim the whole\n filesystem (bsc#1113667).\n\n - btrfs: fix error handling in btrfs_dev_replace_start\n (bsc#1107535).\n\n - Btrfs: fix invalid attempt to free reserved space on\n failure to cow range (dependency for bsc#1031392).\n\n - btrfs: fix missing error return in btrfs_drop_snapshot\n (Git-fixes bsc#1109919).\n\n - btrfs: Fix race condition between delayed refs and\n blockgroup removal (Git-fixes bsc#1112263).\n\n - btrfs: Fix wrong btrfs_delalloc_release_extents\n parameter (bsc#1031392).\n\n - Btrfs: kill trans in run_delalloc_nocow and\n btrfs_cross_ref_exist (dependency for bsc#1031392).\n\n - btrfs: make the delalloc block rsv per inode (dependency\n for bsc#1031392).\n\n - Btrfs: pass delayed_refs directly to\n btrfs_find_delayed_ref_head (dependency for\n bsc#1031392).\n\n - btrfs: qgroup: Add quick exit for non-fs extents\n (dependency for bsc#1031392).\n\n - btrfs: qgroup: Cleanup\n btrfs_qgroup_prepare_account_extents function\n (dependency for bsc#1031392).\n\n - btrfs: qgroup: Cleanup the remaining old reservation\n counters (bsc#1031392).\n\n - btrfs: qgroup: Commit transaction in advance to reduce\n early EDQUOT (bsc#1031392).\n\n - btrfs: qgroup: Do not use root->qgroup_meta_rsv for\n qgroup (bsc#1031392).\n\n - btrfs: qgroup: Fix wrong qgroup reservation update for\n relationship modification (bsc#1031392).\n\n - btrfs: qgroup: Introduce function to convert\n META_PREALLOC into META_PERTRANS (bsc#1031392).\n\n - btrfs: qgroup: Introduce helpers to update and access\n new qgroup rsv (bsc#1031392).\n\n - btrfs: qgroup: Make qgroup_reserve and its callers to\n use separate reservation type (bsc#1031392).\n\n - btrfs: qgroup: Skeleton to support separate qgroup\n reservation type (bsc#1031392).\n\n - btrfs: qgroups: opencode qgroup_free helper (dependency\n for bsc#1031392).\n\n - btrfs: qgroup: Split meta rsv type into meta_prealloc\n and meta_pertrans (bsc#1031392).\n\n - btrfs: qgroup: Update trace events for metadata\n reservation (bsc#1031392).\n\n - btrfs: qgroup: Update trace events to use new separate\n rsv types (bsc#1031392).\n\n - btrfs: qgroup: Use independent and accurate per inode\n qgroup rsv (bsc#1031392).\n\n - btrfs: qgroup: Use root::qgroup_meta_rsv_* to record\n qgroup meta reserved space (bsc#1031392).\n\n - btrfs: qgroup: Use separate meta reservation type for\n delalloc (bsc#1031392).\n\n - btrfs: remove type argument from comp_tree_refs\n (dependency for bsc#1031392).\n\n - Btrfs: rework outstanding_extents (dependency for\n bsc#1031392).\n\n - btrfs: switch args for comp_*_refs (dependency for\n bsc#1031392).\n\n - btrfs: Take trans lock before access running trans in\n check_delayed_ref (Follow up fixes for bsc#1031392).\n\n - ceph: avoid a use-after-free in ceph_destroy_options()\n (bsc#1112007).\n\n - cfg80211: fix a type issue in\n ieee80211_chandef_to_operating_class() (bnc#1012382).\n\n - cfg80211: nl80211_update_ft_ies() to validate\n NL80211_ATTR_IE (bnc#1012382).\n\n - cgroup: Fix deadlock in cpu hotplug path (bnc#1012382).\n\n - cgroup, netclassid: add a preemption point to\n write_classid (bnc#1098996).\n\n - CIFS: check for STATUS_USER_SESSION_DELETED\n (bsc#1112902).\n\n - cifs: connect to servername instead of IP for IPC$ share\n (bsc#1106359).\n\n - cifs: fix memory leak in SMB2_open() (bsc#1112894).\n\n - cifs: Fix use after free of a mid_q_entry (bsc#1112903).\n\n - cifs: read overflow in is_valid_oplock_break()\n (bnc#1012382).\n\n - clocksource/drivers/ti-32k: Add\n CLOCK_SOURCE_SUSPEND_NONSTOP flag for non-am43 SoCs\n (bnc#1012382).\n\n - config.sh: set BUGZILLA_PRODUCT for SLE12-SP3\n\n - crypto: mxs-dcp - Fix wait logic on chan threads\n (bnc#1012382).\n\n - crypto: skcipher - Fix -Wstringop-truncation warnings\n (bnc#1012382).\n\n - Define dependencies of in-kernel KMPs statically This\n allows us to use rpm's internal dependency generator\n (bsc#981083).\n\n - dm cache: fix resize crash if user does not reload cache\n table (bnc#1012382).\n\n - dm thin metadata: fix __udivdi3 undefined on 32-bit\n (bnc#1012382).\n\n - dm thin metadata: try to avoid ever aborting\n transactions (bnc#1012382).\n\n - Do not ship firmware (bsc#1054239). Pull firmware from\n kernel-firmware instead.\n\n - drivers/tty: add error handling for pcmcia_loop_config\n (bnc#1012382).\n\n - drm/amdgpu: Fix SDMA HQD destroy error on gfx_v7\n (bnc#1012382).\n\n - drm/nouveau/TBDdevinit: do not fail when PMU/PRE_OS is\n missing from VBIOS (bnc#1012382).\n\n - drm/virtio: fix bounds check in\n virtio_gpu_cmd_get_capset() (bsc#1106929)\n\n - Drop dtb-source.spec and move the sources to\n kernel-source (bsc#1011920)\n\n - Drop multiversion(kernel) from the KMP template ()\n\n - e1000: check on netif_running() before calling\n e1000_up() (bnc#1012382).\n\n - e1000: ensure to free old tx/rx rings in set_ringparam()\n (bnc#1012382).\n\n - ebtables: arpreply: Add the standard target sanity check\n (bnc#1012382).\n\n - EDAC, thunderx: Fix memory leak in\n thunderx_l2c_threaded_isr() (bsc#1114648).\n\n - Enable kernel-obs-(build,qa) also in the vanilla\n branches\n\n - ethtool: restore erroneously removed break in\n dev_ethtool (bsc#1114229).\n\n - fbdev: fix broken menu dependencies (bsc#1106929)\n\n - fbdev/omapfb: fix omapfb_memory_read infoleak\n (bnc#1012382).\n\n - Fix file list to remove REPORTING-BUGS\n\n - Fix html and pdf creation in Documetation/media/*\n\n - floppy: Do not copy a kernel pointer to user memory in\n FDGETPRM ioctl (bnc#1012382).\n\n - fs/cifs: do not translate SFM_SLASH (U+F026) to\n backslash (bnc#1012382).\n\n - fs/cifs: suppress a string overflow warning\n (bnc#1012382).\n\n - gpio: adp5588: Fix sleep-in-atomic-context bug\n (bnc#1012382).\n\n - hexagon: modify ffs() and fls() to return int\n (bnc#1012382).\n\n - HID: hid-ntrig: add error handling for\n sysfs_create_group (bnc#1012382).\n\n - housekeeping: btrfs selftests: fold backport fix into\n backport patch\n\n - housekeeping: move btrfs patches to sorted section. No\n code changes.\n\n - hv: avoid crash in vmbus sysfs files (bnc#1108377).\n\n - hwmon: (adt7475) Make adt7475_read_word() return errors\n (bnc#1012382).\n\n - hwmon: (ina2xx) fix sysfs shunt resistor read access\n (bnc#1012382).\n\n - hwrng: core - document the quality field (git-fixes).\n\n - i2c: i2c-scmi: fix for i2c_smbus_write_block_data\n (bnc#1012382).\n\n - i2c: i801: Allow ACPI AML access I/O ports not reserved\n for SMBus (bnc#1012382).\n\n - i2c: uniphier-f: issue STOP only for last message or\n I2C_M_STOP (bnc#1012382).\n\n - i2c: uniphier: issue STOP only for last message or\n I2C_M_STOP (bnc#1012382).\n\n - IB/srp: Avoid that sg_reset -d $(srp_device) triggers an\n infinite loop (bnc#1012382).\n\n - Input: atakbd - fix Atari CapsLock behaviour\n (bnc#1012382).\n\n - Input: atakbd - fix Atari keymap (bnc#1012382).\n\n - Input: elantech - enable middle button of touchpad on\n ThinkPad P72 (bnc#1012382).\n\n - ip6_tunnel: be careful when accessing the inner header\n (bnc#1012382).\n\n - ip_tunnel: be careful when accessing the inner header\n (bnc#1012382).\n\n - ipv4: fix use-after-free in ip_cmsg_recv_dstaddr()\n (bnc#1012382).\n\n - ixgbe: pci_set_drvdata must be called before\n register_netdev (Git-fixes bsc#1109923).\n\n - jffs2: return -ERANGE when xattr buffer is too small\n (bnc#1012382).\n\n - KVM: PPC: Book3S HV: Do not truncate HPTE index in xlate\n function (bnc#1012382).\n\n - KVM: x86: remove eager_fpu field of struct kvm_vcpu_arch\n (bnc#1012382).\n\n - lib/test_hexdump.c: fix failure on big endian cpu\n (bsc#1106110).\n\n - mac80211: correct use of IEEE80211_VHT_CAP_RXSTBC_X\n (bnc#1012382).\n\n - mac80211: fix a race between restart and CSA flows\n (bnc#1012382).\n\n - mac80211: fix setting IEEE80211_KEY_FLAG_RX_MGMT for AP\n mode keys (bnc#1012382).\n\n - mac80211: Fix station bandwidth setting after channel\n switch (bnc#1012382).\n\n - mac80211_hwsim: correct use of\n IEEE80211_VHT_CAP_RXSTBC_X (bnc#1012382).\n\n - mac80211: mesh: fix HWMP sequence numbering to follow\n standard (bnc#1012382).\n\n - mac80211: shorten the IBSS debug messages (bnc#1012382).\n\n - mach64: detect the dot clock divider correctly on sparc\n (bnc#1012382).\n\n - md-cluster: clear another node's suspend_area after the\n copy is finished (bnc#1012382).\n\n - media: af9035: prevent buffer overflow on write\n (bnc#1012382).\n\n - media: exynos4-is: Prevent NULL pointer dereference in\n __isp_video_try_fmt() (bnc#1012382).\n\n - media: fsl-viu: fix error handling in viu_of_probe()\n (bnc#1012382).\n\n - media: omap3isp: zero-initialize the isp cam_xclk(a,b)\n initial data (bnc#1012382).\n\n - media: omap_vout: Fix a possible NULL pointer\n dereference in omap_vout_open() (bsc#1050431).\n\n - media: s3c-camif: ignore -ENOIOCTLCMD from\n v4l2_subdev_call for s_power (bnc#1012382).\n\n - media: soc_camera: ov772x: correct setting of banding\n filter (bnc#1012382).\n\n - media: tm6000: add error handling for\n dvb_register_adapter (bnc#1012382).\n\n - media: uvcvideo: Support realtek's UVC 1.5 device\n (bnc#1012382).\n\n - media: v4l: event: Prevent freeing event subscriptions\n while accessed (bnc#1012382).\n\n - media: videobuf-dma-sg: Fix dma_(sync,unmap)_sg() calls\n (bsc#1050431).\n\n - memory_hotplug: cond_resched in __remove_pages\n (bnc#1114178).\n\n - mfd: omap-usb-host: Fix dts probe of children\n (bnc#1012382).\n\n - mm: madvise(MADV_DODUMP): allow hugetlbfs pages\n (bnc#1012382).\n\n - mm: /proc/pid/pagemap: hide swap entries from\n unprivileged users (Git-fixes bsc#1109907).\n\n - mm/vmstat.c: fix outdated vmstat_text (bnc#1012382).\n\n - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly\n (bnc#1012382).\n\n - mm/vmstat.c: skip NR_TLB_REMOTE_FLUSH* properly (git\n fixes).\n\n - module: exclude SHN_UNDEF symbols from kallsyms api\n (bnc#1012382).\n\n - move changes without Git-commit out of sorted section\n\n - net: cadence: Fix a sleep-in-atomic-context bug in\n macb_halt_tx() (bnc#1012382).\n\n - net: hns: fix length and page_offset overflow when\n CONFIG_ARM64_64K_PAGES (bnc#1012382).\n\n - net: ipv4: update fnhe_pmtu when first hop's MTU changes\n (bnc#1012382).\n\n - net/ipv6: Display all addresses in output of\n /proc/net/if_inet6 (bnc#1012382).\n\n - netlabel: check for IPV4MASK in addrinfo_get\n (bnc#1012382).\n\n - net: macb: disable scatter-gather for macb on sama5d3\n (bnc#1012382).\n\n - net/mlx4: Use cpumask_available for eq->affinity_mask\n (bnc#1012382).\n\n - net: mvpp2: Extract the correct ethtype from the skb for\n tx csum offload (bnc#1012382).\n\n - net: systemport: Fix wake-up interrupt race during\n resume (bnc#1012382).\n\n - net/usb: cancel pending work when unbinding smsc75xx\n (bnc#1012382).\n\n - NFS: add nostatflush mount option (bsc#1065726).\n\n - NFS: Avoid quadratic search when freeing delegations\n (bsc#1084760).\n\n - nfsd: fix corrupted reply to badly ordered compound\n (bnc#1012382).\n\n - ocfs2: fix locking for res->tracking and\n dlm->tracking_list (bnc#1012382).\n\n - of: unittest: Disable interrupt node tests for old world\n MAC systems (bnc#1012382).\n\n - ovl: Copy inode attributes after setting xattr\n (bsc#1107299).\n\n - Pass x86 as architecture on x86_64 and i386\n (bsc#1093118).\n\n - PCI: hv: Use effective affinity mask (bsc#1109772).\n\n - PCI: Reprogram bridge prefetch registers on resume\n (bnc#1012382).\n\n - perf probe powerpc: Ignore SyS symbols irrespective of\n endianness (bnc#1012382).\n\n - perf script python: Fix export-to-postgresql.py\n occasional failure (bnc#1012382).\n\n - PM / core: Clear the direct_complete flag on errors\n (bnc#1012382).\n\n - powerpc/kdump: Handle crashkernel memory reservation\n failure (bnc#1012382).\n\n - powerpc/numa: Skip onlining a offline node in kdump path\n (bsc#1109784).\n\n - powerpc/perf/hv-24x7: Fix passing of catalog version\n number (bsc#1053043).\n\n - powerpc/pseries: Fix build break for SPLPAR=n and CPU\n hotplug (bsc#1079524, git-fixes).\n\n - powerpc/pseries: Fix CONFIG_NUMA=n build (bsc#1067906,\n git-fixes).\n\n - powerpc/pseries/mm: call H_BLOCK_REMOVE (bsc#1109158).\n\n - powerpc/pseries/mm: factorize PTE slot computation\n (bsc#1109158).\n\n - powerpc/pseries/mm: Introducing FW_FEATURE_BLOCK_REMOVE\n (bsc#1109158).\n\n - powerpc/rtas: Fix a potential race between CPU-Offline &\n Migration (bsc#1111870).\n\n - power: vexpress: fix corruption in notifier registration\n (bnc#1012382).\n\n - proc: restrict kernel stack dumps to root (bnc#1012382).\n\n - qlcnic: fix Tx descriptor corruption on 82xx devices\n (bnc#1012382).\n\n - r8169: Clear RTL_FLAG_TASK_*_PENDING when clearing\n RTL_FLAG_TASK_ENABLED (bnc#1012382).\n\n - RAID10 BUG_ON in raise_barrier when force is true and\n conf->barrier is 0 (bnc#1012382).\n\n - rculist: add list_for_each_entry_from_rcu()\n (bsc#1084760).\n\n - rculist: Improve documentation for\n list_for_each_entry_from_rcu() (bsc#1084760).\n\n - RDMA/ucma: check fd type in ucma_migrate_id()\n (bnc#1012382).\n\n - README: Clean-up trailing whitespace\n\n - reiserfs: add check to detect corrupted directory entry\n (bsc#1109818).\n\n - reiserfs: do not panic on bad directory entries\n (bsc#1109818).\n\n - resource: Include resource end in walk_*() interfaces\n (bsc#1114648).\n\n - Revert 'btrfs: qgroups: Retry after commit on getting\n EDQUOT' (bsc#1031392).\n\n - Revert 'drm: Do not pass negative delta to\n ktime_sub_ns()' (bsc#1106929)\n\n - Revert 'drm/i915: Initialize HWS page address after GPU\n reset' (bsc#1106929)\n\n - Revert 'KVM: x86: remove eager_fpu field of struct\n kvm_vcpu_arch' (kabi).\n\n - Revert 'media: v4l: event: Prevent freeing event\n subscriptions while accessed' (kabi).\n\n - Revert 'proc: restrict kernel stack dumps to root'\n (kabi).\n\n - Revert 'rpm/constraints.in: Lower default disk space\n requirement from 25G to 24G' This reverts commit\n 406abda1467c038842febffe264faae1fa2e3c1d. ok, did not\n wait long enough to see the failure.\n\n - Revert 'Skip intel_crt_init for Dell XPS 8700'\n (bsc#1106929)\n\n - Revert 'tcp: add tcp_ooo_try_coalesce() helper' (kabi).\n\n - Revert 'tcp: call tcp_drop() from tcp_data_queue_ofo()'\n (kabi).\n\n - Revert 'tcp: fix a stale ooo_last_skb after a replace'\n (kabi).\n\n - Revert 'tcp: free batches of packets in\n tcp_prune_ofo_queue()' (kabi).\n\n - Revert 'tcp: use an RB tree for ooo receive queue'\n (kabi).\n\n - Revert 'usb: cdc-wdm: Fix a sleep-in-atomic-context bug\n in service_outstanding_interrupt()' (bnc#1012382).\n\n - Revert 'x86/fpu: Finish excising 'eagerfpu'' (kabi).\n\n - Revert 'x86/fpu: Remove struct fpu::counter' (kabi).\n\n - Revert 'x86/fpu: Remove use_eager_fpu()' (kabi).\n\n - rndis_wlan: potential buffer overflow in\n rndis_wlan_auth_indication() (bnc#1012382).\n\n - rpm/apply-patches: Fix failure if there are no vanilla\n patches The grep command returns 1 if there are no\n patches and we are using pipefail.\n\n - rpm/constraints.in: build ARM on at least 2 cpus\n\n - rpm/constraints.in: Lower default disk space requirement\n from 25G to 24G 25G is rejected by the build service on\n ARM.\n\n - rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to\n 4096 (bnc#1012382).\n\n - s390/chsc: Add exception handler for CHSC instruction\n (git-fixes).\n\n - s390/extmem: fix gcc 8 stringop-overflow warning\n (bnc#1012382).\n\n - s390/kdump: Fix elfcorehdr size calculation (git-fixes).\n\n - s390/kdump: Make elfcorehdr size calculation ABI\n compliant (git-fixes).\n\n - s390/mm: correct allocate_pgste proc_handler callback\n (git-fixes).\n\n - s390/qeth: do not dump past end of unknown HW header\n (bnc#1012382).\n\n - s390/qeth: handle failure on workqueue creation\n (git-fixes).\n\n - s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n\n - s390/stacktrace: fix address ranges for asynchronous and\n panic stack (git-fixes).\n\n - scsi: bnx2i: add error handling for ioremap_nocache\n (bnc#1012382).\n\n - scsi: ibmvscsi: Improve strings handling (bnc#1012382).\n\n - scsi: klist: Make it safe to use klists in atomic\n context (bnc#1012382).\n\n - scsi: target/iscsi: Make iscsit_ta_authentication()\n respect the output buffer size (bnc#1012382).\n\n - selftests/efivarfs: add required kernel configs\n (bnc#1012382).\n\n - serial: cpm_uart: return immediately from console poll\n (bnc#1012382).\n\n - serial: imx: restore handshaking irq for imx1\n (bnc#1012382).\n\n - signal: Properly deliver SIGSEGV from x86 uprobes\n (bsc#1110006).\n\n - slub: make ->cpu_partial unsigned int (bnc#1012382).\n\n - smb2: fix missing files in root share directory listing\n (bnc#1012382).\n\n - smb3: fill in statfs fsid and correct namelen\n (bsc#1112905).\n\n - sound: enable interrupt after dma buffer initialization\n (bnc#1012382).\n\n - spi: rspi: Fix interrupted DMA transfers (bnc#1012382).\n\n - spi: rspi: Fix invalid SPI use during system suspend\n (bnc#1012382).\n\n - spi: sh-msiof: Fix handling of write value for SISTR\n register (bnc#1012382).\n\n - spi: sh-msiof: Fix invalid SPI use during system suspend\n (bnc#1012382).\n\n - spi: tegra20-slink: explicitly enable/disable clock\n (bnc#1012382).\n\n - staging: android: ashmem: Fix mmap size validation\n (bnc#1012382).\n\n - staging: rts5208: fix missing error check on call to\n rtsx_write_register (bnc#1012382).\n\n - stmmac: fix valid numbers of unicast filter entries\n (bnc#1012382).\n\n - target: log Data-Out timeouts as errors (bsc#1095805).\n\n - target: log NOP ping timeouts as errors (bsc#1095805).\n\n - target: split out helper for cxn timeout error stashing\n (bsc#1095805).\n\n - target: stash sess_err_stats on Data-Out timeout\n (bsc#1095805).\n\n - target: use ISCSI_IQN_LEN in iscsi_target_stat\n (bsc#1095805).\n\n - tcp: add tcp_ooo_try_coalesce() helper (bnc#1012382).\n\n - tcp: call tcp_drop() from tcp_data_queue_ofo()\n (bnc#1012382).\n\n - tcp: fix a stale ooo_last_skb after a replace\n (bnc#1012382).\n\n - tcp: free batches of packets in tcp_prune_ofo_queue()\n (bnc#1012382).\n\n - tcp: increment sk_drops for dropped rx packets\n (bnc#1012382).\n\n - tcp: use an RB tree for ooo receive queue (bnc#1012382).\n\n - team: Forbid enslaving team device to itself\n (bnc#1012382).\n\n - thermal: of-thermal: disable passive polling when\n thermal zone is disabled (bnc#1012382).\n\n - tools/vm/page-types.c: fix 'defined but not used'\n warning (bnc#1012382).\n\n - tools/vm/slabinfo.c: fix sign-compare warning\n (bnc#1012382).\n\n - tpm: Restore functionality to xen vtpm driver\n (bsc#1020645, git-fixes).\n\n - tsl2550: fix lux1_input error in low light\n (bnc#1012382).\n\n - ubifs: Check for name being NULL while mounting\n (bnc#1012382).\n\n - ucma: fix a use-after-free in ucma_resolve_ip()\n (bnc#1012382).\n\n - USB: fix error handling in usb_driver_claim_interface()\n (bnc#1012382).\n\n - usb: gadget: fotg210-udc: Fix memory leak of\n fotg210->ep[i] (bnc#1012382).\n\n - usb: gadget: serial: fix oops when data rx'd after close\n (bnc#1012382).\n\n - USB: handle NULL config in usb_find_alt_setting()\n (bnc#1012382).\n\n - USB: remove LPM management from\n usb_driver_claim_interface() (bnc#1012382).\n\n - USB: serial: kobil_sct: fix modem-status error handling\n (bnc#1012382).\n\n - USB: serial: simple: add Motorola Tetra MTP6550 id\n (bnc#1012382).\n\n - USB: usbdevfs: restore warning for nonsensical flags\n (bnc#1012382).\n\n - USB: usbdevfs: sanitize flags more (bnc#1012382).\n\n - usb: wusbcore: security: cast sizeof to int for\n comparison (bnc#1012382).\n\n - USB: yurex: Check for truncation in yurex_read()\n (bnc#1012382).\n\n - Use make --output-sync feature when available\n (bsc#1012422). The mesages in make output can interleave\n making it impossible to extract warnings reliably. Since\n version 4 GNU Make supports --output-sync flag that\n prints output of each sub-command atomically preventing\n this issue. Detect the flag and use it if available.\n SLE11 has make 3.81 so it is required to include make 4\n in the kernel OBS projects to take advantege of this.\n\n - Use upstream version of pci-hyperv change 35a88a18d7\n\n - uwb: hwa-rc: fix memory leak at probe (bnc#1012382).\n\n - vmci: type promotion bug in qp_host_get_user_memory()\n (bnc#1012382).\n\n - wlcore: Add missing PM call for\n wlcore_cmd_wait_for_event_or_timeout() (bnc#1012382).\n\n - wlcore: Fix memory leak in\n wlcore_cmd_wait_for_event_or_timeout (git-fixes).\n\n - x86/cpufeature: deduplicate X86_FEATURE_L1TF_PTEINV\n (kabi).\n\n - x86/entry/64: Add two more instruction suffixes\n (bnc#1012382).\n\n - x86/entry/64: Clear registers for exceptions/interrupts,\n to reduce speculation attack surface (bsc#1105931).\n\n - x86/entry/64: sanitize extra registers on syscall entry\n (bsc#1105931).\n\n - x86/fpu: Finish excising 'eagerfpu' (bnc#1012382).\n\n - x86/fpu: Remove second definition of fpu in\n __fpu__restore_sig() (bsc#1110006).\n\n - x86/fpu: Remove struct fpu::counter (bnc#1012382).\n\n - x86/fpu: Remove use_eager_fpu() (bnc#1012382).\n\n - x86/irq: implement\n irq_data_get_effective_affinity_mask() for v4.12\n (bsc#1109772).\n\n - x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error\n (bsc#1114648).\n\n - x86/numa_emulation: Fix emulated-to-physical node\n mapping (bnc#1012382).\n\n - x86/paravirt: Fix some warning messages (bnc#1065600).\n\n - x86/percpu: Fix this_cpu_read() (bsc#1110006).\n\n - x86,sched: Allow topologies where NUMA nodes share an\n LLC (bsc#1091158, bsc#1101555).\n\n - x86/spec_ctrl: Fix spec_ctrl reporting (bsc#1106913,\n bsc#1111516).\n\n - x86/speculation: Apply IBPB more strictly to avoid\n cross-process data leak (bsc#1106913).\n\n - x86/speculation: Enable cross-hyperthread spectre v2\n STIBP mitigation (bsc#1106913).\n\n - x86/speculation: Propagate information about RSB filling\n mitigation to sysfs (bsc#1106913).\n\n - x86/time: Correct the attribute on jiffies' definition\n (bsc#1110006).\n\n - x86/tsc: Add missing header to tsc_msr.c (bnc#1012382).\n\n - xen: avoid crash in disable_hotplug_cpu (bnc#1012382\n bsc#1106594 bsc#1042422).\n\n - xen: fix GCC warning and remove duplicate\n EVTCHN_ROW/EVTCHN_COL usage (bnc#1012382).\n\n - xen/manage: do not complain about an empty value in\n control/sysrq node (bnc#1012382).\n\n - xhci: Add missing CAS workaround for Intel Sunrise Point\n xHCI (bnc#1012382).\n\n - xhci: Do not print a warning when setting link state for\n disabled ports (bnc#1012382).\n\n - rpm/kernel-binary.spec.in: Add missing export\n BRP_SIGN_FILES (bsc#1115587) The export line was\n accidentally dropped at merging scripts branch, which\n resulted in the invalid module signature.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1011920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1020645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1031392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1035053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1042422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1043591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1048129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1050431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1057199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1062303\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1067906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1073579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1076393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1083527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1091158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1093118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1098996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1101555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1105931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1106929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1107870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1108498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115587\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=981083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=997172\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-pdf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-base-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-debugsource-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-debug-devel-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-base-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-debugsource-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-default-devel-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-devel-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-html-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-docs-pdf-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-macros-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-build-debugsource-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-obs-qa-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-source-vanilla-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-syms-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-base-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debuginfo-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-debugsource-4.4.162-78.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"kernel-vanilla-devel-4.4.162-78.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-devel / kernel-macros / kernel-source / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T16:01:07", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - hugetlbfs: don't retry when pool page allocations start to fail (Mike Kravetz) [Orabug: 29324267]\n\n - x86/speculation: RSB stuffing with retpoline on Skylake+ cpus (William Roche) [Orabug: 29660924]\n\n - x86/speculation: reformatting RSB overwrite macro (William Roche) [Orabug: 29660924]\n\n - x86/speculation: Dynamic enable and disable of RSB stuffing with IBRS&!SMEP (William Roche) [Orabug:\n 29660924]\n\n - x86/speculation: STUFF_RSB dynamic enable (William Roche) [Orabug: 29660924]\n\n - int3 handler better address space detection on interrupts (William Roche) [Orabug: 29660924]\n\n - repairing out-of-tree build functionality (Mark Nicholson) [Orabug: 29755100]\n\n - ext4: fix false negatives*and* false positives in ext4_check_descriptors (Shuning Zhang) [Orabug:\n 29797007]\n\n - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (Shuning Zhang) [Orabug: 29233739]\n\n - Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (Marcel Holtmann) [Orabug: 29526426] (CVE-2019-3459)\n\n - Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (Marcel Holtmann) [Orabug: 29526426] (CVE-2019-3459)\n\n - HID: debug: fix the ring buffer implementation (Vladis Dronov) [Orabug: 29629481] (CVE-2019-3819) (CVE-2019-3819)\n\n - scsi: target: iscsi: Use hex2bin instead of a re-implementation (Vincent Pelletier) [Orabug: 29778875] (CVE-2018-14633) (CVE-2018-14633)\n\n - scsi: libsas: fix a race condition when smp task timeout (Jason Yan) [Orabug: 29783225] (CVE-2018-20836)\n\n - scsi: megaraid_sas: return error when create DMA pool failed (Jason Yan) [Orabug: 29783254] (CVE-2019-11810)\n\n - Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786786] (CVE-2011-1079) (CVE-2019-11884)\n\n - x86/speculation/mds: Add 'mitigations=' support for MDS (Kanth Ghatraju) [Orabug: 29791046]\n\n - net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock. (Mao Wenan) [Orabug: 29802785] (CVE-2019-11815)", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-07T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2011-1079", "CVE-2018-14633", "CVE-2018-20836", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11884", "CVE-2019-3459", "CVE-2019-3819"], "modified": "2020-01-10T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2019-0024.NASL", "href": "https://www.tenable.com/plugins/nessus/125754", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2019-0024.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125754);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2011-1079\", \"CVE-2018-14633\", \"CVE-2018-20836\", \"CVE-2019-11810\", \"CVE-2019-11815\", \"CVE-2019-11884\", \"CVE-2019-3459\", \"CVE-2019-3819\");\n script_bugtraq_id(46616);\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0024)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - hugetlbfs: don't retry when pool page allocations start\n to fail (Mike Kravetz) [Orabug: 29324267]\n\n - x86/speculation: RSB stuffing with retpoline on Skylake+\n cpus (William Roche) [Orabug: 29660924]\n\n - x86/speculation: reformatting RSB overwrite macro\n (William Roche) [Orabug: 29660924]\n\n - x86/speculation: Dynamic enable and disable of RSB\n stuffing with IBRS&!SMEP (William Roche) [Orabug:\n 29660924]\n\n - x86/speculation: STUFF_RSB dynamic enable (William\n Roche) [Orabug: 29660924]\n\n - int3 handler better address space detection on\n interrupts (William Roche) [Orabug: 29660924]\n\n - repairing out-of-tree build functionality (Mark\n Nicholson) [Orabug: 29755100]\n\n - ext4: fix false negatives*and* false positives in\n ext4_check_descriptors (Shuning Zhang) [Orabug:\n 29797007]\n\n - ocfs2: fix ocfs2 read inode data panic in ocfs2_iget\n (Shuning Zhang) [Orabug: 29233739]\n\n - Bluetooth: Verify that l2cap_get_conf_opt provides large\n enough buffer (Marcel Holtmann) [Orabug: 29526426]\n (CVE-2019-3459)\n\n - Bluetooth: Check L2CAP option sizes returned from\n l2cap_get_conf_opt (Marcel Holtmann) [Orabug: 29526426]\n (CVE-2019-3459)\n\n - HID: debug: fix the ring buffer implementation (Vladis\n Dronov) [Orabug: 29629481] (CVE-2019-3819)\n (CVE-2019-3819)\n\n - scsi: target: iscsi: Use hex2bin instead of a\n re-implementation (Vincent Pelletier) [Orabug: 29778875]\n (CVE-2018-14633) (CVE-2018-14633)\n\n - scsi: libsas: fix a race condition when smp task timeout\n (Jason Yan) [Orabug: 29783225] (CVE-2018-20836)\n\n - scsi: megaraid_sas: return error when create DMA pool\n failed (Jason Yan) [Orabug: 29783254] (CVE-2019-11810)\n\n - Bluetooth: hidp: fix buffer overflow (Young Xiao)\n [Orabug: 29786786] (CVE-2011-1079) (CVE-2019-11884)\n\n - x86/speculation/mds: Add 'mitigations=' support for MDS\n (Kanth Ghatraju) [Orabug: 29791046]\n\n - net: rds: force to destroy connection if t_sock is NULL\n in rds_tcp_kill_sock. (Mao Wenan) [Orabug: 29802785]\n (CVE-2019-11815)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2019-June/000943.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.28.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.28.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-01T16:45:30", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.162 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bnc#1107829).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18710: An issue was discovered in the Linux kernel An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-9516: A lack of certain checks in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file might have resulted in receiving userspace buffer overflow and an out-of-bounds write or to the infinite loop. (bnc#1108498).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3689-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10940", "CVE-2018-14633", "CVE-2018-16658", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-9516"], "modified": "2022-05-31T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:lttng-modules", "p-cpe:/a:novell:suse_linux:lttng-modules-debugsource", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default", "p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3689-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118882", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3689-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118882);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/31\");\n\n script_cve_id(\"CVE-2018-10940\", \"CVE-2018-14633\", \"CVE-2018-16658\", \"CVE-2018-18281\", \"CVE-2018-18386\", \"CVE-2018-18690\", \"CVE-2018-18710\", \"CVE-2018-9516\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:3689-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.162 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-14633: A security flaw was found in the\nchap_server_compute_md5() function in the ISCSI target code in a way\nan authentication request from an ISCSI initiator is processed. An\nunauthenticated remote attacker can cause a stack-based buffer\noverflow and smash up to 17 bytes of the stack. The attack requires\nthe iSCSI target to be enabled on the victim host. Depending on how\nthe target's code was built (i.e. depending on a compiler, compile\nflags and hardware architecture) an attack may lead to a system crash\nand thus to a denial-of-service or possibly to a non-authorized access\nto data exported by an iSCSI target. Due to the nature of the flaw,\nprivilege escalation cannot be fully ruled out, although we believe it\nis highly unlikely. (bnc#1107829).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after\ndropping pagetable locks. If a syscall such as ftruncate() removes\nentries from the pagetables of a task that is in the middle of\nmremap(), a stale TLB entry can remain for a short time that permits\naccess to a physical page after it has been released back to the page\nallocator and reused. (bnc#1113769).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are\nable to access pseudo terminals) to hang/block further usage of any\npseudo terminal devices due to an EXTPROC versus ICANON confusion in\nTIOCINQ (bnc#1094825).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs\nfilesystem could make this filesystem non-operational until the next\nmount by triggering an unchecked error condition during an xfs\nattribute change, because xfs_attr_shortform_addname in\nfs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with\nconversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18710: An issue was discovered in the Linux kernel An\ninformation leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c\ncould be used by local attackers to read kernel memory because a cast\nfrom unsigned long to int interferes with bounds checking. This is\nsimilar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-9516: A lack of certain checks in the hid_debug_events_read()\nfunction in the drivers/hid/hid-debug.c file might have resulted in\nreceiving userspace buffer overflow and an out-of-bounds write or to\nthe infinite loop. (bnc#1108498).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1011920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1020645\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031392\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1035053\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1043591\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1053043\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054239\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1057199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067906\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079524\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083215\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084760\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1089343\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1093118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1096052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098050\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098996\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099597\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103308\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104124\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105795\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106293\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106434\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106594\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106929\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107060\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107318\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107535\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108315\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108377\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109772\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109919\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110468\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110602\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110603\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110604\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110605\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110606\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110611\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110612\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110613\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110614\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110615\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110618\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110619\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111516\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111870\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112262\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112263\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112894\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112905\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114229\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=981083\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=997172\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18281/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18690/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18710/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9516/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183689-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e2148841\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch\nSUSE-SLE-WE-12-SP3-2018-2621=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2621=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2621=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2018-2621=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2621=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-14633\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:lttng-modules-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"lttng-modules-2.7.1-8.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"lttng-modules-debugsource-2.7.1-8.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-2.7.1_k4.4.162_94.69-8.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"lttng-modules-kmp-default-debuginfo-2.7.1_k4.4.162_94.69-8.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.4.162-94.69.2\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-syms-4.4.162-94.69.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-08-13T14:30:12", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4315 advisory. - In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. (CVE-2017-9725) - The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. (CVE-2018-1092) - drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. (CVE-2017-18079) - In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. (CVE-2017-18174) - The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.\n(CVE-2017-18221) - The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. (CVE-2017-18255) - ** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant. (CVE-2018-7995) - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. (CVE-2018-9363) - In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:\nAndroid kernel Android ID: A-71361580. (CVE-2018-9516) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4315)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2017-18174", "CVE-2017-18221", "CVE-2017-18255", "CVE-2017-9725", "CVE-2018-1092", "CVE-2018-7995", "CVE-2018-9363", "CVE-2018-9516"], "modified": "2022-05-24T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4315.NASL", "href": "https://www.tenable.com/plugins/nessus/120976", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4315.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120976);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2017-9725\",\n \"CVE-2017-18079\",\n \"CVE-2017-18174\",\n \"CVE-2017-18221\",\n \"CVE-2017-18255\",\n \"CVE-2018-1092\",\n \"CVE-2018-7995\",\n \"CVE-2018-9363\",\n \"CVE-2018-9516\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4315)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4315 advisory. - In all Qualcomm products with Android releases from CAF using the Linux kernel, during\nDMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when\nit should fail. (CVE-2017-9725) - The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15\nmishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of\nservice (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. (CVE-2018-1092) -\ndrivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL\npointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can\nchange after it is validated. (CVE-2017-18079) - In the Linux kernel before 4.7, the amd_gpio_remove function in\ndrivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. (CVE-2017-18174) -\nThe __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial\nof service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.\n(CVE-2017-18221) - The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before\n4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other\nimpact via a large value, as demonstrated by an incorrect sample-rate calculation. (CVE-2017-18255) - ** DISPUTED **\nRace condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel\nthrough 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the\ncheck_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that\nthis report is not security relevant. (CVE-2018-7995) - In the hidp_process_report in bluetooth, there is an\ninteger overflow. This could lead to an out of bounds write with no additional execution privileges needed. User\ninteraction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588\nReferences: Upstream kernel. (CVE-2018-9363) - In hid_debug_events_read of drivers/hid/hid-debug.c, there is a\npossible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with\nSystem execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:\nAndroid kernel Android ID: A-71361580. (CVE-2018-9516) Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4315.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9725\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-18174\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.24.1.el6uek', '4.1.12-124.24.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4315');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.24.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.24.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.24.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.24.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.24.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.24.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.24.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.24.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.24.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.24.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.24.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.24.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:22:51", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found where the kernel truncated the value used to indicate the size of a buffer which it would later become zero using an untruncated value. This can corrupt memory outside of the original allocation.(CVE-2017-9725)\n\n - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks.(CVE-2017-5753)\n\n - A buffer overflow was found in the Linux kernel's isdn_net_newslave() function in the /drivers/isdn/i4l/isdn_net.c file. An overflow happens when the user-controlled buffer is copied into a local buffer of constant size using strcpy() without a length check.(CVE-2017-12762)\n\n - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.(CVE-2018-3646)\n\n - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.(CVE-2017-5715)\n\n - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks.(CVE-2018-3620)\n\n - In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580.(CVE-2018-9516)\n\n - Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.(CVE-2018-3639)\n\n - It was found that the Linux kernel memory resource controller's (memcg) handling of OOM (out of memory) conditions could lead to deadlocks. An attacker able to continuously spawn new processes within a single memory-constrained cgroup during an OOM event could use this flaw to lock up the system.(CVE-2014-8171)\n\n - In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions:\n Android kernel. Android ID: A-113509306. References:\n Upstream kernel.(CVE-2018-9568)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1515)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-8171", "CVE-2017-12762", "CVE-2017-5715", "CVE-2017-5753", "CVE-2017-9725", "CVE-2018-3620", "CVE-2018-3639", "CVE-2018-3646", "CVE-2018-9516", "CVE-2018-9568"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1515.NASL", "href": "https://www.tenable.com/plugins/nessus/124836", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124836);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2014-8171\",\n \"CVE-2017-12762\",\n \"CVE-2017-5715\",\n \"CVE-2017-5753\",\n \"CVE-2017-9725\",\n \"CVE-2018-3620\",\n \"CVE-2018-3639\",\n \"CVE-2018-3646\",\n \"CVE-2018-9516\",\n \"CVE-2018-9568\"\n );\n script_bugtraq_id(\n 74293\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1515)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found where the kernel truncated the value\n used to indicate the size of a buffer which it would\n later become zero using an untruncated value. This can\n corrupt memory outside of the original\n allocation.(CVE-2017-9725)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5753 triggers the\n speculative execution by performing a bounds-check\n bypass. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall boundary and read privileged memory by\n conducting targeted cache side-channel\n attacks.(CVE-2017-5753)\n\n - A buffer overflow was found in the Linux kernel's\n isdn_net_newslave() function in the\n /drivers/isdn/i4l/isdn_net.c file. An overflow happens\n when the user-controlled buffer is copied into a local\n buffer of constant size using strcpy() without a length\n check.(CVE-2017-12762)\n\n - Modern operating systems implement virtualization of\n physical memory to efficiently use available system\n resources and provide inter-domain protection through\n access control and isolation. The L1TF issue was found\n in the way the x86 microprocessor designs have\n implemented speculative execution of instructions (a\n commonly used performance optimization) in combination\n with handling of page-faults caused by terminated\n virtual to physical address resolving process. As a\n result, an unprivileged attacker could use this flaw to\n read privileged memory of the kernel or other processes\n and/or cross guest/host boundaries to read host memory\n by conducting targeted cache side-channel\n attacks.(CVE-2018-3646)\n\n - An industry-wide issue was found in the way many modern\n microprocessor designs have implemented speculative\n execution of instructions (a commonly used performance\n optimization). There are three primary variants of the\n issue which differ in the way the speculative execution\n can be exploited. Variant CVE-2017-5715 triggers the\n speculative execution by utilizing branch target\n injection. It relies on the presence of a\n precisely-defined instruction sequence in the\n privileged code as well as the fact that memory\n accesses may cause allocation into the microprocessor's\n data cache even for speculatively executed instructions\n that never actually commit (retire). As a result, an\n unprivileged attacker could use this flaw to cross the\n syscall and guest/host boundaries and read privileged\n memory by conducting targeted cache side-channel\n attacks.(CVE-2017-5715)\n\n - Modern operating systems implement virtualization of\n physical memory to efficiently use available system\n resources and provide inter-domain protection through\n access control and isolation. The L1TF issue was found\n in the way the x86 microprocessor designs have\n implemented speculative execution of instructions (a\n commonly used performance optimization) in combination\n with handling of page-faults caused by terminated\n virtual to physical address resolving process. As a\n result, an unprivileged attacker could use this flaw to\n read privileged memory of the kernel or other processes\n and/or cross guest/host boundaries to read host memory\n by conducting targeted cache side-channel\n attacks.(CVE-2018-3620)\n\n - In hid_debug_events_read of drivers/hid/hid-debug.c,\n there is a possible out of bounds write due to a\n missing bounds check. This could lead to local\n escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation. Product: Android Versions: Android kernel\n Android ID: A-71361580.(CVE-2018-9516)\n\n - Systems with microprocessors utilizing speculative\n execution and speculative execution of memory reads\n before the addresses of all prior memory writes are\n known may allow unauthorized disclosure of information\n to an attacker with local user access via a\n side-channel analysis, aka Speculative Store Bypass\n (SSB), Variant 4.(CVE-2018-3639)\n\n - It was found that the Linux kernel memory resource\n controller's (memcg) handling of OOM (out of memory)\n conditions could lead to deadlocks. An attacker able to\n continuously spawn new processes within a single\n memory-constrained cgroup during an OOM event could use\n this flaw to lock up the system.(CVE-2014-8171)\n\n - In sk_clone_lock of sock.c, there is a possible memory\n corruption due to type confusion. This could lead to\n local escalation of privilege with no additional\n execution privileges needed. User interaction is not\n needed for exploitation. Product: Android. Versions:\n Android kernel. Android ID: A-113509306. References:\n Upstream kernel.(CVE-2018-9568)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1515\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?789df8aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:30:10", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-108.81 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-18281: An issue was discovered in the Linux kernel, the mremap() syscall performs TLB flushes after dropping pagetable locks.\nIf a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769).\n\nCVE-2018-18710: An issue was discovered in the Linux kernel, an information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-18386: drivers/tty/n_tty.c in the Linux kernel allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 4.x allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240).\n\nCVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674).\n\nCVE-2017-1000407: An denial of service issue was discovered in the Linux kernel, by flooding the diagnostic port 0x80 an exception can be triggered leading to a kernel panic (bnc#1071021).\n\nCVE-2018-9516: An issue was discovered in the Linux kernel, the copy_to_user() inside the HID code does not correctly check the length before executing (bsc#1108498).\n\nCVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host.\nDepending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely (bnc#1107829).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-11-14T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3746-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000407", "CVE-2017-16533", "CVE-2017-7273", "CVE-2018-10940", "CVE-2018-14633", "CVE-2018-16658", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18710", "CVE-2018-9516"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-3746-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118952", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3746-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118952);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000407\", \"CVE-2017-16533\", \"CVE-2017-7273\", \"CVE-2018-10940\", \"CVE-2018-14633\", \"CVE-2018-16658\", \"CVE-2018-18281\", \"CVE-2018-18386\", \"CVE-2018-18710\", \"CVE-2018-9516\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:3746-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-108.81\nto receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-18281: An issue was discovered in the Linux kernel, the\nmremap() syscall performs TLB flushes after dropping pagetable locks.\nIf a syscall such as ftruncate() removes entries from the pagetables\nof a task that is in the middle of mremap(), a stale TLB entry can\nremain for a short time that permits access to a physical page after\nit has been released back to the page allocator and reused\n(bnc#1113769).\n\nCVE-2018-18710: An issue was discovered in the Linux kernel, an\ninformation leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c\ncould be used by local attackers to read kernel memory because a cast\nfrom unsigned long to int interferes with bounds checking. This is\nsimilar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-18386: drivers/tty/n_tty.c in the Linux kernel allowed local\nattackers (who are able to access pseudo terminals) to hang/block\nfurther usage of any pseudo terminal devices due to an EXTPROC versus\nICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2017-7273: The cp_report_fixup function in\ndrivers/hid/hid-cypress.c in the Linux kernel 4.x allowed physically\nproximate attackers to cause a denial of service (integer underflow)\nor possibly have unspecified other impact via a crafted HID report\n(bnc#1031240).\n\nCVE-2017-16533: The usbhid_parse function in\ndrivers/hid/usbhid/hid-core.c in the Linux kernel allowed local users\nto cause a denial of service (out-of-bounds read and system crash) or\npossibly have unspecified other impact via a crafted USB device\n(bnc#1066674).\n\nCVE-2017-1000407: An denial of service issue was discovered in the\nLinux kernel, by flooding the diagnostic port 0x80 an exception can be\ntriggered leading to a kernel panic (bnc#1071021).\n\nCVE-2018-9516: An issue was discovered in the Linux kernel, the\ncopy_to_user() inside the HID code does not correctly check the length\nbefore executing (bsc#1108498).\n\nCVE-2018-14633: A security flaw was found in the\nchap_server_compute_md5() function in the ISCSI target code in the\nLinux kernel in a way an authentication request from an ISCSI\ninitiator is processed. An unauthenticated remote attacker can cause a\nstack buffer overflow and smash up to 17 bytes of the stack. The\nattack requires the iSCSI target to be enabled on the victim host.\nDepending on how the target's code was built (i.e. depending on a\ncompiler, compile flags and hardware architecture) an attack may lead\nto a system crash and thus to a denial-of-service or possibly to a\nnon-authorized access to data exported by an iSCSI target. Due to the\nnature of the flaw, privilege escalation cannot be fully ruled out,\nalthough we believe it is highly unlikely (bnc#1107829).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1049128\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094244\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105799\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107371\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107829\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108314\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110006\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110247\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113337\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=923775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000407/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7273/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-14633/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18281/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18710/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9516/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183746-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9fe20c1d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-source-13863=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-source-13863=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-source-13863=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-source-13863=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-108.81.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-108.81.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-08-10T15:45:45", "description": "The SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to fix various issues.\n\nThe following security bugs were fixed :\n\nCVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166 1128378 1129016).\n\nCVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209).\n\nCVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161).\n\nCVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which led to a use-after-free in sockfs_setattr (bnc#1125907 1126284).\n\nCVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055).\n\nCVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).\n\nCVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728).\n\nCVE-2018-20669: An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c where a local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (bnc#1122971).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0767-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-2024", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-7308", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9213"], "modified": "2022-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0767-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123445", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0767-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123445);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-2024\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3819\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\",\n \"CVE-2019-7308\",\n \"CVE-2019-8912\",\n \"CVE-2019-8980\",\n \"CVE-2019-9213\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0767-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise Server 12 SP4 Azure kernel was updated to\nfix various issues.\n\nThe following security bugs were fixed :\n\nCVE-2019-2024: A use-after-free when disconnecting a source was fixed\nwhich could lead to crashes. bnc#1129179).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the\nmmap minimum address, which made it easier for attackers to exploit\nkernel NULL pointer dereferences on non-SMAP platforms. This is\nrelated to a capability check for the wrong task (bnc#1128166 1128378\n1129016).\n\nCVE-2019-8980: A memory leak in the kernel_read_file function in\nfs/exec.c allowed attackers to cause a denial of service (memory\nconsumption) by triggering vfs_read failures (bnc#1126209).\n\nCVE-2019-3819: A flaw was found in the function\nhid_debug_events_read() in drivers/hid/hid-debug.c file which may\nenter an infinite loop with certain parameters passed from a\nuserspace. A local privileged user ('root') can cause a system lock up\nand a denial of service. (bnc#1123161).\n\nCVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a\nNULL value for a certain structure member, which led to a\nuse-after-free in sockfs_setattr (bnc#1125907 1126284).\n\nCVE-2019-7308: kernel/bpf/verifier.c performed undesirable\nout-of-bounds speculation on pointer arithmetic in various cases,\nincluding cases of different branches with different state or limits\nto sanitize, leading to side-channel attacks (bnc#1124055).\n\nCVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two\nremote information leak vulnerabilities in the code that handles\nincoming L2cap configuration packets (bsc#1120758).\n\nCVE-2019-7221: Fixed a use-after-free vulnerability in the KVM\nhypervisor related to the emulation of a preemption timer, allowing an\nguest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor\nrelated to handling page fault exceptions, which allowed a guest\nuser/process to use this flaw to leak the host's stack memory contents\nto a guest (bsc#1124735).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c\nmishandled reference counting because of a race condition, leading to\na use-after-free (bnc#1124728).\n\nCVE-2018-20669: An issue where a provided address with access_ok() is\nnot checked was discovered in i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c where a local attacker can\ncraft a malicious IOCTL function call to overwrite arbitrary kernel\nmemory, resulting in a Denial of Service or privilege escalation\n(bnc#1122971).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122324\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127081\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=807502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=828192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2024/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3459/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3460/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3819/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7221/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7222/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7308/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8912/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8980/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9213/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190767-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?542ed9f0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-767=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8912\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-6.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-6.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-6.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-6.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-6.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-6.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-6.9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T15:45:09", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).\n\nCVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209).\n\nCVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable (bnc#1123161).\n\nCVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907).\n\nCVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055).\n\nCVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).\n\nCVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728).\n\nCVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks.\n(bnc#1122971).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-29T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0784-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-2024", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-7308", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9213"], "modified": "2022-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-0784-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123496", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0784-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123496);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-2024\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3819\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\",\n \"CVE-2019-7308\",\n \"CVE-2019-8912\",\n \"CVE-2019-8980\",\n \"CVE-2019-9213\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:0784-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-2024: A use-after-free when disconnecting a source was fixed\nwhich could lead to crashes. bnc#1129179).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacks a check for the\nmmap minimum address, which made it easier for attackers to exploit\nkernel NULL pointer dereferences on non-SMAP platforms. This is\nrelated to a capability check for the wrong task (bnc#1128166).\n\nCVE-2019-8980: A memory leak in the kernel_read_file function in\nfs/exec.c allowed attackers to cause a denial of service (memory\nconsumption) by triggering vfs_read failures (bnc#1126209).\n\nCVE-2019-3819: A flaw was found in the function\nhid_debug_events_read() in drivers/hid/hid-debug.c file which may\nenter an infinite loop with certain parameters passed from a\nuserspace. A local privileged user ('root') can cause a system lock up\nand a denial of service. Versions from v4.18 and newer are vulnerable\n(bnc#1123161).\n\nCVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a\nNULL value for a certain structure member, which leads to a\nuse-after-free in sockfs_setattr (bnc#1125907).\n\nCVE-2019-7308: kernel/bpf/verifier.c performed undesirable\nout-of-bounds speculation on pointer arithmetic in various cases,\nincluding cases of different branches with different state or limits\nto sanitize, leading to side-channel attacks (bnc#1124055).\n\nCVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two\nremote information leak vulnerabilities in the code that handles\nincoming L2cap configuration packets (bsc#1120758).\n\nCVE-2019-7221: Fixed a user-after-free vulnerability in the KVM\nhypervisor related to the emulation of a preemption timer, allowing an\nguest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor\nrelated to handling page fault exceptions, which allowed a guest\nuser/process to use this flaw to leak the host's stack memory contents\nto a guest (bsc#1124735).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c\nmishandled reference counting because of a race condition, leading to\na use-after-free (bnc#1124728).\n\nCVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915\ndriver were fixed which might have lead to information leaks.\n(bnc#1122971).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122324\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=824948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2024/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3459/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3460/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3819/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7221/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7222/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7308/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8912/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8980/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9213/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190784-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c8e3e6e7\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15:zypper in -t patch\nSUSE-SLE-Product-WE-15-2019-784=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-784=1\n\nSUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch\nSUSE-SLE-Module-Live-Patching-15-2019-784=1\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2019-784=1\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2019-784=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-784=1\n\nSUSE Linux Enterprise High Availability 15:zypper in -t patch\nSUSE-SLE-Product-HA-15-2019-784=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8912\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.14.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.14.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.14.2\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.14.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T16:09:05", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') could have caused a system lock up and a denial of service (bnc#1123161).\n\nCVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922).\n\nCVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920).\n\nCVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted.\nNOTE: QEMU creates the floppy device by default (bsc#1143189).\n\nCVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE:\nQEMU creates the floppy device by default (bsc#1143191).\n\nCVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023).\n\nCVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399).\n\nCVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).\n\nCVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart (bsc#1142857).\n\nCVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c, where certain error case are mishandled (bnc#1143048).\n\nCVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045).\n\nCVE-2017-18551: An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel There was an out of bounds write in the function i2c_smbus_xfer_emulated (bnc#1146163).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-06T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18551", "CVE-2018-20855", "CVE-2018-20856", "CVE-2019-10207", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-3819"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_120-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2299-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128542", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2299-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128542);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-18551\", \"CVE-2018-20855\", \"CVE-2018-20856\", \"CVE-2019-10207\", \"CVE-2019-1125\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-15117\", \"CVE-2019-15118\", \"CVE-2019-3819\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2299-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-3819: A flaw was fixed in the function\nhid_debug_events_read() in drivers/hid/hid-debug.c file which may have\nenter an infinite loop with certain parameters passed from a\nuserspace. A local privileged user ('root') could have caused a system\nlock up and a denial of service (bnc#1123161).\n\nCVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in\nsound/usb/mixer.c via mishandled recursion (bnc#1145922).\n\nCVE-2019-15117: Fixed out-of-bounds memory access in\nparse_audio_mixer_unit in sound/usb/mixer.c via mishandled short\ndescriptor (bnc#1145920).\n\nCVE-2019-14284: The drivers/block/floppy.c allowed a denial of service\nby setup_format_params division-by-zero. Two consecutive ioctls can\ntrigger the bug: the first one should set the drive geometry with\n.sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the\nfloppy format operation should be called. It can be triggered by an\nunprivileged local user even when a floppy disk has not been inserted.\nNOTE: QEMU creates the floppy device by default (bsc#1143189).\n\nCVE-2019-14283: The function set_geometry in drivers/block/floppy.c\ndid not validate the sect and head fields, as demonstrated by an\ninteger overflow and out-of-bounds read. It can be triggered by an\nunprivileged local user when a floppy disk has been inserted. NOTE:\nQEMU creates the floppy device by default (bsc#1143191).\n\nCVE-2019-13631: In parse_hid_report_descriptor in\ndrivers/input/tablet/gtco.c, a malicious USB device can send an HID\nreport that triggers an out-of-bounds write during generation of\ndebugging messages (bsc#1142023).\n\nCVE-2019-11810: A NULL pointer dereference can occur when\nmegasas_create_frame_pool() fails in megasas_alloc_cmds() in\ndrivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of\nService, related to a use-after-free (bsc#1134399).\n\nCVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).\n\nCVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart\n(bsc#1142857).\n\nCVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c,\nwhere certain error case are mishandled (bnc#1143048).\n\nCVE-2018-20855: An issue was discovered in create_qp_common in\ndrivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never\ninitialized, resulting in a leak of stack memory to userspace\n(bsc#1143045).\n\nCVE-2017-18551: An issue was discovered in\ndrivers/i2c/i2c-core-smbus.c in the Linux kernel There was an out of\nbounds write in the function i2c_smbus_xfer_emulated (bnc#1146163).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045640\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140012\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141628\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142098\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18551/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20856/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14284/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3819/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192299-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9ce411ba\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-2299=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-2299=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-2299=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-2299=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2019-2299=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2019-2299=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15117\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_120-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_120-default-1-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.120.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.120.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.120.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.120.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.120.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.120.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.120.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.120.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T16:08:08", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).\n\nCVE-2018-20855: An issue was discovered in create_qp_common in drivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never initialized, resulting in a leak of stack memory to userspace (bsc#1143045).\n\nCVE-2019-14284: The drivers/block/floppy.c allowed a denial of service by setup_format_params division-by-zero. Two consecutive ioctls can trigger the bug: the first one should set the drive geometry with .sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the floppy format operation should be called. It can be triggered by an unprivileged local user even when a floppy disk has not been inserted.\nNOTE: QEMU creates the floppy device by default (bsc#1143189).\n\nCVE-2019-14283: The function set_geometry in drivers/block/floppy.c did not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE:\nQEMU creates the floppy device by default (bsc#1143191).\n\nCVE-2019-11810: A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of Service, related to a use-after-free (bsc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c (bnc#1142254).\n\nCVE-2019-13631: In parse_hid_report_descriptor in drivers/input/tablet/gtco.c, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages (bsc#1142023).\n\nCVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in sound/usb/mixer.c via mishandled recursion (bnc#1145922).\n\nCVE-2019-15117: Fixed out-of-bounds memory access in parse_audio_mixer_unit in sound/usb/mixer.c via mishandled short descriptor (bnc#1145920).\n\nCVE-2019-3819: A flaw was fixed in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may have enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') could have caused a system lock up and a denial of service (bnc#1123161).\n\nCVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart (bsc#1142857).\n\nCVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c, where certain error case are mishandled (bnc#1143048).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20855", "CVE-2018-20856", "CVE-2019-10207", "CVE-2019-1125", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-3819"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-2263-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2263-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128470);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2018-20855\", \"CVE-2018-20856\", \"CVE-2019-10207\", \"CVE-2019-1125\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-15117\", \"CVE-2019-15118\", \"CVE-2019-3819\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:2263-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-1125: Enable Spectre v1 swapgs mitigations (bsc#1139358).\n\nCVE-2018-20855: An issue was discovered in create_qp_common in\ndrivers/infiniband/hw/mlx5/qp.c, mlx5_ib_create_qp_resp was never\ninitialized, resulting in a leak of stack memory to userspace\n(bsc#1143045).\n\nCVE-2019-14284: The drivers/block/floppy.c allowed a denial of service\nby setup_format_params division-by-zero. Two consecutive ioctls can\ntrigger the bug: the first one should set the drive geometry with\n.sect and .rate values that make F_SECT_PER_TRACK be zero. Next, the\nfloppy format operation should be called. It can be triggered by an\nunprivileged local user even when a floppy disk has not been inserted.\nNOTE: QEMU creates the floppy device by default (bsc#1143189).\n\nCVE-2019-14283: The function set_geometry in drivers/block/floppy.c\ndid not validate the sect and head fields, as demonstrated by an\ninteger overflow and out-of-bounds read. It can be triggered by an\nunprivileged local user when a floppy disk has been inserted. NOTE:\nQEMU creates the floppy device by default (bsc#1143191).\n\nCVE-2019-11810: A NULL pointer dereference can occur when\nmegasas_create_frame_pool() fails in megasas_alloc_cmds() in\ndrivers/scsi/megaraid/megaraid_sas_base.c. This causes a Denial of\nService, related to a use-after-free (bsc#1134399).\n\nCVE-2019-13648: In the Linux kernel on the powerpc platform, when\nhardware transactional memory is disabled, a local user can cause a\ndenial of service (TM Bad Thing exception and system crash) via a\nsigreturn() system call that sends a crafted signal frame. This\naffects arch/powerpc/kernel/signal_32.c and\narch/powerpc/kernel/signal_64.c (bnc#1142254).\n\nCVE-2019-13631: In parse_hid_report_descriptor in\ndrivers/input/tablet/gtco.c, a malicious USB device can send an HID\nreport that triggers an out-of-bounds write during generation of\ndebugging messages (bsc#1142023).\n\nCVE-2019-15118: Fixed kernel stack exhaustion in check_input_term in\nsound/usb/mixer.c via mishandled recursion (bnc#1145922).\n\nCVE-2019-15117: Fixed out-of-bounds memory access in\nparse_audio_mixer_unit in sound/usb/mixer.c via mishandled short\ndescriptor (bnc#1145920).\n\nCVE-2019-3819: A flaw was fixed in the function\nhid_debug_events_read() in drivers/hid/hid-debug.c file which may have\nenter an infinite loop with certain parameters passed from a\nuserspace. A local privileged user ('root') could have caused a system\nlock up and a denial of service (bnc#1123161).\n\nCVE-2019-10207: Check for missing tty operations in bluetooth/hci_uart\n(bsc#1142857).\n\nCVE-2018-20856: Fixed a use-after-free issue in block/blk-core.c,\nwhere certain error case are mishandled (bnc#1143048).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106061\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128977\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1130972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1133860\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1134399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135335\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1135365\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137584\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139358\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139826\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140652\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140903\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140945\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141402\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141452\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141453\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142254\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142857\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1143333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144273\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144288\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1145922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20855/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20856/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-10207/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-1125/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-11810/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-13648/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14283/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14284/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15117/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15118/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-3819/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192263-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?144f001a\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8:zypper in -t patch\nSUSE-OpenStack-Cloud-Crowbar-8-2019-2263=1\n\nSUSE OpenStack Cloud 8:zypper in -t patch\nSUSE-OpenStack-Cloud-8-2019-2263=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-2263=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-2263=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-BCL-2019-2263=1\n\nSUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch\nSUSE-SLE-HA-12-SP3-2019-2263=1\n\nSUSE Enterprise Storage 5:zypper in -t patch\nSUSE-Storage-5-2019-2263=1\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nHPE Helion Openstack 8:zypper in -t patch\nHPE-Helion-OpenStack-8-2019-2263=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15117\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-debuginfo-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.103.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.103.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.103.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.103.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.103.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.103.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.103.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.103.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-28T13:15:34", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-16884)\n\n - An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.(CVE-2017-13168)\n\n - A flaw in the load_elf_binary() function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because install_exec_creds() is called too late in this function.(CVE-2019-11190)\n\n - The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack.(CVE-2019-3874)\n\n - A flaw was found in the Linux kernel ext4 filesystem.\n An out-of-bound access is possible in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.(CVE-2018-10877)\n\n - Non-optimized code for key handling of shared futexes was found in the Linux kernel in the form of unbounded contention time due to the page lock for real-time users. Before the fix, the page lock was an unnecessarily heavy lock for the futex path that protected too much. After the fix, the page lock is only required in a specific corner case.(CVE-2018-9422)\n\n - A flaw was found in the Linux kernel in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file. A lack of the certain checks may allow a privileged user ('root') to achieve an out-of-bounds write and thus receiving user space buffer corruption.(CVE-2018-9516i1/4%0\n\n - A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.(CVE-2019-6133)\n\n - A flaw was found in the implementation of the 'fill buffer', a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)\n\n - Microprocessors use a aEUR~load portaEURtm subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPUaEURtms pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)\n\n - Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13168", "CVE-2018-10877", "CVE-2018-12126", "CVE-2018-12127", "CVE-2018-12130", "CVE-2018-16884", "CVE-2018-9422", "CVE-2018-9516", "CVE-2019-11091", "CVE-2019-11190", "CVE-2019-3874", "CVE-2019-6133"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1586.NASL", "href": "https://www.tenable.com/plugins/nessus/125513", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125513);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13168\",\n \"CVE-2018-10877\",\n \"CVE-2018-12126\",\n \"CVE-2018-12127\",\n \"CVE-2018-12130\",\n \"CVE-2018-16884\",\n \"CVE-2018-9422\",\n \"CVE-2018-9516\",\n \"CVE-2019-11091\",\n \"CVE-2019-11190\",\n \"CVE-2019-3874\",\n \"CVE-2019-6133\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Linux kernel's NFS41+\n subsystem. NFS41+ shares mounted in different network\n namespaces at the same time can make bc_svc_process()\n use wrong back-channel IDs and cause a use-after-free\n vulnerability. Thus a malicious container user can\n cause a host kernel memory corruption and a system\n panic. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out.(CVE-2018-16884)\n\n - An elevation of privilege vulnerability in the kernel\n scsi driver. Product: Android. Versions: Android\n kernel. Android ID A-65023233.(CVE-2017-13168)\n\n - A flaw in the load_elf_binary() function in the Linux\n kernel allows a local attacker to leak the base address\n of .text and stack sections for setuid binaries and\n bypass ASLR because install_exec_creds() is called too\n late in this function.(CVE-2019-11190)\n\n - The SCTP socket buffer used by a userspace application\n is not accounted by the cgroups subsystem. An attacker\n can use this flaw to cause a denial of service\n attack.(CVE-2019-3874)\n\n - A flaw was found in the Linux kernel ext4 filesystem.\n An out-of-bound access is possible in the\n ext4_ext_drop_refs() function when operating on a\n crafted ext4 filesystem image.(CVE-2018-10877)\n\n - Non-optimized code for key handling of shared futexes\n was found in the Linux kernel in the form of unbounded\n contention time due to the page lock for real-time\n users. Before the fix, the page lock was an\n unnecessarily heavy lock for the futex path that\n protected too much. After the fix, the page lock is\n only required in a specific corner case.(CVE-2018-9422)\n\n - A flaw was found in the Linux kernel in the\n hid_debug_events_read() function in the\n drivers/hid/hid-debug.c file. A lack of the certain\n checks may allow a privileged user ('root') to achieve\n an out-of-bounds write and thus receiving user space\n buffer corruption.(CVE-2018-9516i1/4%0\n\n - A vulnerability was found in polkit. When\n authentication is performed by a non-root user to\n perform an administrative task, the authentication is\n temporarily cached in such a way that a local attacker\n could impersonate the authorized process, thus gaining\n access to elevated privileges.(CVE-2019-6133)\n\n - A flaw was found in the implementation of the 'fill\n buffer', a mechanism used by modern CPUs when a\n cache-miss is made on L1 CPU cache. If an attacker can\n generate a load operation that would create a page\n fault, the execution will continue speculatively with\n incorrect data from the fill buffer while the data is\n fetched from higher level caches. This response time\n can be measured to infer data in the fill buffer.\n (CVE-2018-12130)\n\n - Modern Intel microprocessors implement hardware-level\n micro-optimizations to improve the performance of\n writing data back to CPU caches. The write operation is\n split into STA (STore Address) and STD (STore Data)\n sub-operations. These sub-operations allow the\n processor to hand-off address generation logic into\n these sub-operations for optimized writes. Both of\n these sub-operations write to a shared distributed\n processor structure called the 'processor store\n buffer'. As a result, an unprivileged attacker could\n use this flaw to read private data resident within the\n CPU's processor store buffer. (CVE-2018-12126)\n\n - Microprocessors use a aEUR~load portaEURtm subcomponent to\n perform load operations from memory or IO. During a\n load operation, the load port receives data from the\n memory or IO subsystem and then provides the data to\n the CPU registers and operations in the CPUaEURtms\n pipelines. Stale load operations results are stored in\n the 'load port' table until overwritten by newer\n operations. Certain load-port operations triggered by\n an attacker can be used to reveal data about previous\n stale requests leaking data back to the attacker via a\n timing side-channel. (CVE-2018-12127)\n\n - Uncacheable memory on some microprocessors utilizing\n speculative execution may allow an authenticated user\n to potentially enable information disclosure via a side\n channel with local access. (CVE-2019-11091)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1586\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?78581b48\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h154\",\n \"kernel-debug-3.10.0-327.62.59.83.h154\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h154\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h154\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h154\",\n \"kernel-devel-3.10.0-327.62.59.83.h154\",\n \"kernel-headers-3.10.0-327.62.59.83.h154\",\n \"kernel-tools-3.10.0-327.62.59.83.h154\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h154\",\n \"perf-3.10.0-327.62.59.83.h154\",\n \"python-perf-3.10.0-327.62.59.83.h154\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:19:17", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915 driver were fixed which might have lead to information leaks.\n(bnc#1122971).\n\nCVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).\n\nCVE-2019-3819: A flaw was found in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service. (bnc#1123161).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bnc#1124728 ).\n\nCVE-2019-7221: Fixed a use-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor related to handling page fault exceptions, which allowed a guest user/process to use this flaw to leak the host's stack memory contents to a guest (bsc#1124735).\n\nCVE-2019-7308: kernel/bpf/verifier.c performed undesirable out-of-bounds speculation on pointer arithmetic in various cases, including cases of different branches with different state or limits to sanitize, leading to side-channel attacks (bnc#1124055).\n\nCVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr (bnc#1125907).\n\nCVE-2019-8980: A memory leak in the kernel_read_file function in fs/exec.c allowed attackers to cause a denial of service (memory consumption) by triggering vfs_read failures (bnc#1126209).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bnc#1128166).\n\nCVE-2019-2024: A use-after-free when disconnecting a source was fixed which could lead to crashes. bnc#1129179).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0765-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5753", "CVE-2018-20669", "CVE-2019-2024", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-7308", "CVE-2019-8912", "CVE-2019-8980", "CVE-2019-9213"], "modified": "2022-05-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0765-1.NASL", "href": "https://www.tenable.com/plugins/nessus/123413", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0765-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123413);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/20\");\n\n script_cve_id(\n \"CVE-2017-5753\",\n \"CVE-2018-20669\",\n \"CVE-2019-2024\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3819\",\n \"CVE-2019-6974\",\n \"CVE-2019-7221\",\n \"CVE-2019-7222\",\n \"CVE-2019-7308\",\n \"CVE-2019-8912\",\n \"CVE-2019-8980\",\n \"CVE-2019-9213\"\n );\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:0765-1) (Spectre)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Missing access control checks in ioctl of gpu/drm/i915\ndriver were fixed which might have lead to information leaks.\n(bnc#1122971).\n\nCVE-2019-3459, CVE-2019-3460: The Bluetooth stack suffered from two\nremote information leak vulnerabilities in the code that handles\nincoming L2cap configuration packets (bsc#1120758).\n\nCVE-2019-3819: A flaw was found in the function\nhid_debug_events_read() in drivers/hid/hid-debug.c file which may\nenter an infinite loop with certain parameters passed from a\nuserspace. A local privileged user ('root') can cause a system lock up\nand a denial of service. (bnc#1123161).\n\nCVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c\nmishandled reference counting because of a race condition, leading to\na use-after-free (bnc#1124728 ).\n\nCVE-2019-7221: Fixed a use-after-free vulnerability in the KVM\nhypervisor related to the emulation of a preemption timer, allowing an\nguest user/process to crash the host kernel. (bsc#1124732).\n\nCVE-2019-7222: Fixed an information leakage in the KVM hypervisor\nrelated to handling page fault exceptions, which allowed a guest\nuser/process to use this flaw to leak the host's stack memory contents\nto a guest (bsc#1124735).\n\nCVE-2019-7308: kernel/bpf/verifier.c performed undesirable\nout-of-bounds speculation on pointer arithmetic in various cases,\nincluding cases of different branches with different state or limits\nto sanitize, leading to side-channel attacks (bnc#1124055).\n\nCVE-2019-8912: af_alg_release() in crypto/af_alg.c neglects to set a\nNULL value for a certain structure member, which leads to a\nuse-after-free in sockfs_setattr (bnc#1125907).\n\nCVE-2019-8980: A memory leak in the kernel_read_file function in\nfs/exec.c allowed attackers to cause a denial of service (memory\nconsumption) by triggering vfs_read failures (bnc#1126209).\n\nCVE-2019-9213: expand_downwards in mm/mmap.c lacked a check for the\nmmap minimum address, which made it easier for attackers to exploit\nkernel NULL pointer dereferences on non-SMAP platforms. This is\nrelated to a capability check for the wrong task (bnc#1128166).\n\nCVE-2019-2024: A use-after-free when disconnecting a source was fixed\nwhich could lead to crashes. bnc#1129179).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1046306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074701\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080039\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1083647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086313\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087084\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1087939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1088133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1102055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106811\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108870\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119766\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120955\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122324\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122554\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122779\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123060\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123357\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123882\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124982\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124984\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1124985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125797\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125799\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1125947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126476\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126789\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126790\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127495\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127567\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127682\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127836\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1128895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129046\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129179\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129327\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129497\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129551\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129664\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=807502\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=824948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=828192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=925178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-5753/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-2024/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3459/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3460/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3819/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7221/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7222/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-7308/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8912/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-8980/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9213/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190765-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7176d9bd\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP4:zypper in -t patch\nSUSE-SLE-WE-12-SP4-2019-765=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2019-765=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2019-765=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2019-765=1\n\nSUSE Linux Enterprise High Availability 12-SP4:zypper in -t patch\nSUSE-SLE-HA-12-SP4-2019-765=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2019-765=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-8912\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-6974\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debuginfo-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-debugsource-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-extra-debuginfo-4.12.14-95.13.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-syms-4.12.14-95.13.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T13:51:16", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel before 5.0.8. There is a race condition leading to a use-after-free, related to net namespace cleanup.(CVE-2019-11815)A flaw was found in the Linux kernel's handle_rx() function in the vhost_net driver.\n A malicious virtual guest, under specific conditions, can trigger an out-of-bounds write in a kmalloc-8 slab on a virtual host which may lead to a kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-16880)A NULL pointer dereference security flaw was found in the Linux kernel in kvm_pv_send_ipi() in arch/x86/kvm/lapic.c. This allows local users with certain privileges to cause a denial of service via a crafted system call to the KVM subsystem.(CVE-2018-19406)The function hso_get_config_data in driverset/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.(CVE-2018-19985)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.\n When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-3459)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-3460)A flaw was found in the Linux kernel in the function hid_debug_events_read() in the drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user ('root') can cause a system lock up and a denial of service.(CVE-2019-3819)In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.(CVE-2019-9213)A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.(CVE-2019-3882)An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.(CVE-2019-3900)It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabled hardware with net_dma enabled can leak the memory, crash the host leading to a denial-of-service or cause a random memory corruption.(CVE-2019-3837)A race condition in perf_event_open() allows local attackers to leak sensitive data from setuid programs. As no relevant locks (in particular the cred_guard_mutex) are held during the ptrace_may_access() call, it is possible for the specified target task to perform an execve() syscall with setuid execution before perf_event_alloc() actually attaches to it, allowing an attacker to bypass the ptrace_may_access() check and the perf_event_exit_task(current) call that is performed in install_exec_creds() during privileged execve() calls.\n This issue affects kernel versions before 4.8.\n (CVE-2019-3901)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2019-8956)cipso_v4_validate in includeet/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstrated by icmpsic, a different vulnerability than CVE-2013-0310.(CVE-2013-7470)Note1:\n kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions in EulerOS Virtualization for ARM 64 3.0.2.0 return incorrect time information when executing the uname -a command.Note2: The kernel version number naming format has been changed after 4.19.36-1.2.184.aarch64, the new version format is 4.19.36-vhulk1907.1.0.hxxx.aarch64, which may lead to false positives of this security advisory.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1636)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7470", "CVE-2018-16880", "CVE-2018-19406", "CVE-2018-19985", "CVE-2019-11815", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3819", "CVE-2019-3837", "CVE-2019-3882", "CVE-2019-3900", "CVE-2019-3901", "CVE-2019-8956", "CVE-2019-9213"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1636.NASL", "href": "https://www.tenable.com/plugins/nessus/125588", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125588);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-7470\",\n \"CVE-2018-16880\",\n \"CVE-2018-19406\",\n \"CVE-2018-19985\",\n \"CVE-2019-11815\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\",\n \"CVE-2019-3819\",\n \"CVE-2019-3837\",\n \"CVE-2019-3882\",\n \"CVE-2019-3900\",\n \"CVE-2019-3901\",\n \"CVE-2019-8956\",\n \"CVE-2019-9213\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2019-1636)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):An issue was discovered in\n rds_tcp_kill_sock in net/rds/tcp.c in the Linux kernel\n before 5.0.8. There is a race condition leading to a\n use-after-free, related to net namespace\n cleanup.(CVE-2019-11815)A flaw was found in the Linux\n kernel's handle_rx() function in the vhost_net driver.\n A malicious virtual guest, under specific conditions,\n can trigger an out-of-bounds write in a kmalloc-8 slab\n on a virtual host which may lead to a kernel memory\n corruption and a system panic. Due to the nature of the\n flaw, privilege escalation cannot be fully ruled\n out.(CVE-2018-16880)A NULL pointer dereference security\n flaw was found in the Linux kernel in kvm_pv_send_ipi()\n in arch/x86/kvm/lapic.c. This allows local users with\n certain privileges to cause a denial of service via a\n crafted system call to the KVM\n subsystem.(CVE-2018-19406)The function\n hso_get_config_data in driverset/usb/hso.c in the Linux\n kernel through 4.19.8 reads if_num from the USB device\n (as a u8) and uses it to index a small array, resulting\n in an object out-of-bounds (OOB) read that potentially\n allows arbitrary read in the kernel address\n space.(CVE-2018-19985)** RESERVED ** This candidate has\n been reserved by an organization or individual that\n will use it when announcing a new security problem.\n When the candidate has been publicized, the details for\n this candidate will be provided.(CVE-2019-3459)**\n RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2019-3460)A flaw was found in the\n Linux kernel in the function hid_debug_events_read() in\n the drivers/hid/hid-debug.c file which may enter an\n infinite loop with certain parameters passed from a\n userspace. A local privileged user ('root') can cause a\n system lock up and a denial of\n service.(CVE-2019-3819)In the Linux kernel before\n 4.20.14, expand_downwards in mm/mmap.c lacks a check\n for the mmap minimum address, which makes it easier for\n attackers to exploit kernel NULL pointer dereferences\n on non-SMAP platforms. This is related to a capability\n check for the wrong task.(CVE-2019-9213)A flaw was\n found in the Linux kernel's vfio interface\n implementation that permits violation of the user's\n locked memory limit. If a device is bound to a vfio\n driver, such as vfio-pci, and the local attacker is\n administratively granted ownership of the device, it\n may cause a system memory exhaustion and thus a denial\n of service (DoS). Versions 3.10, 4.14 and 4.18 are\n vulnerable.(CVE-2019-3882)An infinite loop issue was\n found in the vhost_net kernel module in Linux Kernel up\n to and including v5.1-rc6, while handling incoming\n packets in handle_rx(). It could occur if one end sends\n packets faster than the other end can process them. A\n guest user, maybe remote one, could use this flaw to\n stall the vhost_net kernel thread, resulting in a DoS\n scenario.(CVE-2019-3900)It was found that the net_dma\n code in tcp_recvmsg() in the 2.6.32 kernel as shipped\n in RHEL6 is thread-unsafe. So an unprivileged\n multi-threaded userspace application calling recvmsg()\n for the same network socket in parallel executed on\n ioatdma-enabled hardware with net_dma enabled can leak\n the memory, crash the host leading to a\n denial-of-service or cause a random memory\n corruption.(CVE-2019-3837)A race condition in\n perf_event_open() allows local attackers to leak\n sensitive data from setuid programs. As no relevant\n locks (in particular the cred_guard_mutex) are held\n during the ptrace_may_access() call, it is possible for\n the specified target task to perform an execve()\n syscall with setuid execution before perf_event_alloc()\n actually attaches to it, allowing an attacker to bypass\n the ptrace_may_access() check and the\n perf_event_exit_task(current) call that is performed in\n install_exec_creds() during privileged execve() calls.\n This issue affects kernel versions before 4.8.\n (CVE-2019-3901)** RESERVED ** This candidate has been\n reserved by an organization or individual that will use\n it when announcing a new security problem. When the\n candidate has been publicized, the details for this\n candidate will be\n provided.(CVE-2019-8956)cipso_v4_validate in\n includeet/cipso_ipv4.h in the Linux kernel before\n 3.11.7, when CONFIG_NETLABEL is disabled, allows\n attackers to cause a denial of service (infinite loop\n and crash), as demonstrated by icmpsic, a different\n vulnerability than CVE-2013-0310.(CVE-2013-7470)Note1:\n kernel-4.19.36-vhulk1907.1.0.h529 and earlier versions\n in EulerOS Virtualization for ARM 64 3.0.2.0 return\n incorrect time information when executing the uname -a\n command.Note2: The kernel version number naming format\n has been changed after 4.19.36-1.2.184.aarch64, the new\n version format is 4.19.36-vhulk1907.1.0.hxxx.aarch64,\n which may lead to false positives of this security\n advisory.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1636\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5118fa2c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-1.2.159\",\n \"kernel-devel-4.19.36-1.2.159\",\n \"kernel-headers-4.19.36-1.2.159\",\n \"kernel-tools-4.19.36-1.2.159\",\n \"kernel-tools-libs-4.19.36-1.2.159\",\n \"kernel-tools-libs-devel-4.19.36-1.2.159\",\n \"perf-4.19.36-1.2.159\",\n \"python-perf-4.19.36-1.2.159\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T17:51:43", "description": "Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations.\nAn attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-02-05T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities (USN-3871-3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3871-3.NASL", "href": "https://www.tenable.com/plugins/nessus/121593", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3871-3. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121593);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-14625\", \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\", \"CVE-2018-9516\");\n script_xref(name:\"USN\", value:\"3871-3\");\n\n script_name(english:\"Ubuntu 18.04 LTS : linux-aws, linux-gcp, linux-kvm, linux-oem, linux-raspi2 vulnerabilities (USN-3871-3)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Wen Xu discovered that a use-after-free vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could\nuse this to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in\nthe ext4 filesystem implementation in the Linux kernel. An attacker\ncould use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly ensure that xattr information remained in\ninode bodies. An attacker could use this to construct a malicious ext4\nimage that, when mounted, could cause a denial of service (system\ncrash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the\nLinux kernel could possibly perform an out of bounds write when\nupdating the journal for an inline file. An attacker could use this to\nconstruct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address\nfamily implementation of the Linux kernel that could lead to a\nuse-after-free condition. A local attacker in a guest virtual machine\ncould use this to expose sensitive information (host machine kernel\nmemory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in\nthe KVM implementation of the Linux kernel, when handling interrupts\nin environments where nested virtualization is in use (nested KVM\nvirtualization is not enabled by default in Ubuntu kernels). A local\nattacker in a guest VM could possibly use this to gain administrative\nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the\nkernel stack of an arbitrary task. A local attacker could use this to\nexpose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel\ndid not properly flush the TLB when completing, potentially leaving\naccess to a physical page after it has been released to the page\nallocator. A local attacker could use this to cause a denial of\nservice (system crash), expose sensitive information, or possibly\nexecute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did\nnot properly ensure that ioapics were initialized. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID\nsubsystem did not properly perform bounds checking in some situations.\nAn attacker with access to debugfs could use this to cause a denial of\nservice or possibly gain additional privileges. (CVE-2018-9516).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3871-3/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9516\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2022 Canonical, Inc. / NASL script (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-14625\", \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\", \"CVE-2018-9516\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3871-3\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1027-gcp\", pkgver:\"4.15.0-1027.28\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1029-kvm\", pkgver:\"4.15.0-1029.29\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1031-raspi2\", pkgver:\"4.15.0-1031.33\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1032-aws\", pkgver:\"4.15.0-1032.34\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1033-oem\", pkgver:\"4.15.0-1033.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1032.31\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1027.29\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1027.29\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1029.29\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.1033.38\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1031.29\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-gcp / linux-image-4.15-kvm / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T17:51:43", "description": "USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. Unfortunately, that update introduced regressions with docking station displays and mounting ext4 file systems with the meta_bg option enabled. This update fixes the problems.\n\nWe apologize for the inconvenience.\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations.\nAn attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-02-05T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel regression (USN-3871-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3871-2.NASL", "href": "https://www.tenable.com/plugins/nessus/121592", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3871-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121592);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-14625\", \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\", \"CVE-2018-9516\");\n script_xref(name:\"USN\", value:\"3871-2\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel regression (USN-3871-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. Unfortunately, that update introduced regressions with docking\nstation displays and mounting ext4 file systems with the meta_bg\noption enabled. This update fixes the problems.\n\nWe apologize for the inconvenience.\n\nWen Xu discovered that a use-after-free vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could\nuse this to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in\nthe ext4 filesystem implementation in the Linux kernel. An attacker\ncould use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly ensure that xattr information remained in\ninode bodies. An attacker could use this to construct a malicious ext4\nimage that, when mounted, could cause a denial of service (system\ncrash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the\nLinux kernel could possibly perform an out of bounds write when\nupdating the journal for an inline file. An attacker could use this to\nconstruct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address\nfamily implementation of the Linux kernel that could lead to a\nuse-after-free condition. A local attacker in a guest virtual machine\ncould use this to expose sensitive information (host machine kernel\nmemory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in\nthe KVM implementation of the Linux kernel, when handling interrupts\nin environments where nested virtualization is in use (nested KVM\nvirtualization is not enabled by default in Ubuntu kernels). A local\nattacker in a guest VM could possibly use this to gain administrative\nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the\nkernel stack of an arbitrary task. A local attacker could use this to\nexpose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel\ndid not properly flush the TLB when completing, potentially leaving\naccess to a physical page after it has been released to the page\nallocator. A local attacker could use this to cause a denial of\nservice (system crash), expose sensitive information, or possibly\nexecute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did\nnot properly ensure that ioapics were initialized. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID\nsubsystem did not properly perform bounds checking in some situations.\nAn attacker with access to debugfs could use this to cause a denial of\nservice or possibly gain additional privileges. (CVE-2018-9516).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3871-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9516\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2022 Canonical, Inc. / NASL script (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-14625\", \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\", \"CVE-2018-9516\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3871-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-45-generic\", pkgver:\"4.15.0-45.48\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-45-generic-lpae\", pkgver:\"4.15.0-45.48\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-45-lowlatency\", pkgver:\"4.15.0-45.48\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-45-snapdragon\", pkgver:\"4.15.0-45.48\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.45.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.45.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.45.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.45.47\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-generic / linux-image-4.15-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-25T17:23:56", "description": "Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations.\nAn attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-02-08T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : linux-azure vulnerabilities (USN-3871-5)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3871-5.NASL", "href": "https://www.tenable.com/plugins/nessus/122052", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3871-5. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(122052);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-14625\", \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\", \"CVE-2018-9516\");\n script_xref(name:\"USN\", value:\"3871-5\");\n\n script_name(english:\"Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : linux-azure vulnerabilities (USN-3871-5)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Wen Xu discovered that a use-after-free vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could\nuse this to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in\nthe ext4 filesystem implementation in the Linux kernel. An attacker\ncould use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly ensure that xattr information remained in\ninode bodies. An attacker could use this to construct a malicious ext4\nimage that, when mounted, could cause a denial of service (system\ncrash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the\nLinux kernel could possibly perform an out of bounds write when\nupdating the journal for an inline file. An attacker could use this to\nconstruct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address\nfamily implementation of the Linux kernel that could lead to a\nuse-after-free condition. A local attacker in a guest virtual machine\ncould use this to expose sensitive information (host machine kernel\nmemory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in\nthe KVM implementation of the Linux kernel, when handling interrupts\nin environments where nested virtualization is in use (nested KVM\nvirtualization is not enabled by default in Ubuntu kernels). A local\nattacker in a guest VM could possibly use this to gain administrative\nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the\nkernel stack of an arbitrary task. A local attacker could use this to\nexpose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel\ndid not properly flush the TLB when completing, potentially leaving\naccess to a physical page after it has been released to the page\nallocator. A local attacker could use this to cause a denial of\nservice (system crash), expose sensitive information, or possibly\nexecute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did\nnot properly ensure that ioapics were initialized. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID\nsubsystem did not properly perform bounds checking in some situations.\nAn attacker with access to debugfs could use this to cause a denial of\nservice or possibly gain additional privileges. (CVE-2018-9516).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3871-5/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.15-azure and / or linux-image-azure\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9516\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2022 Canonical, Inc. / NASL script (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04|16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04 / 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-14625\", \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\", \"CVE-2018-9516\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3871-5\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.15.0-1037-azure\", pkgver:\"4.15.0-1037.39~14.04.2\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1037.24\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1037-azure\", pkgver:\"4.15.0-1037.39~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1037.42\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1037-azure\", pkgver:\"4.15.0-1037.39\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1037.37\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-azure / linux-image-azure\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T17:52:28", "description": "USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS.\n\nWen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations.\nAn attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-02-05T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux-hwe, linux-aws-hwe, linux-gcp vulnerabilities (USN-3871-4)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-3871-4.NASL", "href": "https://www.tenable.com/plugins/nessus/121594", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3871-4. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121594);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-14625\", \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\", \"CVE-2018-9516\");\n script_xref(name:\"USN\", value:\"3871-4\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux-hwe, linux-aws-hwe, linux-gcp vulnerabilities (USN-3871-4)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN-3871-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04\nLTS. This update provides the corresponding updates for the Linux\nHardware Enablement (HWE) kernel from Ubuntu 18.04 LTS for Ubuntu\n16.04 LTS.\n\nWen Xu discovered that a use-after-free vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could\nuse this to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in\nthe ext4 filesystem implementation in the Linux kernel. An attacker\ncould use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly ensure that xattr information remained in\ninode bodies. An attacker could use this to construct a malicious ext4\nimage that, when mounted, could cause a denial of service (system\ncrash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the\nLinux kernel could possibly perform an out of bounds write when\nupdating the journal for an inline file. An attacker could use this to\nconstruct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address\nfamily implementation of the Linux kernel that could lead to a\nuse-after-free condition. A local attacker in a guest virtual machine\ncould use this to expose sensitive information (host machine kernel\nmemory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in\nthe KVM implementation of the Linux kernel, when handling interrupts\nin environments where nested virtualization is in use (nested KVM\nvirtualization is not enabled by default in Ubuntu kernels). A local\nattacker in a guest VM could possibly use this to gain administrative\nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the\nkernel stack of an arbitrary task. A local attacker could use this to\nexpose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel\ndid not properly flush the TLB when completing, potentially leaving\naccess to a physical page after it has been released to the page\nallocator. A local attacker could use this to cause a denial of\nservice (system crash), expose sensitive information, or possibly\nexecute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did\nnot properly ensure that ioapics were initialized. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID\nsubsystem did not properly perform bounds checking in some situations.\nAn attacker with access to debugfs could use this to cause a denial of\nservice or possibly gain additional privileges. (CVE-2018-9516).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3871-4/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9516\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2022 Canonical, Inc. / NASL script (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-14625\", \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\", \"CVE-2018-9516\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3871-4\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1027-gcp\", pkgver:\"4.15.0-1027.28~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1032-aws\", pkgver:\"4.15.0-1032.34~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-45-generic\", pkgver:\"4.15.0-45.48~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-45-generic-lpae\", pkgver:\"4.15.0-45.48~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-45-lowlatency\", pkgver:\"4.15.0-45.48~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1032.33\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1027.41\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.45.66\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.45.66\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1027.41\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.45.66\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.45.66\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.15.0.45.66\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-gcp / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T17:48:10", "description": "Wen Xu discovered that a use-after-free vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly ensure that xattr information remained in inode bodies. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the Linux kernel could possibly perform an out of bounds write when updating the journal for an inline file. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address family implementation of the Linux kernel that could lead to a use-after-free condition. A local attacker in a guest virtual machine could use this to expose sensitive information (host machine kernel memory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in the KVM implementation of the Linux kernel, when handling interrupts in environments where nested virtualization is in use (nested KVM virtualization is not enabled by default in Ubuntu kernels). A local attacker in a guest VM could possibly use this to gain administrative privileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the Linux kernel did not properly restrict the ability to inspect the kernel stack of an arbitrary task. A local attacker could use this to expose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel did not properly flush the TLB when completing, potentially leaving access to a physical page after it has been released to the page allocator. A local attacker could use this to cause a denial of service (system crash), expose sensitive information, or possibly execute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did not properly ensure that ioapics were initialized. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID subsystem did not properly perform bounds checking in some situations.\nAn attacker with access to debugfs could use this to cause a denial of service or possibly gain additional privileges. (CVE-2018-9516).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2019-01-30T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3871-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10876", "CVE-2018-10877", "CVE-2018-10878", "CVE-2018-10879", "CVE-2018-10880", "CVE-2018-10882", "CVE-2018-10883", "CVE-2018-14625", "CVE-2018-16882", "CVE-2018-17972", "CVE-2018-18281", "CVE-2018-19407", "CVE-2018-9516"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-3871-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121469", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3871-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121469);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-14625\", \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\", \"CVE-2018-9516\");\n script_xref(name:\"USN\", value:\"3871-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3871-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Wen Xu discovered that a use-after-free vulnerability existed in the\next4 filesystem implementation in the Linux kernel. An attacker could\nuse this to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10876, CVE-2018-10879)\n\nWen Xu discovered that a buffer overflow existed in the ext4\nfilesystem implementation in the Linux kernel. An attacker could use\nthis to construct a malicious ext4 image that, when mounted, could\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2018-10877)\n\nWen Xu discovered that an out-of-bounds write vulnerability existed in\nthe ext4 filesystem implementation in the Linux kernel. An attacker\ncould use this to construct a malicious ext4 image that, when mounted,\ncould cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2018-10878, CVE-2018-10882)\n\nWen Xu discovered that the ext4 filesystem implementation in the Linux\nkernel did not properly ensure that xattr information remained in\ninode bodies. An attacker could use this to construct a malicious ext4\nimage that, when mounted, could cause a denial of service (system\ncrash). (CVE-2018-10880)\n\nWen Xu discovered that the ext4 file system implementation in the\nLinux kernel could possibly perform an out of bounds write when\nupdating the journal for an inline file. An attacker could use this to\nconstruct a malicious ext4 image that, when mounted, could cause a\ndenial of service (system crash). (CVE-2018-10883)\n\nIt was discovered that a race condition existed in the vsock address\nfamily implementation of the Linux kernel that could lead to a\nuse-after-free condition. A local attacker in a guest virtual machine\ncould use this to expose sensitive information (host machine kernel\nmemory). (CVE-2018-14625)\n\nCfir Cohen discovered that a use-after-free vulnerability existed in\nthe KVM implementation of the Linux kernel, when handling interrupts\nin environments where nested virtualization is in use (nested KVM\nvirtualization is not enabled by default in Ubuntu kernels). A local\nattacker in a guest VM could possibly use this to gain administrative\nprivileges in a host machine. (CVE-2018-16882)\n\nJann Horn discovered that the procfs file system implementation in the\nLinux kernel did not properly restrict the ability to inspect the\nkernel stack of an arbitrary task. A local attacker could use this to\nexpose sensitive information. (CVE-2018-17972)\n\nJann Horn discovered that the mremap() system call in the Linux kernel\ndid not properly flush the TLB when completing, potentially leaving\naccess to a physical page after it has been released to the page\nallocator. A local attacker could use this to cause a denial of\nservice (system crash), expose sensitive information, or possibly\nexecute arbitrary code. (CVE-2018-18281)\n\nWei Wu discovered that the KVM implementation in the Linux kernel did\nnot properly ensure that ioapics were initialized. A local attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2018-19407)\n\nIt was discovered that the debug interface for the Linux kernel's HID\nsubsystem did not properly perform bounds checking in some situations.\nAn attacker with access to debugfs could use this to cause a denial of\nservice or possibly gain additional privileges. (CVE-2018-9516).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3871-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9516\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2022 Canonical, Inc. / NASL script (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-10876\", \"CVE-2018-10877\", \"CVE-2018-10878\", \"CVE-2018-10879\", \"CVE-2018-10880\", \"CVE-2018-10882\", \"CVE-2018-10883\", \"CVE-2018-14625\", \"CVE-2018-16882\", \"CVE-2018-17972\", \"CVE-2018-18281\", \"CVE-2018-19407\", \"CVE-2018-9516\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3871-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-44-generic\", pkgver:\"4.15.0-44.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-44-generic-lpae\", pkgver:\"4.15.0-44.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-44-lowlatency\", pkgver:\"4.15.0-44.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-44-snapdragon\", pkgver:\"4.15.0-44.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.44.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.44.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.44.46\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.15.0.44.46\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-generic / linux-image-4.15-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:27:07", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2018-14625\n\nA use-after-free bug was found in the vhost driver for the Virtual Socket protocol. If this driver is used to communicate with a malicious virtual machine guest, the guest could read sensitive information from the host kernel.\n\nCVE-2018-16884\n\nA flaw was found in the NFS 4.1 client implementation. Mounting NFS shares in multiple network namespaces at the same time could lead to a user-after-free. Local users might be able to use this for denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nThis can be mitigated by disabling unprivileged users from creating user namespaces, which is the default in Debian.\n\nCVE-2018-19824\n\nHui Peng and Mathias Payer discovered a use-after-free bug in the USB audio driver. A physically present attacker able to attach a specially designed USB device could use this for privilege escalation.\n\nCVE-2018-19985\n\nHui Peng and Mathias Payer discovered a missing bounds check in the hso USB serial driver. A physically present user able to attach a specially designed USB device could use this to read sensitive information from the kernel or to cause a denial of service (crash).\n\nCVE-2018-20169\n\nHui Peng and Mathias Payer discovered missing bounds checks in the USB core. A physically present attacker able to attach a specially designed USB device could use this to cause a denial of service (crash) or possibly for privilege escalation.\n\nCVE-2018-1000026\n\nIt was discovered that Linux could forward aggregated network packets with a segmentation size too large for the output device. In the specific case of Broadcom NetXtremeII 10Gb adapters, this would result in a denial of service (firmware crash). This update adds a mitigation to the bnx2x driver for this hardware.\n\nCVE-2019-3459, CVE-2019-3460\n\nShlomi Oberman, Yuli Shapiro and Karamba Security Ltd. research team discovered missing range checks in the Bluetooth L2CAP implementation.\nIf Bluetooth is enabled, a nearby attacker could use these to read sensitive information from the kernel.\n\nCVE-2019-3701\n\nMuyu Yu and Marcus Meissner reported that the CAN gateway implementation allowed the frame length to be modified, typically resulting in out-of-bounds memory-mapped I/O writes. On a system with CAN devices present, a local user with CAP_NET_ADMIN capability in the initial net namespace could use this to cause a crash (oops) or other hardware-dependent impact.\n\nCVE-2019-3819\n\nA potential infinite loop was discovered in the HID debugfs interface exposed under /sys/kernel/debug/hid. A user with access to these files could use this for denial of service.\n\nThis interface is only accessible to root by default, which fully mitigates the issue.\n\nCVE-2019-6974\n\nJann Horn reported a use-after-free bug in KVM. A local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-7221\n\nJim Mattson and Felix Wilhelm reported a user-after-free bug in KVM's nested VMX implementation. On systems with Intel CPUs, a local user with access to /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nNested VMX is disabled by default, which fully mitigates the issue.\n\nCVE-2019-7222\n\nFelix Wilhelm reported an information leak in KVM for x86. A local user with access to /dev/kvm could use this to read sensitive information from the kernel.\n\nCVE-2019-8980\n\nA bug was discovered in the kernel_read_file() function used to load firmware files. In certain error conditions it could leak memory, which might lead to a denial of service. This is probbaly not exploitable in a Debian system.\n\nCVE-2019-9213\n\nJann Horn reported that privileged tasks could cause stack segments, including those in other processes, to grow downward to address 0. On systems lacking SMAP (x86) or PAN (ARM), this exacerbated other vulnerabilities: a NULL pointer dereference could be exploited for privilege escalation rather than only for denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.168-1~deb8u1. This version also includes fixes for Debian bugs #904385, #918103, and #922306; and other fixes included in upstream stable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9 packages. You will need to use 'apt-get upgrade --with-new-pkgs' or 'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.8, "vector": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-06T00:00:00", "type": "nessus", "title": "Debian DLA-1771-1 : linux-4.9 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000026", "CVE-2018-14625", "CVE-2018-16884", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2019-3459", "CVE-2019-3460", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-6974", "CVE-2019-7221", "CVE-2019-7222", "CVE-2019-8980", "CVE-2019-9213"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1771.NASL", "href": "https://www.tenable.com/plugins/nessus/124595", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1771-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124595);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2018-1000026\", \"CVE-2018-14625\", \"CVE-2018-16884\", \"CVE-2018-19824\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2019-3459\", \"CVE-2019-3460\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-6974\", \"CVE-2019-7221\", \"CVE-2019-7222\", \"CVE-2019-8980\", \"CVE-2019-9213\");\n\n script_name(english:\"Debian DLA-1771-1 : linux-4.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2018-14625\n\nA use-after-free bug was found in the vhost driver for the Virtual\nSocket protocol. If this driver is used to communicate with a\nmalicious virtual machine guest, the guest could read sensitive\ninformation from the host kernel.\n\nCVE-2018-16884\n\nA flaw was found in the NFS 4.1 client implementation. Mounting NFS\nshares in multiple network namespaces at the same time could lead to a\nuser-after-free. Local users might be able to use this for denial of\nservice (memory corruption or crash) or possibly for privilege\nescalation.\n\nThis can be mitigated by disabling unprivileged users from\ncreating user namespaces, which is the default in Debian.\n\nCVE-2018-19824\n\nHui Peng and Mathias Payer discovered a use-after-free bug in the USB\naudio driver. A physically present attacker able to attach a specially\ndesigned USB device could use this for privilege escalation.\n\nCVE-2018-19985\n\nHui Peng and Mathias Payer discovered a missing bounds check in the\nhso USB serial driver. A physically present user able to attach a\nspecially designed USB device could use this to read sensitive\ninformation from the kernel or to cause a denial of service (crash).\n\nCVE-2018-20169\n\nHui Peng and Mathias Payer discovered missing bounds checks in the USB\ncore. A physically present attacker able to attach a specially\ndesigned USB device could use this to cause a denial of service\n(crash) or possibly for privilege escalation.\n\nCVE-2018-1000026\n\nIt was discovered that Linux could forward aggregated network packets\nwith a segmentation size too large for the output device. In the\nspecific case of Broadcom NetXtremeII 10Gb adapters, this would result\nin a denial of service (firmware crash). This update adds a mitigation\nto the bnx2x driver for this hardware.\n\nCVE-2019-3459, CVE-2019-3460\n\nShlomi Oberman, Yuli Shapiro and Karamba Security Ltd. research team\ndiscovered missing range checks in the Bluetooth L2CAP implementation.\nIf Bluetooth is enabled, a nearby attacker could use these to read\nsensitive information from the kernel.\n\nCVE-2019-3701\n\nMuyu Yu and Marcus Meissner reported that the CAN gateway\nimplementation allowed the frame length to be modified, typically\nresulting in out-of-bounds memory-mapped I/O writes. On a system with\nCAN devices present, a local user with CAP_NET_ADMIN capability in the\ninitial net namespace could use this to cause a crash (oops) or other\nhardware-dependent impact.\n\nCVE-2019-3819\n\nA potential infinite loop was discovered in the HID debugfs interface\nexposed under /sys/kernel/debug/hid. A user with access to these files\ncould use this for denial of service.\n\nThis interface is only accessible to root by default, which\nfully mitigates the issue.\n\nCVE-2019-6974\n\nJann Horn reported a use-after-free bug in KVM. A local user with\naccess to /dev/kvm could use this to cause a denial of service (memory\ncorruption or crash) or possibly for privilege escalation.\n\nCVE-2019-7221\n\nJim Mattson and Felix Wilhelm reported a user-after-free bug in KVM's\nnested VMX implementation. On systems with Intel CPUs, a local user\nwith access to /dev/kvm could use this to cause a denial of service\n(memory corruption or crash) or possibly for privilege escalation.\n\nNested VMX is disabled by default, which fully mitigates the\nissue.\n\nCVE-2019-7222\n\nFelix Wilhelm reported an information leak in KVM for x86. A local\nuser with access to /dev/kvm could use this to read sensitive\ninformation from the kernel.\n\nCVE-2019-8980\n\nA bug was discovered in the kernel_read_file() function used to load\nfirmware files. In certain error conditions it could leak memory,\nwhich might lead to a denial of service. This is probbaly not\nexploitable in a Debian system.\n\nCVE-2019-9213\n\nJann Horn reported that privileged tasks could cause stack segments,\nincluding those in other processes, to grow downward to address 0. On\nsystems lacking SMAP (x86) or PAN (ARM), this exacerbated other\nvulnerabilities: a NULL pointer dereference could be exploited for\nprivilege escalation rather than only for denial of service.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.168-1~deb8u1. This version also includes fixes for Debian bugs\n#904385, #918103, and #922306; and other fixes included in upstream\nstable updates.\n\nWe recommend that you upgrade your linux-4.9 and linux-latest-4.9\npackages. You will need to use 'apt-get upgrade --with-new-pkgs' or\n'apt upgrade' as the binary package names have changed.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20169\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.168-1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.168-1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-11T15:16:51", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation (bnc#1108498).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2017-7273: The cp_report_fixup function in drivers/hid/hid-cypress.c allowed physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report (bnc#1031240).\n\nCVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674).\n\nCVE-2017-1000407: Fixed a denial of service, which was caused by flooding the diagnostic port 0x80 an exception leading to a kernel panic (bnc#1071021).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-30T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000407", "CVE-2017-16533", "CVE-2017-7273", "CVE-2018-10940", "CVE-2018-16658", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18710", "CVE-2018-19407", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-9516", "CVE-2018-9568"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2019-13937-1.NASL", "href": "https://www.tenable.com/plugins/nessus/121468", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:13937-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121468);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-1000407\", \"CVE-2017-16533\", \"CVE-2017-7273\", \"CVE-2018-10940\", \"CVE-2018-16658\", \"CVE-2018-18281\", \"CVE-2018-18386\", \"CVE-2018-18710\", \"CVE-2018-19407\", \"CVE-2018-19824\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-9516\", \"CVE-2018-9568\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2019:13937-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to 3.0.101 to\nreceive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c,\nthere is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution\nprivileges needed. User interaction is not needed for exploitation\n(bnc#1108498).\n\nCVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c\nallowed local users to cause a denial of service (NULL pointer\ndereference and BUG) via crafted system calls that reach a situation\nwhere ioapic is uninitialized (bnc#1116841).\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device\n(as an u8) and used it without a length check to index an array,\nresulting in an OOB memory read in hso_probe or hso_get_config_data\nthat could be used by local attackers (bnc#1120743).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the\nreading of an extra descriptor, related to __usb_get_extra_descriptor\nin drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory\ncorruption due to type confusion. This could lead to local escalation\nof privilege with no additional execution privileges needed. User\ninteraction is not needed for exploitation (bnc#1118319).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the\nALSA driver by supplying a malicious USB Sound device (with zero\ninterfaces) that is mishandled in usb_audio_probe in sound/usb/card.c\n(bnc#1118152).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after\ndropping pagetable locks. If a syscall such as ftruncate() removes\nentries from the pagetables of a task that is in the middle of\nmremap(), a stale TLB entry can remain for a short time that permits\naccess to a physical page after it has been released back to the page\nallocator and reused (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in\ndrivers/cdrom/cdrom.c could be used by local attackers to read kernel\nmemory because a cast from unsigned long to int interferes with bounds\nchecking. This is similar to CVE-2018-10940 and CVE-2018-16658\n(bnc#1113751).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are\nable to access pseudo terminals) to hang/block further usage of any\npseudo terminal devices due to an EXTPROC versus ICANON confusion in\nTIOCINQ (bnc#1094825).\n\nCVE-2017-7273: The cp_report_fixup function in\ndrivers/hid/hid-cypress.c allowed physically proximate attackers to\ncause a denial of service (integer underflow) or possibly have\nunspecified other impact via a crafted HID report (bnc#1031240).\n\nCVE-2017-16533: The usbhid_parse function in\ndrivers/hid/usbhid/hid-core.c allowed local users to cause a denial of\nservice (out-of-bounds read and system crash) or possibly have\nunspecified other impact via a crafted USB device (bnc#1066674).\n\nCVE-2017-1000407: Fixed a denial of service, which was caused by\nflooding the diagnostic port 0x80 an exception leading to a kernel\npanic (bnc#1071021).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1031240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1039803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071021\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104070\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104366\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104367\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107189\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108498\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109200\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113201\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114920\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115038\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116412\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116841\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118152\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118319\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119255\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=905299\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=968018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=990682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-1000407/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-16533/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7273/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18281/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18386/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-18710/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19407/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19824/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-19985/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9516/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-9568/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-201913937-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bbd59106\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-kernel-20190123-13937=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-20190123-13937=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-kernel-20190123-13937=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-kernel-20190123-13937=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-base-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-base-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-devel-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-source-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-syms-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-base-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-devel-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.106.59.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.106.59.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-11T15:17:16", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n\nCVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal).\nThe new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two remote information leak vulnerabilities in the code that handles incoming L2cap configuration packets (bsc#1120758).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10940", "CVE-2018-16658", "CVE-2018-16862", "CVE-2018-16884", "CVE-2018-18281", "CVE-2018-18386", "CVE-2018-18690", "CVE-2018-18710", "CVE-2018-19824", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-9516", "CVE-2018-9568", "CVE-2019-3459", "CVE-2019-3460"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_101-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-0439-1.NASL", "href": "https://www.tenable.com/plugins/nessus/122343", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:0439-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122343);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\n \"CVE-2018-9516\",\n \"CVE-2018-9568\",\n \"CVE-2018-10940\",\n \"CVE-2018-16658\",\n \"CVE-2018-16862\",\n \"CVE-2018-16884\",\n \"CVE-2018-18281\",\n \"CVE-2018-18386\",\n \"CVE-2018-18690\",\n \"CVE-2018-18710\",\n \"CVE-2018-19824\",\n \"CVE-2018-19985\",\n \"CVE-2018-20169\",\n \"CVE-2019-3459\",\n \"CVE-2019-3460\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:0439-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-19985: The function hso_probe read if_num from the USB device\n(as an u8) and used it without a length check to index an array,\nresulting in an OOB memory read in hso_probe or hso_get_config_data\nthat could be used by local attackers (bnc#1120743).\n\nCVE-2018-16884: NFS41+ shares mounted in different network namespaces\nat the same time can make bc_svc_process() use wrong back-channel IDs\nand cause a use-after-free vulnerability. Thus a malicious container\nuser can cause a host kernel memory corruption and a system panic. Due\nto the nature of the flaw, privilege escalation cannot be fully ruled\nout (bnc#1119946).\n\nCVE-2018-20169: The USB subsystem mishandled size checks during the\nreading of an extra descriptor, related to __usb_get_extra_descriptor\nin drivers/usb/core/usb.c (bnc#1119714).\n\nCVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory\ncorruption due to type confusion. This could lead to local escalation\nof privilege with no additional execution privileges needed. User\ninteraction is not needed for exploitation. (bnc#1118319).\n\nCVE-2018-16862: A security flaw was found in a way that the cleancache\nsubsystem clears an inode after the final file truncation (removal).\nThe new file created with the same inode may contain leftover pages\nfrom cleancache and the old file data instead of the new one\n(bnc#1117186).\n\nCVE-2018-19824: A local user could exploit a use-after-free in the\nALSA driver by supplying a malicious USB Sound device (with zero\ninterfaces) that is mishandled in usb_audio_probe in sound/usb/card.c\n(bnc#1118152).\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after\ndropping pagetable locks. If a syscall such as ftruncate() removes\nentries from the pagetables of a task that is in the middle of\nmremap(), a stale TLB entry can remain for a short time that permits\naccess to a physical page after it has been released back to the page\nallocator and reused. (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in\ndrivers/cdrom/cdrom.c could be used by local attackers to read kernel\nmemory because a cast from unsigned long to int interferes with bounds\nchecking. This is similar to CVE-2018-10940 and CVE-2018-16658\n(bnc#1113751).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs\nfilesystem could make this filesystem non-operational until the next\nmount by triggering an unchecked error condition during an xfs\nattribute change, because xfs_attr_shortform_addname in\nfs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with\nconversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are\nable to access pseudo terminals) to hang/block further usage of any\npseudo terminal devices due to an EXTPROC versus ICANON confusion in\nTIOCINQ (bnc#1094825).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c,\nthere is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution\nprivileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2019-3459, CVE-2019-3460: The Blutooth stack suffered from two\nremote information leak vulnerabilities in the code that handles\nincoming L2cap configuration packets (bsc#1120758).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1023175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1042286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070805\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1086535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1091197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1098996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099523\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1099597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1100105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1101555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105025\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1106293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1107866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1108498\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113751\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114763\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1116345\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117186\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1117187\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118152\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1120758\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123161\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16862/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-16884/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18281/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18386/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18690/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-18710/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19824/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-19985/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20169/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9516/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-9568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3459/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3460/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20190439-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91b39243\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2019-439=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2019-439=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2019-439=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2019-439=1\n\nSUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch\nSUSE-SLE-HA-12-SP2-2019-439=1\n\nSUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-439=1\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-439=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9568\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2018-16884\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_101-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_101-default-1-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.101.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.101.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-10T15:39:17", "description": "The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.162 to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n\nCVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n\nCVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).\n\nCVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).\n\nCVE-2018-9516: In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check.\nThis could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n(bnc#1108498).\n\nCVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack-based buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bnc#1107829).\n\nCVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399).\n\nCVE-2018-16597: Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem (bnc#1106512).\n\nCVE-2018-14613: There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c (bnc#1102896).\n\nCVE-2018-14617: There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata direct
CVE-2019-3819
