The cumulative Virtuozzo ReadyKernel patch was updated with security fixes. The patch applies to the kernels 3.10.0-693.21.1.vz7.48.2 (Virtuozzo 7.0.7 HF3), 3.10.0-862.9.1.vz7.63.3 (Virtuozzo 7.0.8), 3.10.0-862.11.6.vz7.64.7 (Virtuozzo 7.0.8 HF1), 3.10.0-862.20.2.vz7.73.24 (Virtuozzo 7.0.9 and Virtuozzo Infrastructure Platform 2.5), 3.10.0-862.20.2.vz7.73.29 (Virtuozzo 7.0.9 and Virtuozzo Infrastructure Platform 2.5), 3.10.0-957.10.1.vz7.85.17 (Virtuozzo 7.0.10), 3.10.0-957.12.2.vz7.86.2 (Virtuozzo 7.0.10 HF1), 3.10.0-957.12.2.vz7.96.21 (Virtuozzo 7.0.11 and Virtuozzo Infrastructure Platform 3.0).
**Vulnerability id:** CVE-2019-15239
[3.10.0-693.21.1.vz7.48.2 to 3.10.0-957.12.2.vz7.96.21] Potential kernel crash in __tcp_retransmit_skb(). It was discovered that a local unprivileged attacker could use a specially crafted sequence of system calls to trigger either a kernel crash in __tcp_retransmit_skb() or use-after-free conditions, which could result in privilege escalation.
**Vulnerability id:** CVE-2019-14821
[3.10.0-693.21.1.vz7.48.2 to 3.10.0-957.12.2.vz7.96.21] KVM: Out-of-bounds memory access via MMIO ring buffer. An issue was found in the implementation of the coalesced MMIO write operation in KVM. The indices used to access an MMIO ring buffer could be supplied by a user-space process in the host system. An attacker with access to /dev/kvm could use this flaw to trigger out-of-bounds memory access and crash the host kernel or, potentially, escalate their privileges.
{"nessus": [{"lastseen": "2023-02-05T15:20:55", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.7.z batch#3 source tree (BZ#1762889)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2019:3978)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-3978.NASL", "href": "https://www.tenable.com/plugins/nessus/131378", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3978. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131378);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n script_xref(name:\"RHSA\", value:\"2019:3978\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2019:3978)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free\nconditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL7.7.z batch#3 source tree (BZ#1762889)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15239\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-14821\", \"CVE-2019-15239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3978\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3978\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-devel-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-rt-doc-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-devel-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-rt-trace-kvm-debuginfo-3.10.0-1062.7.1.rt56.1030.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-debug / kernel-rt-debug-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:22:24", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing (breaks InfoScale) (BZ#1752423)\n\n* RHEL7 fnic spamming logs: Current vnic speed set to : 40000 (BZ#1754836)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755330)\n\n* kernel build: speed up module compression step (BZ#1755339)\n\n* Nested VirtualBox VMs on Windows guest has the potential of impacting memory region allocated to other KVM guests (BZ#1755781)\n\n* NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265)\n\n* Regression: panic in pick_next_task_rt (BZ#1756267)\n\n* ixgbe reports 'Detected Tx Unit Hang' with adapter reset on RHEL 7 (BZ# 1757350)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. (BZ#1757757)\n\n* nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is called from timeout handler (BZ#1758051)\n\n* [mlx5] VF Representer naming is not consistent/persistent through reboots with OSPD deployment (BZ#1759003)\n\n* OS getting restarted because of driver issue with QLogic Corp.\nISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02). (BZ#1759447)\n\n* mlx5: Load balancing not working over VF LAG configuration (BZ#1759449)\n\n* RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash the LPAR (BZ#1763620)\n\n* RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621)\n\n* RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test (BZ#1763624)\n\n* RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625)\n\n* xfs hangs on acquiring xfs_buf semaphore (BZ#1764245)\n\n* single CPU VM hangs during open_posix_testsuite (BZ#1766087)\n\n* rcu_sched self-detected stall on CPU while booting with nohz_full (BZ# 1766098)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-11-27T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2019:3979)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2019-3979.NASL", "href": "https://www.tenable.com/plugins/nessus/131379", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3979. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131379);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n script_xref(name:\"RHSA\", value:\"2019:3979\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2019:3979)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free\nconditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing\n(breaks InfoScale) (BZ#1752423)\n\n* RHEL7 fnic spamming logs: Current vnic speed set to : 40000\n(BZ#1754836)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755330)\n\n* kernel build: speed up module compression step (BZ#1755339)\n\n* Nested VirtualBox VMs on Windows guest has the potential of\nimpacting memory region allocated to other KVM guests (BZ#1755781)\n\n* NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265)\n\n* Regression: panic in pick_next_task_rt (BZ#1756267)\n\n* ixgbe reports 'Detected Tx Unit Hang' with adapter reset on RHEL 7\n(BZ# 1757350)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not\nenabled in VM. (BZ#1757757)\n\n* nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is\ncalled from timeout handler (BZ#1758051)\n\n* [mlx5] VF Representer naming is not consistent/persistent through\nreboots with OSPD deployment (BZ#1759003)\n\n* OS getting restarted because of driver issue with QLogic Corp.\nISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev\n02). (BZ#1759447)\n\n* mlx5: Load balancing not working over VF LAG configuration\n(BZ#1759449)\n\n* RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash\nthe LPAR (BZ#1763620)\n\n* RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621)\n\n* RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce\ntest (BZ#1763624)\n\n* RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625)\n\n* xfs hangs on acquiring xfs_buf semaphore (BZ#1764245)\n\n* single CPU VM hangs during open_posix_testsuite (BZ#1766087)\n\n* rcu_sched self-detected stall on CPU while booting with nohz_full\n(BZ# 1766098)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:3979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/cve-2019-15239\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-14821\", \"CVE-2019-15239\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:3979\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:3979\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"bpftool-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:09:34", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0027 advisory.\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-01-07T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2020:0027)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_eus:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_3"], "id": "REDHAT-RHSA-2020-0027.NASL", "href": "https://www.tenable.com/plugins/nessus/132686", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:0027. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132686);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n script_xref(name:\"RHSA\", value:\"2020:0027\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2020:0027)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:0027 advisory.\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation\n (CVE-2019-15239)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-14821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-15239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:0027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1746708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1747353\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_1_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1062_4_3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.7/x86_64/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.7/x86_64/os',\n 'content/aus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/computenode/7/7.7/x86_64/os',\n 'content/eus/rhel/computenode/7/7.7/x86_64/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/eus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/eus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/os',\n 'content/eus/rhel/server/7/7.7/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap-hana/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/debug',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/os',\n 'content/eus/rhel/server/7/7.7/x86_64/sap/source/SRPMS',\n 'content/eus/rhel/server/7/7.7/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.7/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.7/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.7/x86_64/os',\n 'content/tus/rhel/server/7/7.7/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-1062.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062-1-11.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_1-1-10.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_2-1-9.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_1-1-6.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_2-1-3.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.3.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_3-1-3.el7', 'sp':'7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-1062.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062-1-11.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_1-1-10.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.1.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_1_2-1-9.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_1-1-6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.2.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_2-1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1062.4.3.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1062_4_3-1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-1062 / kpatch-patch-3_10_0-1062_1_1 / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T15:05:18", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3979 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2019-3979)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-3979.NASL", "href": "https://www.tenable.com/plugins/nessus/131519", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-3979.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131519);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n script_xref(name:\"RHSA\", value:\"2019:3979\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2019-3979)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-3979 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-3979.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1062.7.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-3979');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.7.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1062.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:12:06", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - [3.10.0-693.21.1.vz7.48.2 to 3.10.0-957.12.2.vz7.96.21] Potential kernel crash in __tcp_retransmit_skb(). It was discovered that a local unprivileged attacker could use a specially crafted sequence of system calls to trigger either a kernel crash in __tcp_retransmit_skb() or use-after-free conditions, which could result in privilege escalation.\n\n - [3.10.0-693.21.1.vz7.48.2 to 3.10.0-957.12.2.vz7.96.21] KVM: Out-of-bounds memory access via MMIO ring buffer.\n An issue was found in the implementation of the coalesced MMIO write operation in KVM. The indices used to access an MMIO ring buffer could be supplied by a user-space process in the host system. An attacker with access to /dev/kvm could use this flaw to trigger out-of-bounds memory access and crash the host kernel or, potentially, escalate their privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-02-04T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2019-086)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:readykernel", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZA-2019-086.NASL", "href": "https://www.tenable.com/plugins/nessus/133463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133463);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2019-086)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - [3.10.0-693.21.1.vz7.48.2 to 3.10.0-957.12.2.vz7.96.21]\n Potential kernel crash in __tcp_retransmit_skb(). It\n was discovered that a local unprivileged attacker could\n use a specially crafted sequence of system calls to\n trigger either a kernel crash in __tcp_retransmit_skb()\n or use-after-free conditions, which could result in\n privilege escalation.\n\n - [3.10.0-693.21.1.vz7.48.2 to 3.10.0-957.12.2.vz7.96.21]\n KVM: Out-of-bounds memory access via MMIO ring buffer.\n An issue was found in the implementation of the\n coalesced MMIO write operation in KVM. The indices used\n to access an MMIO ring buffer could be supplied by a\n user-space process in the host system. An attacker with\n access to /dev/kvm could use this flaw to trigger\n out-of-bounds memory access and crash the host kernel\n or, potentially, escalate their privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2019-086\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-48.2-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ae500723\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-63.3-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?beb8144c\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-64.7-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c61d1e3b\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.24-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c312f3a6\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-73.29-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b984849f\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-85.17-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ef5b9f31\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-86.2-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e9257f5d\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-96.21-91.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1d05611b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-693.21.1.vz7.48.2\",\n \"patch\",\"readykernel-patch-48.2-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.11.6.vz7.64.7\",\n \"patch\",\"readykernel-patch-63.3-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.24\",\n \"patch\",\"readykernel-patch-64.7-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.20.2.vz7.73.29\",\n \"patch\",\"readykernel-patch-73.24-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-862.9.1.vz7.63.3\",\n \"patch\",\"readykernel-patch-73.29-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.10.1.vz7.85.17\",\n \"patch\",\"readykernel-patch-85.17-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.86.2\",\n \"patch\",\"readykernel-patch-86.2-91.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-957.12.2.vz7.96.21\",\n \"patch\",\"readykernel-patch-96.21-91.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:24:48", "description": "An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing (breaks InfoScale) (BZ#1752423)\n\n* RHEL7 fnic spamming logs: Current vnic speed set to : 40000 (BZ#1754836)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755330)\n\n* kernel build: speed up module compression step (BZ#1755339)\n\n* Nested VirtualBox VMs on Windows guest has the potential of impacting memory region allocated to other KVM guests (BZ#1755781)\n\n* NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265)\n\n* Regression: panic in pick_next_task_rt (BZ#1756267)\n\n* ixgbe reports 'Detected Tx Unit Hang' with adapter reset on RHEL 7 (BZ# 1757350)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM. (BZ#1757757)\n\n* nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is called from timeout handler (BZ#1758051)\n\n* [mlx5] VF Representer naming is not consistent/persistent through reboots with OSPD deployment (BZ#1759003)\n\n* OS getting restarted because of driver issue with QLogic Corp.\nISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02). (BZ#1759447)\n\n* mlx5: Load balancing not working over VF LAG configuration (BZ#1759449)\n\n* RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash the LPAR (BZ#1763620)\n\n* RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621)\n\n* RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test (BZ#1763624)\n\n* RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625)\n\n* xfs hangs on acquiring xfs_buf semaphore (BZ#1764245)\n\n* single CPU VM hangs during open_posix_testsuite (BZ#1766087)\n\n* rcu_sched self-detected stall on CPU while booting with nohz_full (BZ# 1766098)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-04T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2019:3979)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2019-3979.NASL", "href": "https://www.tenable.com/plugins/nessus/131571", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:3979 and \n# CentOS Errata and Security Advisory 2019:3979 respectively.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131571);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n script_xref(name:\"RHSA\", value:\"2019:3979\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2019:3979)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: local attacker can trigger multiple use-after-free\nconditions results in privilege escalation (CVE-2019-15239)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* On RHEL 7.7 kernel SCSI VPD information for NVMe drives is missing\n(breaks InfoScale) (BZ#1752423)\n\n* RHEL7 fnic spamming logs: Current vnic speed set to : 40000\n(BZ#1754836)\n\n* kernel build: parallelize redhat/mod-sign.sh (BZ#1755330)\n\n* kernel build: speed up module compression step (BZ#1755339)\n\n* Nested VirtualBox VMs on Windows guest has the potential of\nimpacting memory region allocated to other KVM guests (BZ#1755781)\n\n* NULL pointer dereference at check_preempt_wakeup+0x109 (BZ#1756265)\n\n* Regression: panic in pick_next_task_rt (BZ#1756267)\n\n* ixgbe reports 'Detected Tx Unit Hang' with adapter reset on RHEL 7\n(BZ# 1757350)\n\n* [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not\nenabled in VM. (BZ#1757757)\n\n* nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is\ncalled from timeout handler (BZ#1758051)\n\n* [mlx5] VF Representer naming is not consistent/persistent through\nreboots with OSPD deployment (BZ#1759003)\n\n* OS getting restarted because of driver issue with QLogic Corp.\nISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev\n02). (BZ#1759447)\n\n* mlx5: Load balancing not working over VF LAG configuration\n(BZ#1759449)\n\n* RHEL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash\nthe LPAR (BZ#1763620)\n\n* RHEL7.5 - Fix security issues on crypto vmx (BZ#1763621)\n\n* RHEL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce\ntest (BZ#1763624)\n\n* RHEL7.6 - cacheinfo code unsafe vs LPM (BZ#1763625)\n\n* xfs hangs on acquiring xfs_buf semaphore (BZ#1764245)\n\n* single CPU VM hangs during open_posix_testsuite (BZ#1766087)\n\n* rcu_sched self-detected stall on CPU while booting with nohz_full\n(BZ# 1766098)\");\n # https://lists.centos.org/pipermail/centos-announce/2019-December/023536.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d36315bc\");\n # https://lists.centos.org/pipermail/centos-announce/2019-December/035574.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?452de8fb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-abi-whitelists-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-doc-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.7.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:23:53", "description": "Security Fix(es) :\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n - kernel: local attacker can trigger multiple use-after-free conditions results in privilege escalation (CVE-2019-15239)\n\nBug Fix(es) :\n\n - On SL 7.7 kernel SCSI VPD information for NVMe drives is missing (breaks InfoScale)\n\n - SL7 fnic spamming logs: Current vnic speed set to :\n 40000\n\n - kernel build: parallelize redhat/mod-sign.sh\n\n - kernel build: speed up module compression step\n\n - Nested VirtualBox VMs on Windows guest has the potential of impacting memory region allocated to other KVM guests\n\n - NULL pointer dereference at check_preempt_wakeup+0x109\n\n - Regression: panic in pick_next_task_rt\n\n - ixgbe reports 'Detected Tx Unit Hang' with adapter reset on SL 7\n\n - [Intel 7.8 Bug] [KVM][CLX] CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM.\n\n - nvme: dead loop in blk_mq_tagset_wait_completed_request() when it is called from timeout handler\n\n - [mlx5] VF Representer naming is not consistent/persistent through reboots with OSPD deployment\n\n - OS getting restarted because of driver issue with QLogic Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA [1077:2532] (rev 02).\n\n - mlx5: Load balancing not working over VF LAG configuration\n\n - SL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c (crypto) crash the LPAR\n\n - SL7.5 - Fix security issues on crypto vmx\n\n - SL 7.7 RC1 - Host crashes about 4.5 hours into switch port bounce test\n\n - SL7.6 - cacheinfo code unsafe vs LPM\n\n - xfs hangs on acquiring xfs_buf semaphore\n\n - single CPU VM hangs during open_posix_testsuite\n\n - rcu_sched self-detected stall on CPU while booting with nohz_full", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-09T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (20191205)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20191205_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/131832", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131832);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (20191205)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - Kernel: KVM: OOB memory access via mmio ring buffer\n (CVE-2019-14821)\n\n - kernel: local attacker can trigger multiple\n use-after-free conditions results in privilege\n escalation (CVE-2019-15239)\n\nBug Fix(es) :\n\n - On SL 7.7 kernel SCSI VPD information for NVMe drives is\n missing (breaks InfoScale)\n\n - SL7 fnic spamming logs: Current vnic speed set to :\n 40000\n\n - kernel build: parallelize redhat/mod-sign.sh\n\n - kernel build: speed up module compression step\n\n - Nested VirtualBox VMs on Windows guest has the potential\n of impacting memory region allocated to other KVM guests\n\n - NULL pointer dereference at check_preempt_wakeup+0x109\n\n - Regression: panic in pick_next_task_rt\n\n - ixgbe reports 'Detected Tx Unit Hang' with adapter reset\n on SL 7\n\n - [Intel 7.8 Bug] [KVM][CLX]\n CPUID_7_0_EDX_ARCH_CAPABILITIES is not enabled in VM.\n\n - nvme: dead loop in\n blk_mq_tagset_wait_completed_request() when it is called\n from timeout handler\n\n - [mlx5] VF Representer naming is not\n consistent/persistent through reboots with OSPD\n deployment\n\n - OS getting restarted because of driver issue with QLogic\n Corp. ISP2532-based 8Gb Fibre Channel to PCI Express HBA\n [1077:2532] (rev 02).\n\n - mlx5: Load balancing not working over VF LAG\n configuration\n\n - SL7.8 - ISST-LTE: vimlp1: Running LTP af_alg04.c\n (crypto) crash the LPAR\n\n - SL7.5 - Fix security issues on crypto vmx\n\n - SL 7.7 RC1 - Host crashes about 4.5 hours into switch\n port bounce test\n\n - SL7.6 - cacheinfo code unsafe vs LPM\n\n - xfs hangs on acquiring xfs_buf semaphore\n\n - single CPU VM hangs during open_posix_testsuite\n\n - rcu_sched self-detected stall on CPU while booting with\n nohz_full\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1912&L=SCIENTIFIC-LINUX-ERRATA&P=7121\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7767f8d3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-abi-whitelists-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kernel-doc-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-headers-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-3.10.0-1062.7.1.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-3.10.0-1062.7.1.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-23T20:55:49", "description": "The version of AOS installed on the remote host is prior to 5.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.10 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-09-01T00:00:00", "type": "nessus", "title": "Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.10)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-15239"], "modified": "2023-02-23T00:00:00", "cpe": ["cpe:/o:nutanix:aos"], "id": "NUTANIX_NXSA-AOS-5_10.NASL", "href": "https://www.tenable.com/plugins/nessus/164558", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164558);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/23\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-15239\");\n\n script_name(english:\"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.10)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Nutanix AOS host is affected by multiple vulnerabilities .\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of AOS installed on the remote host is prior to 5.10. It is, therefore, affected by multiple vulnerabilities\nas referenced in the NXSA-AOS-5.10 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.10\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?feeda9d8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the Nutanix AOS software to recommended version.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:nutanix:aos\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"nutanix_collect.nasl\");\n script_require_keys(\"Host/Nutanix/Data/lts\", \"Host/Nutanix/Data/Service\", \"Host/Nutanix/Data/Version\", \"Host/Nutanix/Data/arch\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nvar app_info = vcf::nutanix::get_app_info();\n\nvar constraints = [\n { 'fixed_version' : '5.10', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.10 or higher.', 'lts' : TRUE },\n { 'fixed_version' : '5.10', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.10 or higher.', 'lts' : TRUE }\n];\n\nvcf::nutanix::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:43:46", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4808 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 6.8, "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4808)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14283", "CVE-2019-14821", "CVE-2019-15239", "CVE-2019-15666"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4808.NASL", "href": "https://www.tenable.com/plugins/nessus/129515", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4808.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129515);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-14283\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4808)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4808 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in\n __xfrm_policy_unlink, which will cause denial of service, because verify_newpolicy_info in\n net/xfrm/xfrm_user.c mishandles directory validation. (CVE-2019-15666)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4808.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.32.1.el6uek', '4.1.12-124.32.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4808');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.32.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.32.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.32.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.32.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.32.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.32.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-05T15:23:49", "description": "Security Fix(es) :\n\n - Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\nBug Fix(es) :\n\n - KEYS: prevent creating a different user's keyrings SL-6.10\n\n - BUG: unable to handle kernel NULL pointer dereference at (null)\n\n - long I/O stalls with bnx2fc from not masking off scope bits of retry delay value", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-19T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20191217)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821"], "modified": "2020-02-24T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20191217_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/132307", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132307);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2019-14821\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20191217)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Kernel: KVM: OOB memory access via mmio ring buffer\n (CVE-2019-14821)\n\nBug Fix(es) :\n\n - KEYS: prevent creating a different user's keyrings\n SL-6.10\n\n - BUG: unable to handle kernel NULL pointer dereference at\n (null)\n\n - long I/O stalls with bnx2fc from not masking off scope\n bits of retry delay value\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1912&L=SCIENTIFIC-LINUX-ERRATA&P=12057\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea698436\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:17:52", "description": "The 5.2.16 stable kernel updates contain a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-09-24T00:00:00", "type": "nessus", "title": "Fedora 30 : kernel / kernel-headers (2019-15e141c6a7)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821"], "modified": "2019-12-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2019-15E141C6A7.NASL", "href": "https://www.tenable.com/plugins/nessus/129170", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-15e141c6a7.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129170);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/24\");\n\n script_cve_id(\"CVE-2019-14821\");\n script_xref(name:\"FEDORA\", value:\"2019-15e141c6a7\");\n\n script_name(english:\"Fedora 30 : kernel / kernel-headers (2019-15e141c6a7)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.2.16 stable kernel updates contain a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-15e141c6a7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel and / or kernel-headers packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-14821\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-15e141c6a7\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"kernel-5.2.16-200.fc30\")) flag++;\nif (rpm_check(release:\"FC30\", reference:\"kernel-headers-5.2.16-200.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:16:49", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4799 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4799)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-4799.NASL", "href": "https://www.tenable.com/plugins/nessus/129140", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4799.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129140);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-14821\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4799)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-4799 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4799.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-1902.5.2.2.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4799');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-1902.5.2.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-1902.5.2.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.5.2.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-1902.5.2.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.5.2.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-1902.5.2.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.5.2.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-1902.5.2.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-1902.5.2.2.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-1902.5.2.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.5.2.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-1902.5.2.2.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-1902.5.2.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-1902.5.2.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-1902.5.2.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-1902.5.2.2.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:16:50", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4800 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4800)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4800.NASL", "href": "https://www.tenable.com/plugins/nessus/129141", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4800.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129141);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-14821\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4800)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-4800 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4800.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.31.1.1.el6uek', '4.1.12-124.31.1.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4800');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.31.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.31.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.31.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.31.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.31.1.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.31.1.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.31.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.31.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.31.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.31.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.31.1.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.31.1.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:24:44", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* KEYS: prevent creating a different user's keyrings RHEL-6.10 (BZ#1537371)\n\n* BUG: unable to handle kernel NULL pointer dereference at (null) (BZ# 1733760)\n\n* long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1749512)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-27T00:00:00", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2019:4256)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821"], "modified": "2019-12-31T00:00:00", "cpe": ["p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-doc", "p-cpe:/a:centos:centos:kernel-firmware", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2019-4256.NASL", "href": "https://www.tenable.com/plugins/nessus/132404", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4256 and \n# CentOS Errata and Security Advisory 2019:4256 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132404);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/31\");\n\n script_cve_id(\"CVE-2019-14821\");\n script_xref(name:\"RHSA\", value:\"2019:4256\");\n\n script_name(english:\"CentOS 6 : kernel (CESA-2019:4256)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* KEYS: prevent creating a different user's keyrings RHEL-6.10\n(BZ#1537371)\n\n* BUG: unable to handle kernel NULL pointer dereference at (null) (BZ#\n1733760)\n\n* long I/O stalls with bnx2fc from not masking off scope bits of retry\ndelay value (BZ#1749512)\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2019-December/035585.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2cf12821\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14821\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-abi-whitelists-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-debug-devel-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-devel-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-doc-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-firmware-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"kernel-headers-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"perf-2.6.32-754.25.1.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"python-perf-2.6.32-754.25.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:23:20", "description": "The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4256 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-19T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : kernel (ELSA-2019-4256)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2019-4256.NASL", "href": "https://www.tenable.com/plugins/nessus/132304", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4256.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132304);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2019-14821\");\n script_xref(name:\"RHSA\", value:\"2019:4256\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2019-4256)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2019-4256 advisory.\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4256.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['2.6.32-754.25.1.el6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4256');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '2.6';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-2.6.32-754.25.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-2.6.32-754.25.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-2.6.32'},\n {'reference':'kernel-abi-whitelists-2.6.32-754.25.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-2.6.32'},\n {'reference':'kernel-debug-2.6.32-754.25.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-2.6.32-754.25.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-754.25.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-debug-devel-2.6.32-754.25.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-754.25.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-devel-2.6.32-754.25.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-2.6.32'},\n {'reference':'kernel-firmware-2.6.32-754.25.1.el6', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-firmware-2.6.32'},\n {'reference':'kernel-headers-2.6.32-754.25.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'kernel-headers-2.6.32-754.25.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-2.6.32'},\n {'reference':'perf-2.6.32-754.25.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-2.6.32-754.25.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.25.1.el6', 'cpu':'i686', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-2.6.32-754.25.1.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:10:50", "description": "According to the version of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerability :\n\n - Kernel: KVM: OOB memory access via mmio ring buffer.\n This issue is not critical for Virtuozzo 6.0, as it does not use KVM.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-01-31T00:00:00", "type": "nessus", "title": "Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-011)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel", "p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules", "p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel", "cpe:/o:virtuozzo:virtuozzo:6"], "id": "VIRTUOZZO_VZA-2020-011.NASL", "href": "https://www.tenable.com/plugins/nessus/133399", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133399);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2019-14821\"\n );\n\n script_name(english:\"Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2020-011)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the parallels-server-bm-release /\nvzkernel / etc packages installed, the Virtuozzo installation on the\nremote host is affected by the following vulnerability :\n\n - Kernel: KVM: OOB memory access via mmio ring buffer.\n This issue is not critical for Virtuozzo 6.0, as it\n does not use KVM.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://virtuozzosupport.force.com/s/article/VZA-2020-011\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected parallels-server-bm-release / vzkernel / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:parallels-server-bm-release\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzkernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:vzmodules-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 6.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"parallels-server-bm-release-6.0.12-3755\",\n \"vzkernel-2.6.32-042stab142.1\",\n \"vzkernel-devel-2.6.32-042stab142.1\",\n \"vzkernel-firmware-2.6.32-042stab142.1\",\n \"vzmodules-2.6.32-042stab142.1\",\n \"vzmodules-devel-2.6.32-042stab142.1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-6\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"parallels-server-bm-release / vzkernel / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:24:46", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* KEYS: prevent creating a different user's keyrings RHEL-6.10 (BZ#1537371)\n\n* BUG: unable to handle kernel NULL pointer dereference at (null) (BZ# 1733760)\n\n* long I/O stalls with bnx2fc from not masking off scope bits of retry delay value (BZ#1749512)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2019:4256)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821"], "modified": "2019-12-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2019-4256.NASL", "href": "https://www.tenable.com/plugins/nessus/132233", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4256. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132233);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/20\");\n\n script_cve_id(\"CVE-2019-14821\");\n script_xref(name:\"RHSA\", value:\"2019:4256\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2019:4256)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* KEYS: prevent creating a different user's keyrings RHEL-6.10\n(BZ#1537371)\n\n* BUG: unable to handle kernel NULL pointer dereference at (null) (BZ#\n1733760)\n\n* long I/O stalls with bnx2fc from not masking off scope bits of retry\ndelay value (BZ#1749512)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4256\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-14821\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-14821\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:4256\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4256\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-754.25.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T15:03:39", "description": "According to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : kvm (EulerOS-SA-2021-2856)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821"], "modified": "2022-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kvm", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-2856.NASL", "href": "https://www.tenable.com/plugins/nessus/156536", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156536);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/06\");\n\n script_cve_id(\"CVE-2019-14821\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : kvm (EulerOS-SA-2021-2856)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm'\n device could use this flaw to crash the host kernel, resulting in a denial of service or potentially\n escalating privileges on the system. (CVE-2019-14821)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2856\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?13324954\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kvm-4.4.11-30.018\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:16:50", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - KVM: coalesced_mmio: add bounds checking (Matt Delco) [Orabug: 30318042] (CVE-2019-14821) (CVE-2019-14821)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-09-23T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0044)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821"], "modified": "2019-12-27T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2019-0044.NASL", "href": "https://www.tenable.com/plugins/nessus/129137", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2019-0044.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129137);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/27\");\n\n script_cve_id(\"CVE-2019-14821\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0044)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - KVM: coalesced_mmio: add bounds checking (Matt Delco)\n [Orabug: 30318042] (CVE-2019-14821) (CVE-2019-14821)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2019-September/000959.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?94061713\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.31.1.1.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.31.1.1.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:15:49", "description": "An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\nA buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.(CVE-2019-14835)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-09-30T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2019-1293)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-14835"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2019-1293.NASL", "href": "https://www.tenable.com/plugins/nessus/129407", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2019-1293.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129407);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-14835\");\n script_xref(name:\"ALAS\", value:\"2019-1293\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2019-1293)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An out-of-bounds access issue was found in the way Linux kernel's KVM\nhypervisor implements the Coalesced MMIO write operation. It operates\non an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein\nwrite indices 'ring->first' and 'ring->last' value could be supplied\nby a host user-space process. An unprivileged host user or process\nwith access to '/dev/kvm' device could use this flaw to crash the host\nkernel, resulting in a denial of service or potentially escalating\nprivileges on the system. (CVE-2019-14821)\n\nA buffer overflow flaw was found in the way Linux kernel's vhost\nfunctionality that translates virtqueue buffers to IOVs, logged the\nbuffer descriptors during migration. A privileged guest user able to\npass descriptors with invalid length to the host when migration is\nunderway, could use this flaw to increase their privileges on the\nhost.(CVE-2019-14835)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2019-1293.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update kernel' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14835\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"kernel-4.14.146-93.123.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-debuginfo-4.14.146-93.123.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-4.14.146-93.123.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.146-93.123.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-devel-4.14.146-93.123.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-headers-4.14.146-93.123.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-4.14.146-93.123.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-debuginfo-4.14.146-93.123.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"kernel-tools-devel-4.14.146-93.123.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-4.14.146-93.123.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"perf-debuginfo-4.14.146-93.123.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-i686 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:17:50", "description": "An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.(CVE-2019-14821)\n\nA buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host.(CVE-2019-14835)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-09-27T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2019-1293)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-14835"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2019-1293.NASL", "href": "https://www.tenable.com/plugins/nessus/129392", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1293.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129392);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-14835\");\n script_xref(name:\"ALAS\", value:\"2019-1293\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2019-1293)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Amazon Linux 2 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An out-of-bounds access issue was found in the way Linux kernel's KVM\nhypervisor implements the Coalesced MMIO write operation. It operates\non an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein\nwrite indices 'ring->first' and 'ring->last' value could be supplied\nby a host user-space process. An unprivileged host user or process\nwith access to '/dev/kvm' device could use this flaw to crash the host\nkernel, resulting in a denial of service or potentially escalating\nprivileges on the system.(CVE-2019-14821)\n\nA buffer overflow flaw was found in the way Linux kernel's vhost\nfunctionality that translates virtqueue buffers to IOVs, logged the\nbuffer descriptors during migration. A privileged guest user able to\npass descriptors with invalid length to the host when migration is\nunderway, could use this flaw to increase their privileges on the\nhost.(CVE-2019-14835)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/AL2/ALAS-2019-1293.html\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Run 'yum update kernel' and reboot the instance to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14835\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-devel-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", reference:\"kernel-headers-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"kernel-tools-devel-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-4.14.146-119.123.amzn2\")) flag++;\nif (rpm_check(release:\"AL2\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-4.14.146-119.123.amzn2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:19:33", "description": "The 5.2.17 stable kernel update contains a number of important fixes across the tree.\n\n----\n\nThe 5.2.16 stable kernel updates contain a number of important fixes across the tree.\n\n----\n\nThe 5.2.15 stable kernel update contains a number of important fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "Fedora 29 : kernel / kernel-headers / kernel-tools (2019-a570a92d5a)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-14835"], "modified": "2019-12-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "p-cpe:/a:fedoraproject:fedora:kernel-headers", "p-cpe:/a:fedoraproject:fedora:kernel-tools", "cpe:/o:fedoraproject:fedora:29"], "id": "FEDORA_2019-A570A92D5A.NASL", "href": "https://www.tenable.com/plugins/nessus/129512", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2019-a570a92d5a.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129512);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/12/23\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-14835\");\n script_xref(name:\"FEDORA\", value:\"2019-a570a92d5a\");\n\n script_name(english:\"Fedora 29 : kernel / kernel-headers / kernel-tools (2019-a570a92d5a)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 5.2.17 stable kernel update contains a number of important fixes\nacross the tree.\n\n----\n\nThe 5.2.16 stable kernel updates contain a number of important fixes\nacross the tree.\n\n----\n\nThe 5.2.15 stable kernel update contains a number of important fixes\nacross the tree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2019-a570a92d5a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected kernel, kernel-headers and / or kernel-tools\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14835\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2019-14821\", \"CVE-2019-14835\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2019-a570a92d5a\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"kernel-5.2.17-100.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-headers-5.2.17-100.fc29\")) flag++;\nif (rpm_check(release:\"FC29\", reference:\"kernel-tools-5.2.17-100.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-headers / kernel-tools\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:44:09", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4810 advisory.\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-10-03T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4810)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9289", "CVE-2019-14283", "CVE-2019-15239"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4810.NASL", "href": "https://www.tenable.com/plugins/nessus/129551", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4810.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129551);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2015-9289\", \"CVE-2019-14283\", \"CVE-2019-15239\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4810)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4810 advisory.\n\n - In the Linux kernel before 5.2.3, set_geometry in drivers/block/floppy.c does not validate the sect and\n head fields, as demonstrated by an integer overflow and out-of-bounds read. It can be triggered by an\n unprivileged local user when a floppy disk has been inserted. NOTE: QEMU creates the floppy device by\n default. (CVE-2019-14283)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by\n adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple\n use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation.\n NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or\n 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the\n userspace API. However, the code allows larger values such as 23. (CVE-2015-9289)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4810.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.39.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.39.1.el6uek', '3.8.13-118.39.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4810');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.39.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.39.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.39.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.39.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.39.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.39.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.39.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.39.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.39.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.39.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.39.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.39.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.39.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.39.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.39.1.el6uek / dtrace-modules-3.8.13-118.39.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:58:50", "description": "This update for the Linux Kernel 4.4.180-94_103 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3 self test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3230-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-10220", "CVE-2019-13272", "CVE-2019-15239"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3230-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132000", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3230-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132000);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\"CVE-2019-10220\", \"CVE-2019-13272\", \"CVE-2019-15239\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3230-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.180-94_103 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could\nhave triggered multiple use-after-free conditions resulted in\nprivilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3\nself test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15239/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193230-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aff9b4ea\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-3230=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-3230=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Live-Patching-15-SP1-2019-3218=1\n\nSUSE Linux Enterprise Live Patching 12-SP4:zypper in -t patch\nSUSE-SLE-Live-Patching-12-SP4-2019-3226=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_103-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_103-default-debuginfo-4-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:34:41", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected by multiple vulnerabilities:\n\n - kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is vulnerable to a flaw in the way the Linux kernel's KVM hypervisor handled exceptions delivered after a stack switch operation via Mov SS or Pop SS instructions.\n During the stack switch operation, the processor did not deliver interrupts and exceptions, rather they are delivered once the first instruction after the stack switch is executed. An unprivileged KVM guest user could use this flaw to crash the guest or, potentially, escalate their privileges in the guest. (CVE-2018-1087)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. (CVE-2018-10878)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c change, which was properly incorporated into 4.16.12, was incorrectly backported to the earlier longterm kernels, introducing a new vulnerability that was potentially more severe than the issue that was intended to be fixed by backporting. Specifically, by adding to a write queue between disconnection and re-connection, a local attacker can trigger multiple use-after-free conditions. This can result in a kernel crash, or potentially in privilege escalation. NOTE: this affects (for example) Linux distributions that use 4.9.x longterm kernels before 4.9.190 or 4.14.x longterm kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-05-27T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0028)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1087", "CVE-2018-10878", "CVE-2019-15239"], "modified": "2021-01-14T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2020-0028_KERNEL-RT.NASL", "href": "https://www.tenable.com/plugins/nessus/136910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2020-0028. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(136910);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2018-1087\", \"CVE-2018-10878\", \"CVE-2019-15239\");\n script_bugtraq_id(104127, 104903);\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel-rt Multiple Vulnerabilities (NS-SA-2020-0028)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel-rt packages installed that are affected\nby multiple vulnerabilities:\n\n - kernel KVM before versions kernel 4.16, kernel 4.16-rc7,\n kernel 4.17-rc1, kernel 4.17-rc2 and kernel 4.17-rc3 is\n vulnerable to a flaw in the way the Linux kernel's KVM\n hypervisor handled exceptions delivered after a stack\n switch operation via Mov SS or Pop SS instructions.\n During the stack switch operation, the processor did not\n deliver interrupts and exceptions, rather they are\n delivered once the first instruction after the stack\n switch is executed. An unprivileged KVM guest user could\n use this flaw to crash the guest or, potentially,\n escalate their privileges in the guest. (CVE-2018-1087)\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bounds write and a\n denial of service or unspecified other impact is\n possible by mounting and operating a crafted ext4\n filesystem image. (CVE-2018-10878)\n\n - In the Linux kernel, a certain net/ipv4/tcp_output.c\n change, which was properly incorporated into 4.16.12,\n was incorrectly backported to the earlier longterm\n kernels, introducing a new vulnerability that was\n potentially more severe than the issue that was intended\n to be fixed by backporting. Specifically, by adding to a\n write queue between disconnection and re-connection, a\n local attacker can trigger multiple use-after-free\n conditions. This can result in a kernel crash, or\n potentially in privilege escalation. NOTE: this affects\n (for example) Linux distributions that use 4.9.x\n longterm kernels before 4.9.190 or 4.14.x longterm\n kernels before 4.14.139. (CVE-2019-15239)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2020-0028\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel-rt packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15239\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/05/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-rt-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debug-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-debuginfo-common-x86_64-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-doc-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-devel-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-kvm-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\",\n \"kernel-rt-trace-kvm-debuginfo-3.10.0-693.21.1.rt56.639.el7.cgslv5_4.32.418.g9ad7df6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:19:38", "description": "According to the versions of the kvm package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.(CVE-2019-14821)\n\n - Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.(CVE-2018-12207)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.(CVE-2019-11135)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : kvm (EulerOS-SA-2020-1792)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-12207", "CVE-2019-11135", "CVE-2019-14821"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kvm", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2020-1792.NASL", "href": "https://www.tenable.com/plugins/nessus/138011", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138011);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-12207\",\n \"CVE-2019-11135\",\n \"CVE-2019-14821\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : kvm (EulerOS-SA-2020-1792)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kvm package installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - An out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged\n host user or process with access to '/dev/kvm' device\n could use this flaw to crash the host kernel, resulting\n in a denial of service or potentially escalating\n privileges on the system.(CVE-2019-14821)\n\n - Improper invalidation for page table updates by a\n virtual guest operating system for multiple Intel(R)\n Processors may allow an authenticated user to\n potentially enable denial of service of the host system\n via local access.(CVE-2018-12207)\n\n - TSX Asynchronous Abort condition on some CPUs utilizing\n speculative execution may allow an authenticated user\n to potentially enable information disclosure via a side\n channel with local access.(CVE-2019-11135)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1792\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de8b5b54\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kvm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kvm-4.4.11-30.137\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kvm\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-04T15:01:17", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-10-22T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Linux PHSA-2019-3.0-0034", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15918"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2019-3_0-0034_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/130120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-3.0-0034. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130120);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-14835\", \"CVE-2019-15918\");\n\n script_name(english:\"Photon OS 3.0: Linux PHSA-2019-3.0-0034\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-0034.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15918\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 3.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-api-headers-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-debuginfo-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-devel-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-docs-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-drivers-gpu-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-oprofile-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-aws-sound-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-debuginfo-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-devel-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-docs-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-drivers-gpu-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-drivers-sound-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-debuginfo-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-devel-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-esx-docs-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-oprofile-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-debuginfo-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-devel-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-docs-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-secure-lkcm-4.19.76-1.ph3\")) flag++;\nif (rpm_check(release:\"PhotonOS-3.0\", reference:\"linux-tools-4.19.76-1.ph3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:56:26", "description": "This update for the Linux Kernel 4.4.180-94_100 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to an improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3 self test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3228-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20856", "CVE-2019-10220", "CVE-2019-13272", "CVE-2019-15239"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3228-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3228-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131999);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-10220\",\n \"CVE-2019-13272\",\n \"CVE-2019-15239\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3228-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.180-94_100 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in __blk_drain_queue() due to\nan improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could\nhave triggered multiple use-after-free conditions resulted in\nprivilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nThe following bugs were fixed: Fixed boot up hang revealed by int3\nself test (bsc#1157770).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20856/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15239/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193228-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?30bcfa67\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-3228=1 SUSE-SLE-SAP-12-SP3-2019-3229=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-3228=1 SUSE-SLE-SERVER-12-SP3-2019-3229=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_100-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_97-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_100-default-debuginfo-4-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-6-2.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_97-default-debuginfo-6-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-20T14:57:03", "description": "This update for the Linux Kernel 4.4.178-94_91 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in block/blk-core.c due to improper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to improper handling of credentials by leveraging certain scenarios with a parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could have triggered multiple use-after-free conditions resulted in privilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject relative paths in directory entry lists (bsc#1153108).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3258-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20856", "CVE-2019-10220", "CVE-2019-13272", "CVE-2019-15239"], "modified": "2023-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default-debuginfo", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2019-3258-1.NASL", "href": "https://www.tenable.com/plugins/nessus/132005", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:3258-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132005);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/19\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-10220\",\n \"CVE-2019-13272\",\n \"CVE-2019-15239\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2019:3258-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for the Linux Kernel 4.4.178-94_91 fixes several issues.\n\nThe following security issues were fixed :\n\nCVE-2018-20856: Fixed a use-after-free in block/blk-core.c due to\nimproper error handling (bsc#1156331).\n\nCVE-2019-13272: Fixed a privilege escalation from user to root due to\nimproper handling of credentials by leveraging certain scenarios with\na parent-child process relationship (bsc#1156321).\n\nCVE-2019-15239: Fixed a vulnerability where a local attacker could\nhave triggered multiple use-after-free conditions resulted in\nprivilege escalation (bsc#1156317).\n\nCVE-2019-10220: Fixed an issue where samba servers could inject\nrelative paths in directory entry lists (bsc#1153108).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156331\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20856/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-10220/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-13272/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15239/\");\n # https://www.suse.com/support/update/announcement/2019/suse-su-20193258-1/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49b4377d\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch\nSUSE-SLE-SAP-12-SP3-2019-3256=1 SUSE-SLE-SAP-12-SP3-2019-3257=1\nSUSE-SLE-SAP-12-SP3-2019-3258=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2019-3256=1 SUSE-SLE-SERVER-12-SP3-2019-3257=1\nSUSE-SLE-SERVER-12-SP3-2019-3258=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-10220\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_175-94_79-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_176-94_88-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_178-94_91-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_175-94_79-default-7-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_175-94_79-default-debuginfo-7-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_176-94_88-default-6-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_176-94_88-default-debuginfo-6-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_178-94_91-default-6-2.5\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_178-94_91-default-debuginfo-6-2.5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-26T15:28:29", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-15291: There was a NULL pointer dereference, caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).\n\nCVE-2019-14821: An out-of-bounds access issue was found in the way the KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).\n\nCVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).\n\nCVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation.\nThis allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-10-18T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2706-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18595", "CVE-2019-14821", "CVE-2019-15291", "CVE-2019-9506"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2706-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130050", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2706-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130050);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-18595\", \"CVE-2019-14821\", \"CVE-2019-15291\", \"CVE-2019-9506\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2706-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2019-15291: There was a NULL pointer dereference, caused by a\nmalicious USB device in the flexcop_usb_probe function in the\ndrivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).\n\nCVE-2019-14821: An out-of-bounds access issue was found in the way the\nKVM hypervisor implements the Coalesced MMIO write operation. It\noperates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object,\nwherein write indices 'ring->first' and 'ring->last' value could be\nsupplied by a host user-space process. An unprivileged host user or\nprocess with access to '/dev/kvm' device could use this flaw to crash\nthe host kernel, resulting in a denial of service or potentially\nescalating privileges on the system (bnc#1151350).\n\nCVE-2017-18595: A double free may be caused by the function\nallocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).\n\nCVE-2019-9506: The Bluetooth BR/EDR specification up to and including\nversion 5.1 permitted sufficiently low encryption key length and did\nnot prevent an attacker from influencing the key length negotiation.\nThis allowed practical brute-force attacks (aka 'KNOB') that could\ndecrypt traffic and injected arbitrary ciphertext without the victim\nnoticing (bnc#1137865 bnc#1146042).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18595/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14821/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9506/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192706-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?902e5bb1\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15:zypper in -t patch\nSUSE-SLE-Product-WE-15-2019-2706=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-2019-2706=1\n\nSUSE Linux Enterprise Module for Live Patching 15:zypper in -t patch\nSUSE-SLE-Module-Live-Patching-15-2019-2706=1\n\nSUSE Linux Enterprise Module for Legacy Software 15:zypper in -t patch\nSUSE-SLE-Module-Legacy-15-2019-2706=1\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2019-2706=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2019-2706=1\n\nSUSE Linux Enterprise High Availability 15:zypper in -t patch\nSUSE-SLE-Product-HA-15-2019-2706=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-base-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-debugsource-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-build-debugsource-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-obs-qa-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-syms-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kernel-vanilla-debugsource-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-4.12.14-150.38.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-150.38.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-26T15:28:52", "description": "The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).\n\n - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could have used this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).\n\n - CVE-2017-18595: A double free might have been caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).\n\n - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that can decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865 1146042).\n\nThe following non-security bugs were fixed :\n\n - ACPI: custom_method: fix memory leaks (bsc#1051510).\n\n - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510).\n\n - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510).\n\n - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680).\n\n - ALSA: aoa: onyx: always initialize register read value (bsc#1051510).\n\n - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510).\n\n - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510).\n\n - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510).\n\n - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510).\n\n - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510).\n\n - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510).\n\n - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510).\n\n - ath9k: dynack: fix possible deadlock in ath_dynack_node_(de)init (bsc#1051510).\n\n - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08).\n\n - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510).\n\n - blk-flush: do not run queue for requests bypassing flush (bsc#1137959).\n\n - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959).\n\n - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959).\n\n - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610).\n\n - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959).\n\n - blk-mq: kABI fixes for blk-mq.h (bsc#1137959).\n\n - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959).\n\n - blk-mq: punt failed direct issue to dispatch list (bsc#1137959).\n\n - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959).\n\n - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959).\n\n - block: fix timeout changes for legacy request drivers (bsc#1149446).\n\n - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076).\n\n - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076).\n\n - bnx2x: Disable multi-cos feature (networking-stable-19_08_08).\n\n - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013).\n\n - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013).\n\n - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21).\n\n - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013).\n\n - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013).\n\n - btrfs: fix use-after-free when using the tree modification log (bsc#1151891).\n\n - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975).\n\n - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974).\n\n - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972).\n\n - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133).\n\n - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510).\n\n - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510).\n\n - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510).\n\n - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510).\n\n - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510).\n\n - crypto: cavium/zip - Add missing single_release() (bsc#1051510).\n\n - crypto: ccp - Reduce maximum stack usage (bsc#1051510).\n\n - crypto: qat - Silence smp_processor_id() warning (bsc#1051510).\n\n - crypto: skcipher - Unmap pages after an external error (bsc#1051510).\n\n - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510).\n\n - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510).\n\n - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510).\n\n - drm/i915: Fix various tracepoints for gen2 (bsc#1113722)\n\n - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722)\n\n - EDAC/amd64: Decode syndrome before translating address (bsc#1114279).\n\n - eeprom: at24: make spd world-readable again (git-fixes).\n\n - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025).\n\n - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024).\n\n - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes).\n\n - git-sort: add nfsd maintainers git tree This allows git-sort to handle patches queued for nfsd.\n\n - gpio: fix line flag validation in lineevent_create (bsc#1051510).\n\n - gpio: fix line flag validation in linehandle_create (bsc#1051510).\n\n - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510).\n\n - gpiolib: only check line handle flags once (bsc#1051510).\n\n - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510).\n\n - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510).\n\n - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510).\n\n - ife: error out when nla attributes are empty (networking-stable-19_08_08).\n\n - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510).\n\n - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510).\n\n - iommu/dma: Fix for dereferencing before null checking (bsc#1151667).\n\n - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08).\n\n - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28).\n\n - isdn/capi: check message length in capi_write() (bsc#1051510).\n\n - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI\n\n - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI\n\n - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840).\n\n - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510).\n\n - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510).\n\n - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510).\n\n - libiscsi: do not try to bypass SCSI EH (bsc#1142076).\n\n - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995).\n\n - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510).\n\n - md: do not report active array_state until after revalidate_disk() completes (git-fixes).\n\n - md: only call set_in_sync() when it is expected to succeed (git-fixes).\n\n - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes).\n\n - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510).\n\n - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510).\n\n - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510).\n\n - media: em28xx: stop rewriting device's struct (bsc#1051510).\n\n - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510).\n\n - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510).\n\n - media: mc-device.c: do not memset __user pointer contents (bsc#1051510).\n\n - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510).\n\n - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510).\n\n - media: replace strcpy() by strscpy() (bsc#1051510).\n\n - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510).\n\n - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510).\n\n - media: tm6000: double free if usb disconnect while streaming (bsc#1051510).\n\n - media: vb2: Fix videobuf2 to map correct area (bsc#1051510).\n\n - mic: avoid statically declaring a 'struct device' (bsc#1051510).\n\n - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635).\n\n - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086).\n\n - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510).\n\n - mvpp2: refactor MTU change code (networking-stable-19_08_08).\n\n - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08).\n\n - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08).\n\n - net: fix ifindex collision during namespace removal (networking-stable-19_08_08).\n\n - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432).\n\n - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432).\n\n - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21).\n\n - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08).\n\n - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21).\n\n - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08).\n\n - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21).\n\n - net: sched: Fix a possible NULL pointer dereference in dequeue_func() (networking-stable-19_08_08).\n\n - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28).\n\n - NFS4: Fix v4.0 client state corruption when mount (git-fixes).\n\n - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381).\n\n - nfsd: Do not release the callback slot unless it was actually held (git-fixes).\n\n - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381).\n\n - nfsd: fix performance-limiting session calculation (bsc#1150381).\n\n - nfsd: give out fewer session slots as limit approaches (bsc#1150381).\n\n - nfsd: handle drc over-allocation gracefully (bsc#1150381).\n\n - nfsd: increase DRC cache limit (bsc#1150381).\n\n - NFS: Do not interrupt file writeout due to fatal errors (git-fixes).\n\n - NFS: Do not open code clearing of delegation state (git-fixes).\n\n - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes).\n\n - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes).\n\n - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes).\n\n - NFS: Refactor nfs_lookup_revalidate() (git-fixes).\n\n - NFS: Remove redundant semicolon (git-fixes).\n\n - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes).\n\n - NFSv4.1: Fix open stateid recovery (git-fixes).\n\n - NFSv4.1: Only reap expired delegations (git-fixes).\n\n - NFSv4: Check the return value of update_open_stateid() (git-fixes).\n\n - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes).\n\n - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes).\n\n - NFSv4: Fix delegation state recovery (git-fixes).\n\n - NFSv4: Fix lookup revalidate of regular files (git-fixes).\n\n - NFSv4: Fix OPEN / CLOSE race (git-fixes).\n\n - NFSv4: Handle the special Linux file open access mode (git-fixes).\n\n - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes).\n\n - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n\n - null_blk: complete requests from ->timeout (bsc#1149446).\n\n - null_blk: wire up timeouts (bsc#1149446).\n\n - nvme: fix multipath crash when ANA is deactivated (bsc#1149446).\n\n - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes).\n\n - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,).\n\n - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076).\n\n - nvme-rdma: centralize controller setup sequence (bsc#1142076).\n\n - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446).\n\n - nvme-rdma: fix timeout handler (bsc#1149446).\n\n - nvme-rdma: stop admin queue before freeing it (bsc#1140155).\n\n - nvme-rdma: support up to 4 segments of inline data (bsc#1142076).\n\n - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076).\n\n - nvme: remove ns sibling before clearing path (bsc#1140155).\n\n - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076).\n\n - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423).\n\n - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510).\n\n - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510).\n\n - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510).\n\n - pNFS fallback to MDS if no deviceid found (git-fixes).\n\n - pNFS/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes).\n\n - pNFS/flexfiles: Turn off soft RPC calls (git-fixes).\n\n - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729).\n\n - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729).\n\n - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729).\n\n - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664).\n\n - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664).\n\n - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664).\n\n - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729).\n\n - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729).\n\n - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729).\n\n - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729).\n\n - powerpc/irq: drop arch_early_irq_init() (bsc#1065729).\n\n - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664).\n\n - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664).\n\n - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664).\n\n - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729).\n\n - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729).\n\n - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729).\n\n - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729).\n\n - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840).\n\n - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840).\n\n - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729).\n\n - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729).\n\n - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158).\n\n - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729).\n\n - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729).\n\n - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158).\n\n - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868).\n\n - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729).\n\n - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729).\n\n - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729).\n\n - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510).\n\n - power: supply: Init device wakeup after device_add() (bsc#1051510).\n\n - ppp: Fix memory leak in ppp_write (git-fixes).\n\n - printk: Do not lose last line in kmsg buffer dump (bsc#1152460).\n\n - printk: fix printk_time race (bsc#1152466).\n\n - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712).\n\n - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - quota: fix wrong condition in is_quota_modification() (bsc#1152026).\n\n - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510).\n\n - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510).\n\n - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510).\n\n - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs.\n\n - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix fcport NULL pointer access (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix possible fcport NULL pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix routine qla27xx_dump_(mpi|ram)() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reject EH_(abort|device_reset|target_request) (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reset the FCF_ASYNC_(SENT|ACTIVE) flags (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313).\n\n - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi_transport_fc: complete requests from ->timeout (bsc#1142076).\n\n - sctp: fix the transport error_count check (networking-stable-19_08_21).\n\n - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned.\n\n - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510).\n\n - slip: make slhc_free() silently accept an error pointer (bsc#1051510).\n\n - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510).\n\n - SUNRPC fix regression in umount of a secure mount (git-fixes).\n\n - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes).\n\n - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes).\n\n - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28).\n\n - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21).\n\n - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555).\n\n - Update patches.suse/ext4-unsupported-features.patch (SLE-8615, bsc#1149651, SLE-9243).\n\n - Update patches.suse/powerpc-powernv-Return-for-invalid-IMC-doma in.patch (bsc#1054914, git-fixes).\n\n - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510).\n\n - video: ssd1307fb: Start page range at page_offset (bsc#1113722)\n\n - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279).\n\n - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955).\n\n - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279).\n\n - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21).\n\n - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600).\n\n - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600).\n\n - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600).", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-10-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-2307)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18595", "CVE-2019-14821", "CVE-2019-15291", "CVE-2019-9506"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-2307.NASL", "href": "https://www.tenable.com/plugins/nessus/129806", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2307.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129806);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-18595\", \"CVE-2019-14821\", \"CVE-2019-15291\", \"CVE-2019-9506\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-2307)\");\n script_summary(english:\"Check for the openSUSE-2019-2307 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.0 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-15291: There was a NULL pointer dereference\n caused by a malicious USB device in the\n flexcop_usb_probe function in the\n drivers/media/usb/b2c2/flexcop-usb.c driver\n (bnc#1146540).\n\n - CVE-2019-14821: An out-of-bounds access issue was found\n in the way Linux kernel's KVM hypervisor implements the\n Coalesced MMIO write operation. It operates on an MMIO\n ring buffer 'struct kvm_coalesced_mmio' object, wherein\n write indices 'ring->first' and 'ring->last' value could\n be supplied by a host user-space process. An\n unprivileged host user or process with access to\n '/dev/kvm' device could have used this flaw to crash the\n host kernel, resulting in a denial of service or\n potentially escalating privileges on the system\n (bnc#1151350).\n\n - CVE-2017-18595: A double free might have been caused by\n the function allocate_trace_buffer in the file\n kernel/trace/trace.c (bnc#1149555).\n\n - CVE-2019-9506: The Bluetooth BR/EDR specification up to\n and including version 5.1 permits sufficiently low\n encryption key length and did not prevent an attacker\n from influencing the key length negotiation. This\n allowed practical brute-force attacks (aka 'KNOB') that\n can decrypt traffic and inject arbitrary ciphertext\n without the victim noticing (bnc#1137865 1146042).\n\nThe following non-security bugs were fixed :\n\n - ACPI: custom_method: fix memory leaks (bsc#1051510).\n\n - ACPI / PCI: fix acpi_pci_irq_enable() memory leak\n (bsc#1051510).\n\n - ACPI / property: Fix acpi_graph_get_remote_endpoint()\n name in kerneldoc (bsc#1051510).\n\n - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP\n (bsc#1151680).\n\n - ALSA: aoa: onyx: always initialize register read value\n (bsc#1051510).\n\n - ALSA: firewire-tascam: check intermediate state of clock\n status and retry (bsc#1051510).\n\n - ALSA: firewire-tascam: handle error code when getting\n current source of clock (bsc#1051510).\n\n - ASoC: es8328: Fix copy-paste error in\n es8328_right_line_controls (bsc#1051510).\n\n - ASoC: Intel: Baytrail: Fix implicit fallthrough warning\n (bsc#1051510).\n\n - ASoC: sun4i-i2s: RX and TX counter registers are swapped\n (bsc#1051510).\n\n - ASoC: wm8737: Fix copy-paste error in\n wm8737_snd_controls (bsc#1051510).\n\n - ASoC: wm8988: fix typo in wm8988_right_line_controls\n (bsc#1051510).\n\n - ath9k: dynack: fix possible deadlock in\n ath_dynack_node_(de)init (bsc#1051510).\n\n - atm: iphase: Fix Spectre v1 vulnerability\n (networking-stable-19_08_08).\n\n - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA\n (bsc#1051510).\n\n - blk-flush: do not run queue for requests bypassing flush\n (bsc#1137959).\n\n - blk-flush: use blk_mq_request_bypass_insert()\n (bsc#1137959).\n\n - blk-mq: do not allocate driver tag upfront for flush rq\n (bsc#1137959).\n\n - blk-mq: Fix memory leak in blk_mq_init_allocated_queue\n error handling (bsc#1151610).\n\n - blk-mq: insert rq with DONTPREP to hctx dispatch list\n when requeue (bsc#1137959).\n\n - blk-mq: kABI fixes for blk-mq.h (bsc#1137959).\n\n - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h\n (bsc#1137959).\n\n - blk-mq: punt failed direct issue to dispatch list\n (bsc#1137959).\n\n - blk-mq: put the driver tag of nxt rq before first one is\n requeued (bsc#1137959).\n\n - blk-mq-sched: decide how to handle flush rq via\n RQF_FLUSH_SEQ (bsc#1137959).\n\n - block: fix timeout changes for legacy request drivers\n (bsc#1149446).\n\n - block: kABI fixes for BLK_EH_DONE renaming\n (bsc#1142076).\n\n - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE\n (bsc#1142076).\n\n - bnx2x: Disable multi-cos feature\n (networking-stable-19_08_08).\n\n - bonding/802.3ad: fix link_failure_count tracking\n (bsc#1137069 bsc#1141013).\n\n - bonding/802.3ad: fix slave link initialization\n transition states (bsc#1137069 bsc#1141013).\n\n - bonding: Add vlan tx offload to hw_enc_features\n (networking-stable-19_08_21).\n\n - bonding: set default miimon value for non-arp modes if\n not set (bsc#1137069 bsc#1141013).\n\n - bonding: speed/duplex update at NETDEV_UP event\n (bsc#1137069 bsc#1141013).\n\n - btrfs: fix use-after-free when using the tree\n modification log (bsc#1151891).\n\n - btrfs: qgroup: Fix reserved data space leak if we have\n multiple reserve calls (bsc#1152975).\n\n - btrfs: qgroup: Fix the wrong target io_tree when freeing\n reserved data space (bsc#1152974).\n\n - btrfs: relocation: fix use-after-free on dead relocation\n roots (bsc#1152972).\n\n - ceph: use ceph_evict_inode to cleanup inode's resource\n (bsc#1148133).\n\n - clk: at91: fix update bit maps on CFG_MOR write\n (bsc#1051510).\n\n - clk: sunxi-ng: v3s: add missing clock slices for MMC2\n module clocks (bsc#1051510).\n\n - clk: sunxi-ng: v3s: add the missing PLL_DDR1\n (bsc#1051510).\n\n - crypto: caam - fix concurrency issue in givencrypt\n descriptor (bsc#1051510).\n\n - crypto: caam - free resources in case caam_rng\n registration failed (bsc#1051510).\n\n - crypto: cavium/zip - Add missing single_release()\n (bsc#1051510).\n\n - crypto: ccp - Reduce maximum stack usage (bsc#1051510).\n\n - crypto: qat - Silence smp_processor_id() warning\n (bsc#1051510).\n\n - crypto: skcipher - Unmap pages after an external error\n (bsc#1051510).\n\n - dmaengine: dw: platform: Switch to\n acpi_dma_controller_register() (bsc#1051510).\n\n - dmaengine: iop-adma.c: fix printk format warning\n (bsc#1051510).\n\n - drivers: thermal: int340x_thermal: Fix sysfs race\n condition (bsc#1051510).\n\n - drm/i915: Fix various tracepoints for gen2 (bsc#1113722)\n\n - drm/imx: Drop unused imx-ipuv3-crtc.o build\n (bsc#1113722)\n\n - EDAC/amd64: Decode syndrome before translating address\n (bsc#1114279).\n\n - eeprom: at24: make spd world-readable again (git-fixes).\n\n - ext4: fix warning inside\n ext4_convert_unwritten_extents_endio (bsc#1152025).\n\n - ext4: set error return correctly when\n ext4_htree_store_dirent fails (bsc#1152024).\n\n - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes).\n\n - git-sort: add nfsd maintainers git tree This allows\n git-sort to handle patches queued for nfsd.\n\n - gpio: fix line flag validation in lineevent_create\n (bsc#1051510).\n\n - gpio: fix line flag validation in linehandle_create\n (bsc#1051510).\n\n - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot\n option and blacklist (bsc#1051510).\n\n - gpiolib: only check line handle flags once\n (bsc#1051510).\n\n - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h\n (bsc#1051510).\n\n - hwmon: (lm75) Fix write operations for negative\n temperatures (bsc#1051510).\n\n - hwmon: (shtc1) fix shtc1 and shtw1 id mask\n (bsc#1051510).\n\n - ife: error out when nla attributes are empty\n (networking-stable-19_08_08).\n\n - iio: dac: ad5380: fix incorrect assignment to val\n (bsc#1051510).\n\n - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID\n (bsc#1051510).\n\n - iommu/dma: Fix for dereferencing before null checking\n (bsc#1151667).\n\n - ip6_tunnel: fix possible use-after-free on xmit\n (networking-stable-19_08_08).\n\n - ipv6/addrconf: allow adding multicast addr if\n IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28).\n\n - isdn/capi: check message length in capi_write()\n (bsc#1051510).\n\n - kABI: media: em28xx: fix handler for vidioc_s_input()\n (bsc#1051510). fixes kABI\n\n - kABI: media: em28xx: stop rewriting device's struct\n (bsc#1051510). fixes kABI\n\n - KVM: PPC: Book3S: Fix incorrect\n guest-to-user-translation error handling (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked\n virtual cores (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not lose pending doorbell\n request on migration on P9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not push XIVE context when not\n using XIVE device (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix lockdep warning when entering\n the guest (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE\n escalation interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU\n push code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts\n before disabling the VP (bsc#1061840).\n\n - leds: leds-lp5562 allow firmware files up to the maximum\n length (bsc#1051510).\n\n - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510).\n\n - libertas_tf: Use correct channel range in lbtf_geo_init\n (bsc#1051510).\n\n - libiscsi: do not try to bypass SCSI EH (bsc#1142076).\n\n - livepatch: Nullify obj->mod in klp_module_coming()'s\n error path (bsc#1071995).\n\n - mac80211: minstrel_ht: fix per-group max throughput rate\n initialization (bsc#1051510).\n\n - md: do not report active array_state until after\n revalidate_disk() completes (git-fixes).\n\n - md: only call set_in_sync() when it is expected to\n succeed (git-fixes).\n\n - md/raid6: Set R5_ReadError when there is read failure on\n parity disk (git-fixes).\n\n - media: atmel: atmel-isi: fix timeout value for stop\n streaming (bsc#1051510).\n\n - media: dib0700: fix link error for dibx000_i2c_set_speed\n (bsc#1051510).\n\n - media: em28xx: fix handler for vidioc_s_input()\n (bsc#1051510).\n\n - media: em28xx: stop rewriting device's struct\n (bsc#1051510).\n\n - media: fdp1: Reduce FCP not found message level to debug\n (bsc#1051510).\n\n - media: marvell-ccic: do not generate EOF on parallel bus\n (bsc#1051510).\n\n - media: mc-device.c: do not memset __user pointer\n contents (bsc#1051510).\n\n - media: ov6650: Fix sensor possibly not detected on probe\n (bsc#1051510).\n\n - media: ov6650: Move v4l2_clk_get() to\n ov6650_video_probe() helper (bsc#1051510).\n\n - media: replace strcpy() by strscpy() (bsc#1051510).\n\n - media: Revert '[media] marvell-ccic: reset ccic phy when\n stop streaming for stability' (bsc#1051510).\n\n - media: technisat-usb2: break out of loop at end of\n buffer (bsc#1051510).\n\n - media: tm6000: double free if usb disconnect while\n streaming (bsc#1051510).\n\n - media: vb2: Fix videobuf2 to map correct area\n (bsc#1051510).\n\n - mic: avoid statically declaring a 'struct device'\n (bsc#1051510).\n\n - mmc: sdhci-msm: fix mutex while in spinlock\n (bsc#1142635).\n\n - mmc: sdhci-of-arasan: Do now show error message in case\n of deffered probe (bsc#1119086).\n\n - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall\n (bsc#1051510).\n\n - mvpp2: refactor MTU change code\n (networking-stable-19_08_08).\n\n - net: bridge: delete local fdb on device init failure\n (networking-stable-19_08_08).\n\n - net: bridge: mcast: do not delete permanent entries when\n fast leave is enabled (networking-stable-19_08_08).\n\n - net: fix ifindex collision during namespace removal\n (networking-stable-19_08_08).\n\n - net/ibmvnic: prevent more than one thread from running\n in reset (bsc#1152457 ltc#174432).\n\n - net/ibmvnic: unlock rtnl_lock in reset so\n linkwatch_event can run (bsc#1152457 ltc#174432).\n\n - net/mlx5e: Only support tx/rx pause setting for port\n owner (networking-stable-19_08_21).\n\n - net/mlx5e: Prevent encap flow counter update async to\n user query (networking-stable-19_08_08).\n\n - net/mlx5e: Use flow keys dissector to parse packets for\n ARFS (networking-stable-19_08_21).\n\n - net/mlx5: Use reversed order when unregister devices\n (networking-stable-19_08_08).\n\n - net/packet: fix race in tpacket_snd()\n (networking-stable-19_08_21).\n\n - net: sched: Fix a possible NULL pointer dereference in\n dequeue_func() (networking-stable-19_08_08).\n\n - net/smc: make sure EPOLLOUT is raised\n (networking-stable-19_08_28).\n\n - NFS4: Fix v4.0 client state corruption when mount\n (git-fixes).\n\n - nfsd: degraded slot-count more gracefully as allocation\n nears exhaustion (bsc#1150381).\n\n - nfsd: Do not release the callback slot unless it was\n actually held (git-fixes).\n\n - nfsd: Fix overflow causing non-working mounts on 1 TB\n machines (bsc#1150381).\n\n - nfsd: fix performance-limiting session calculation\n (bsc#1150381).\n\n - nfsd: give out fewer session slots as limit approaches\n (bsc#1150381).\n\n - nfsd: handle drc over-allocation gracefully\n (bsc#1150381).\n\n - nfsd: increase DRC cache limit (bsc#1150381).\n\n - NFS: Do not interrupt file writeout due to fatal errors\n (git-fixes).\n\n - NFS: Do not open code clearing of delegation state\n (git-fixes).\n\n - NFS: Ensure O_DIRECT reports an error if the bytes\n read/written is 0 (git-fixes).\n\n - NFS: Fix regression whereby fscache errors are appearing\n on 'nofsc' mounts (git-fixes).\n\n - NFS: Forbid setting AF_INET6 to 'struct\n sockaddr_in'->sin_family (git-fixes).\n\n - NFS: Refactor nfs_lookup_revalidate() (git-fixes).\n\n - NFS: Remove redundant semicolon (git-fixes).\n\n - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to\n wake a waiter (git-fixes).\n\n - NFSv4.1: Fix open stateid recovery (git-fixes).\n\n - NFSv4.1: Only reap expired delegations (git-fixes).\n\n - NFSv4: Check the return value of update_open_stateid()\n (git-fixes).\n\n - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes).\n\n - NFSv4: Fix a potential sleep while atomic in\n nfs4_do_reclaim() (git-fixes).\n\n - NFSv4: Fix delegation state recovery (git-fixes).\n\n - NFSv4: Fix lookup revalidate of regular files\n (git-fixes).\n\n - NFSv4: Fix OPEN / CLOSE race (git-fixes).\n\n - NFSv4: Handle the special Linux file open access mode\n (git-fixes).\n\n - NFSv4: Only pass the delegation to setattr if we're\n sending a truncate (git-fixes).\n\n - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()\n (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds\n (bsc#1051510).\n\n - null_blk: complete requests from ->timeout\n (bsc#1149446).\n\n - null_blk: wire up timeouts (bsc#1149446).\n\n - nvme: fix multipath crash when ANA is deactivated\n (bsc#1149446).\n\n - nvmem: Use the same permissions for eeprom as for nvmem\n (git-fixes).\n\n - nvme-rdma: Allow DELETING state change failure in\n (bsc#1104967,).\n\n - nvme-rdma: centralize admin/io queue teardown sequence\n (bsc#1142076).\n\n - nvme-rdma: centralize controller setup sequence\n (bsc#1142076).\n\n - nvme-rdma: fix a NULL deref when an admin connect times\n out (bsc#1149446).\n\n - nvme-rdma: fix timeout handler (bsc#1149446).\n\n - nvme-rdma: stop admin queue before freeing it\n (bsc#1140155).\n\n - nvme-rdma: support up to 4 segments of inline data\n (bsc#1142076).\n\n - nvme-rdma: unquiesce queues when deleting the controller\n (bsc#1142076).\n\n - nvme: remove ns sibling before clearing path\n (bsc#1140155).\n\n - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076).\n\n - PCI: hv: Detect and fix Hyper-V PCI domain number\n collision (bsc#1150423).\n\n - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in\n over-current (bsc#1051510).\n\n - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to\n critclk_systems DMI table (bsc#1051510).\n\n - PM: sleep: Fix possible overflow in\n pm_system_cancel_wakeup() (bsc#1051510).\n\n - pNFS fallback to MDS if no deviceid found (git-fixes).\n\n - pNFS/flexfiles: Fix PTR_ERR() dereferences in\n ff_layout_track_ds_error (git-fixes).\n\n - pNFS/flexfiles: Turn off soft RPC calls (git-fixes).\n\n - powerpc/64: Make sys_switch_endian() traceable\n (bsc#1065729).\n\n - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush\n miss problem with THP (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Fix memory hotplug section page table\n creation (bsc#1065729).\n\n - powerpc/64s/radix: Fix memory hot-unplug page table\n split (bsc#1065729).\n\n - powerpc/64s/radix: Implement _tlbie(l)_va_range flush\n functions (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Improve preempt handling in TLB code\n (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Improve TLB flushing for page table\n freeing (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Introduce local single page ceiling\n for TLB range flush (bsc#1055117 bsc#1152161\n ltc#181664).\n\n - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161\n ltc#181664).\n\n - powerpc/book3s64/mm: Do not do tlbie fixup for some\n hardware revisions (bsc#1152161 ltc#181664).\n\n - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG\n feature flag (bsc#1152161 ltc#181664).\n\n - powerpc: bpf: Fix generation of load/store DW\n instructions (bsc#1065729).\n\n - powerpc/bpf: use unsigned division instruction for\n 64-bit operations (bsc#1065729).\n\n - powerpc: Drop page_is_ram() and walk_system_ram_range()\n (bsc#1065729).\n\n - powerpc/irq: Do not WARN continuously in\n arch_local_irq_restore() (bsc#1065729).\n\n - powerpc/irq: drop arch_early_irq_init() (bsc#1065729).\n\n - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue\n on POWER9 (bsc#1152161 ltc#181664).\n\n - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161\n ltc#181664).\n\n - powerpc/mm/radix: implement LPID based TLB flushes to be\n used by KVM (bsc#1152161 ltc#181664).\n\n - powerpc/mm: Simplify page_is_ram by using\n memblock_is_memory (bsc#1065729).\n\n - powerpc/mm: Use memblock API for PPC32 page_is_ram\n (bsc#1065729).\n\n - powerpc/module64: Fix comment in R_PPC64_ENTRY handling\n (bsc#1065729).\n\n - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS\n (bsc#1065729).\n\n - powerpc/powernv/ioda2: Allocate TCE table levels on\n demand for default DMA window (bsc#1061840).\n\n - powerpc/powernv/ioda: Fix race in TCE level allocation\n (bsc#1061840).\n\n - powerpc/powernv: move OPAL call wrapper tracing and\n interrupt handling to C (bsc#1065729).\n\n - powerpc/powernv/npu: Remove obsolete comment about\n TCE_KILL_INVAL_ALL (bsc#1065729).\n\n - powerpc/pseries: Call H_BLOCK_REMOVE when supported\n (bsc#1109158).\n\n - powerpc/pseries: Fix cpu_hotplug_lock acquisition in\n resize_hpt() (bsc#1065729).\n\n - powerpc/pseries/memory-hotplug: Fix return value type of\n find_aa_index (bsc#1065729).\n\n - powerpc/pseries: Read TLB Block Invalidate\n Characteristics (bsc#1109158).\n\n - powerpc/ptrace: Simplify vr_get/set() to avoid GCC\n warning (bsc#1148868).\n\n - powerpc/xive: Fix bogus error code returned by OPAL\n (bsc#1065729).\n\n - powerpc/xive: Implement get_irqchip_state method for\n XIVE to fix shutdown race (bsc#1065729).\n\n - powerpc/xmon: Fix opcode being uninitialized in\n print_insn_powerpc (bsc#1065729).\n\n - power: reset: gpio-restart: Fix typo when gpio reset is\n not found (bsc#1051510).\n\n - power: supply: Init device wakeup after device_add()\n (bsc#1051510).\n\n - ppp: Fix memory leak in ppp_write (git-fixes).\n\n - printk: Do not lose last line in kmsg buffer dump\n (bsc#1152460).\n\n - printk: fix printk_time race (bsc#1152466).\n\n - printk/panic: Avoid deadlock in printk() after stopping\n CPUs by NMI (bsc#1148712).\n\n - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - quota: fix wrong condition in is_quota_modification()\n (bsc#1152026).\n\n - r8152: Set memory to all 0xFFs on failed reg reads\n (bsc#1051510).\n\n - regulator: lm363x: Fix off-by-one n_voltages for lm3632\n ldo_vpos/ldo_vneg (bsc#1051510).\n\n - Revert 'mwifiex: fix system hang problem after resume'\n (bsc#1051510).\n\n - scsi: qla2xxx: Add 28xx flash primary/secondary\n status/image mechanism (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add error handling for PLOGI ELS\n passthrough (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add First Burst support for FC-NVMe\n devices (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add fw_attr and port_no SysFS node\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add new FW dump template entry types\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add pci function reset support\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add protection mask module parameters\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add Serdes support for ISP28XX\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add support for multiple fwdump\n templates/segments (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Add support for setting port speed\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Allow NVMe IO to resume with short cable\n pull (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: allow session delete to finish before\n create (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Always check the\n qla2x00_wait_for_hba_online() return value (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when\n multiqueue is not supported (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: avoid printf format warning (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that Coverity complains about\n dereferencing a NULL rport pointer (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that lockdep complains about unsafe\n locking in tcm_qla2xxx_close_session() (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if\n called twice (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop\n event (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change abort wait_loop from msleep to\n wait_event_timeout (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Change data_dsd into an array\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change the return type of\n qla24xx_read_flash_data() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Change the return type of\n qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check for FW started flag before aborting\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check for MB timeout while capturing\n ISP27/28xx FW dump (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Check secondary image if reading the\n primary image fails (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Check the PCI info string output buffer\n size (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check the size of firmware data\n structures at compile time (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Cleanup fcport memory to prevent leak\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds\n during unload (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: cleanup trace buffer initialization\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if a command is released that is\n owned by the firmware (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Complain if a mailbox command times out\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if a soft reset fails\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if parsing the version string\n fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if sp->done() is not called from\n the completion path (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Complain if waiting for pending commands\n times out (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain loudly about reference count\n underflow (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Correct error handling during\n initialization failures (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Correction and improvement to fwdt\n processing (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Correctly report max/min supported speeds\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: deadlock by configfs_depend_item\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare fourth qla2x00_set_model_info()\n argument const (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare local symbols static (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs()\n static (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare the fourth ql_dump_buffer()\n argument const (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe\n during probe (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There\n are upstream bug reports against 10.01.00.19-k which\n haven't been resolved. Also the newer version failed to\n get a proper review. For time being it's better to got\n with the older version and do not introduce new bugs.\n\n - scsi: qla2xxx: Dual FCP-NVMe target port support\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Enable type checking for the SRB free and\n done callback functions (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix abort timeout race condition\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a NULL pointer dereference\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a race condition between aborting and\n completing a SCSI command (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix a recently introduced kernel warning\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a small typo in qla_bsg.c\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix code indentation for\n qla27xx_fwdt_entry (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix comment alignment in qla_bsg.c\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in\n qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix different size DMA Alloc/Unmap\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix DMA error when the DIF sg buffer\n crosses 4GB boundary (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix driver reload for ISP82xx\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are\n connected (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix fcport NULL pointer access\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix flash read for Qlogic ISPs\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix formatting of pointer types\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix fw options handle eh_bus_reset()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix gnl.l memory leak on adapter init\n failure (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hang in fcport delete path\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hardlockup in abort command during\n driver remove (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe\n devices (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix LUN discovery if loop id is not\n assigned yet by firmware (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix message indicating vectors used by\n driver (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix N2N link reset (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race\n condition (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NVMe port discovery after a short\n device port loss (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix panic from use after free in\n qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix possible fcport NULL pointer\n dereferences (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix premature timer expiration\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix race conditions in the code for\n aborting SCSI commands (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix read offset in\n qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix Relogin to prevent modifying\n scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix routine qla27xx_dump_(mpi|ram)()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix session lookup in qlt_abort_work()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix spelling mistake 'alredy' ->\n 'already' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix spelling mistake 'initializatin' ->\n 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping\n in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stale mem access on driver unload\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stale session (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stuck login session (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix unbound sleep in fcport delete path\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix unload when NVMe devices are\n configured (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix use-after-free issues in\n qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: flush IO on chip reset or sess delete\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Further limit FLASH region write access\n from SysFS (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Improve Linux kernel coding style\n conformance (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Improve logging for scan thread\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Include the <asm/unaligned.h> header file\n from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Increase the max_sgl_segments to 1024\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Increase the size of the mailbox arrays\n from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler()\n function (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Insert spaces where required (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce qla2xxx_get_next_handle()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce the be_id_t and le_id_t data\n types for FC src/dst IDs (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Introduce the dsd32 and dsd64 data\n structures (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce the function qla2xxx_init_sp()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Leave a blank line after declarations\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Let the compiler check the type of the\n SCSI command context pointer (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Log the status code if a firmware command\n fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make it explicit that ELS pass-through\n IOCBs use little endian (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease\n the sp reference count (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_process_response_queue()\n easier to read (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qlt_handle_abts_completion() more\n robust (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make sure that aborted commands are freed\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Modify NVMe include directives\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move debug messages before sending srb\n preventing panic (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: move IO flush to the front of NVME rport\n unregistration (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move marker request behind QPair\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_clear_loop_id() from\n qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_is_reserved_id() from\n qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h\n into a .c file (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids()\n definition (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h>\n include directive (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move the port_state_str definition from a\n .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: no need to check return value of\n debugfs_create functions (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: on session delete, return nvme cmd\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Optimize NPIV tear down process\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Pass little-endian values to the firmware\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent memory leak for CT req/rsp\n allocation (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent multiple ADISC commands per\n session (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent SysFS access when chip is down\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Really fix qla2xxx_eh_abort()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the number of casts in GID list\n code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the number of forward declarations\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the scope of three local variables\n in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Reject\n EH_(abort|device_reset|target_request) (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a comment that refers to the SCSI\n host lock (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove an include directive from qla_mr.c\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a set-but-not-used variable\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a superfluous forward declaration\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a superfluous pointer check\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: remove double assignment in\n qla2x00_update_fcport (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Remove FW default template (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and\n qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: remove redundant null check on pointer\n sess (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove set but not used variable\n 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove superfluous sts_entry_* casts\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove the fcport test from\n qla_nvme_abort_work() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous if-tests\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unnecessary locking from the\n target code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unnecessary null check\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unreachable code from\n qla83xx_idc_lock() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Remove useless set memory to zero use\n memset() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove WARN_ON_ONCE in\n qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Replace vmalloc + memset with vzalloc\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Report invalid mailbox status codes\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Report the firmware status code if a\n mailbox command fails (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Reset the FCF_ASYNC_(SENT|ACTIVE) flags\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Restore FAWWPN of Physical Port only for\n loop down (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Retry fabric Scan on IOCB queue full\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Rework key encoding in\n qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Secure flash update support for ISP28XX\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set remote port devloss timeout to 0\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is\n released (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set the responder mode if appropriate for\n ELS pass-through IOCBs (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Set the SCSI command result before\n calling the command done (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Silence fwdump template message\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Silence Successful ELS IOCB message\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplification of register address used\n in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify a debug statement (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify conditional check again\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qla24xx_abort_sp_done()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qlt_send_term_imm_notif()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Skip FW dump on LOOP initialization error\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Suppress a Coveritiy complaint about\n integer overflow (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Suppress multiple Coverity complaint\n about out-of-bounds accesses (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: target: Fix offline port handling and\n host reset handling (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Uninline qla2x00_init_timer()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Unregister resources in the opposite\n order of the registration order (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.13-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.14-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.15-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.16-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.18-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.19-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.20-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update flash read/write routine\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use an on-stack completion in\n qla24xx_control_vp() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of\n QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use common update-firmware-options\n routine for ISP27xx+ (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Use complete switch scan for RSCN events\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use Correct index for Q-Pair array\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use get/put_unaligned where appropriate\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use __le64 instead of uint32_t for\n sending DMA addresses to firmware (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use memcpy() and strlcpy() instead of\n strcpy() and strncpy() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Use mutex protection during\n qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Use strlcpy() instead of strncpy()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use tabs instead of spaces for\n indentation (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use tabs to indent code (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Verify locking assumptions at runtime\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: scsi_dh_rdac: zero cdb in send_mode_select()\n (bsc#1149313).\n\n - scsi: scsi_transport_fc: nvme: display FC-NVMe port\n roles (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: tcm_qla2xxx: Minimize #include directives\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi_transport_fc: complete requests from ->timeout\n (bsc#1142076).\n\n - sctp: fix the transport error_count check\n (networking-stable-19_08_21).\n\n - secure boot lockdown: Fix-up backport of /dev/mem access\n restriction The upstream-submitted patch set has evolved\n over time, align our patches (contents and description)\n to reflect the current status as far as /dev/mem access\n is concerned.\n\n - sky2: Disable MSI on yet another ASUS boards (P6Xxxx)\n (bsc#1051510).\n\n - slip: make slhc_free() silently accept an error pointer\n (bsc#1051510).\n\n - slip: sl_alloc(): remove unused parameter 'dev_t line'\n (bsc#1051510).\n\n - SUNRPC fix regression in umount of a secure mount\n (git-fixes).\n\n - SUNRPC: Handle connection breakages correctly in\n call_status() (git-fixes).\n\n - SUNRPC/nfs: Fix return value for\n nfs4_callback_compound() (git-fixes).\n\n - tcp: make sure EPOLLOUT wont be missed\n (networking-stable-19_08_28).\n\n - team: Add vlan tx offload to hw_enc_features\n (networking-stable-19_08_21).\n\n - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for\n interrupts (bsc#1082555).\n\n - Update patches.suse/ext4-unsupported-features.patch\n (SLE-8615, bsc#1149651, SLE-9243).\n\n - Update\n patches.suse/powerpc-powernv-Return-for-invalid-IMC-doma\n in.patch (bsc#1054914, git-fixes).\n\n - USB: usbcore: Fix slab-out-of-bounds bug during device\n reset (bsc#1051510).\n\n - video: ssd1307fb: Start page range at page_offset\n (bsc#1113722)\n\n - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family\n 15h/16h (bsc#1114279).\n\n - x86/fpu: Add FPU state copying quirk to handle XRSTOR\n failure on Intel Skylake CPUs (bsc#1151955).\n\n - x86/tls: Fix possible spectre-v1 in do_get_thread_area()\n (bsc#1114279).\n\n - xen/netback: Reset nr_frags before freeing skb\n (networking-stable-19_08_21).\n\n - xen-netfront: do not assume sk_buff_head list is empty\n in error handling (bsc#1065600).\n\n - xen-netfront: do not use ~0U as error return value for\n xennet_fill_frags() (bsc#1065600).\n\n - xen/xenbus: fix self-deadlock after killing user process\n (bsc#1065600).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1142076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1148133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1148712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1148868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152975\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-debugsource-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-base-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-debugsource-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-devel-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-docs-html-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-macros-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-build-debugsource-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-obs-qa-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-source-vanilla-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-syms-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-debugsource-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-4.12.14-lp150.12.76.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp150.12.76.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-27T14:48:08", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).\n\n - CVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).\n\n - CVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).\n\n - CVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation. This allowed practical brute-force attacks (aka 'KNOB') that can decrypt traffic and inject arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042).\n\nThe following non-security bugs were fixed :\n\n - ACPI: custom_method: fix memory leaks (bsc#1051510).\n\n - ACPI / PCI: fix acpi_pci_irq_enable() memory leak (bsc#1051510).\n\n - ACPI / property: Fix acpi_graph_get_remote_endpoint() name in kerneldoc (bsc#1051510).\n\n - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (bsc#1151680).\n\n - ALSA: aoa: onyx: always initialize register read value (bsc#1051510).\n\n - ALSA: firewire-tascam: check intermediate state of clock status and retry (bsc#1051510).\n\n - ALSA: firewire-tascam: handle error code when getting current source of clock (bsc#1051510).\n\n - ASoC: es8328: Fix copy-paste error in es8328_right_line_controls (bsc#1051510).\n\n - ASoC: Intel: Baytrail: Fix implicit fallthrough warning (bsc#1051510).\n\n - ASoC: sun4i-i2s: RX and TX counter registers are swapped (bsc#1051510).\n\n - ASoC: wm8737: Fix copy-paste error in wm8737_snd_controls (bsc#1051510).\n\n - ASoC: wm8988: fix typo in wm8988_right_line_controls (bsc#1051510).\n\n - ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet (bsc#1111666).\n\n - ath9k: dynack: fix possible deadlock in ath_dynack_node_(de)init (bsc#1051510).\n\n - atm: iphase: Fix Spectre v1 vulnerability (networking-stable-19_08_08).\n\n - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA (bsc#1051510).\n\n - blk-flush: do not run queue for requests bypassing flush (bsc#1137959).\n\n - blk-flush: use blk_mq_request_bypass_insert() (bsc#1137959).\n\n - blk-mq: do not allocate driver tag upfront for flush rq (bsc#1137959).\n\n - blk-mq: Fix memory leak in blk_mq_init_allocated_queue error handling (bsc#1151610).\n\n - blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (bsc#1137959).\n\n - blk-mq: introduce blk_mq_request_completed() (bsc#1149446).\n\n - blk-mq: introduce blk_mq_tagset_wait_completed_request() (bsc#1149446).\n\n - blk-mq: kABI fixes for blk-mq.h (bsc#1137959).\n\n - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h (bsc#1137959).\n\n - blk-mq: punt failed direct issue to dispatch list (bsc#1137959).\n\n - blk-mq: put the driver tag of nxt rq before first one is requeued (bsc#1137959).\n\n - blk-mq-sched: decide how to handle flush rq via RQF_FLUSH_SEQ (bsc#1137959).\n\n - block: fix timeout changes for legacy request drivers (bsc#1149446).\n\n - block: kABI fixes for BLK_EH_DONE renaming (bsc#1142076).\n\n - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE (bsc#1142076).\n\n - bnx2x: Disable multi-cos feature (networking-stable-19_08_08).\n\n - bonding/802.3ad: fix link_failure_count tracking (bsc#1137069 bsc#1141013).\n\n - bonding/802.3ad: fix slave link initialization transition states (bsc#1137069 bsc#1141013).\n\n - bonding: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21).\n\n - bonding: set default miimon value for non-arp modes if not set (bsc#1137069 bsc#1141013).\n\n - bonding: speed/duplex update at NETDEV_UP event (bsc#1137069 bsc#1141013).\n\n - btrfs: fix use-after-free when using the tree modification log (bsc#1151891).\n\n - btrfs: qgroup: Fix reserved data space leak if we have multiple reserve calls (bsc#1152975).\n\n - btrfs: qgroup: Fix the wrong target io_tree when freeing reserved data space (bsc#1152974).\n\n - btrfs: relocation: fix use-after-free on dead relocation roots (bsc#1152972).\n\n - ceph: use ceph_evict_inode to cleanup inode's resource (bsc#1148133).\n\n - clk: at91: fix update bit maps on CFG_MOR write (bsc#1051510).\n\n - clk: sunxi-ng: v3s: add missing clock slices for MMC2 module clocks (bsc#1051510).\n\n - clk: sunxi-ng: v3s: add the missing PLL_DDR1 (bsc#1051510).\n\n - Compile nvme.ko as module (bsc#1150846)\n\n - crypto: caam - fix concurrency issue in givencrypt descriptor (bsc#1051510).\n\n - crypto: caam - free resources in case caam_rng registration failed (bsc#1051510).\n\n - crypto: caam/qi - fix error handling in ERN handler (bsc#1111666).\n\n - crypto: cavium/zip - Add missing single_release() (bsc#1051510).\n\n - crypto: ccp - Reduce maximum stack usage (bsc#1051510).\n\n - crypto: qat - Silence smp_processor_id() warning (bsc#1051510).\n\n - crypto: skcipher - Unmap pages after an external error (bsc#1051510).\n\n - dma-buf/sw_sync: Synchronize signal vs syncpt free (bsc#1111666).\n\n - dmaengine: dw: platform: Switch to acpi_dma_controller_register() (bsc#1051510).\n\n - dmaengine: iop-adma.c: fix printk format warning (bsc#1051510).\n\n - drivers: thermal: int340x_thermal: Fix sysfs race condition (bsc#1051510).\n\n - drm/i915: Fix various tracepoints for gen2 (bsc#1113722)\n\n - drm/imx: Drop unused imx-ipuv3-crtc.o build (bsc#1113722)\n\n - EDAC/amd64: Decode syndrome before translating address (bsc#1114279).\n\n - eeprom: at24: make spd world-readable again (git-fixes).\n\n - ext4: fix warning inside ext4_convert_unwritten_extents_endio (bsc#1152025).\n\n - ext4: set error return correctly when ext4_htree_store_dirent fails (bsc#1152024).\n\n - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes).\n\n - floppy: fix usercopy direction (bsc#1111666).\n\n - git-sort: add nfsd maintainers git tree This allows git-sort to handle patches queued for nfsd.\n\n - gpio: fix line flag validation in lineevent_create (bsc#1051510).\n\n - gpio: fix line flag validation in linehandle_create (bsc#1051510).\n\n - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist (bsc#1051510).\n\n - gpiolib: only check line handle flags once (bsc#1051510).\n\n - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h (bsc#1051510).\n\n - hwmon: (lm75) Fix write operations for negative temperatures (bsc#1051510).\n\n - hwmon: (shtc1) fix shtc1 and shtw1 id mask (bsc#1051510).\n\n - i2c: designware: Synchronize IRQs when unregistering slave client (bsc#1111666).\n\n - i40e: Add support for X710 device (bsc#1151067).\n\n - ife: error out when nla attributes are empty (networking-stable-19_08_08).\n\n - iio: dac: ad5380: fix incorrect assignment to val (bsc#1051510).\n\n - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID (bsc#1051510).\n\n - iommu/dma: Fix for dereferencing before null checking (bsc#1151667).\n\n - iommu: Do not use sme_active() in generic code (bsc#1151661).\n\n - iommu/iova: Avoid false sharing on fq_timer_on (bsc#1151662).\n\n - ip6_tunnel: fix possible use-after-free on xmit (networking-stable-19_08_08).\n\n - ipv6/addrconf: allow adding multicast addr if IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28).\n\n - isdn/capi: check message length in capi_write() (bsc#1051510).\n\n - kABI: media: em28xx: fix handler for vidioc_s_input() (bsc#1051510). fixes kABI\n\n - kABI: media: em28xx: stop rewriting device's struct (bsc#1051510). fixes kABI\n\n - kABI protect struct vmem_altmap (bsc#1150305).\n\n - KVM: PPC: Book3S: Fix incorrect guest-to-user-translation error handling (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked virtual cores (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not lose pending doorbell request on migration on P9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not push XIVE context when not using XIVE device (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix lockdep warning when entering the guest (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE escalation interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU push code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts before disabling the VP (bsc#1061840).\n\n - leds: leds-lp5562 allow firmware files up to the maximum length (bsc#1051510).\n\n - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510).\n\n - libertas_tf: Use correct channel range in lbtf_geo_init (bsc#1051510).\n\n - libiscsi: do not try to bypass SCSI EH (bsc#1142076).\n\n - libnvdimm/altmap: Track namespace boundaries in altmap (bsc#1150305).\n\n - libnvdimm: prevent nvdimm from requesting key when security is disabled (bsc#1137982).\n\n - lightnvm: remove dependencies on BLK_DEV_NVME and PCI (bsc#1150846).\n\n - livepatch: Nullify obj->mod in klp_module_coming()'s error path (bsc#1071995).\n\n - mac80211: minstrel_ht: fix per-group max throughput rate initialization (bsc#1051510).\n\n - md: do not report active array_state until after revalidate_disk() completes (git-fixes).\n\n - md: only call set_in_sync() when it is expected to succeed (git-fixes).\n\n - md/raid6: Set R5_ReadError when there is read failure on parity disk (git-fixes).\n\n - media: atmel: atmel-isi: fix timeout value for stop streaming (bsc#1051510).\n\n - media: dib0700: fix link error for dibx000_i2c_set_speed (bsc#1051510).\n\n - media: em28xx: fix handler for vidioc_s_input() (bsc#1051510).\n\n - media: em28xx: stop rewriting device's struct (bsc#1051510).\n\n - media: fdp1: Reduce FCP not found message level to debug (bsc#1051510).\n\n - media: marvell-ccic: do not generate EOF on parallel bus (bsc#1051510).\n\n - media: mc-device.c: do not memset __user pointer contents (bsc#1051510).\n\n - media: ov6650: Fix sensor possibly not detected on probe (bsc#1051510).\n\n - media: ov6650: Move v4l2_clk_get() to ov6650_video_probe() helper (bsc#1051510).\n\n - media: replace strcpy() by strscpy() (bsc#1051510).\n\n - media: Revert '[media] marvell-ccic: reset ccic phy when stop streaming for stability' (bsc#1051510).\n\n - media: technisat-usb2: break out of loop at end of buffer (bsc#1051510).\n\n - media: tm6000: double free if usb disconnect while streaming (bsc#1051510).\n\n - media: vb2: Fix videobuf2 to map correct area (bsc#1051510).\n\n - mic: avoid statically declaring a 'struct device' (bsc#1051510).\n\n - mmc: sdhci-msm: fix mutex while in spinlock (bsc#1142635).\n\n - mmc: sdhci-of-arasan: Do now show error message in case of deffered probe (bsc#1119086).\n\n - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall (bsc#1051510).\n\n - mvpp2: refactor MTU change code (networking-stable-19_08_08).\n\n - net: bridge: delete local fdb on device init failure (networking-stable-19_08_08).\n\n - net: bridge: mcast: do not delete permanent entries when fast leave is enabled (networking-stable-19_08_08).\n\n - net: fix ifindex collision during namespace removal (networking-stable-19_08_08).\n\n - net/ibmvnic: prevent more than one thread from running in reset (bsc#1152457 ltc#174432).\n\n - net/ibmvnic: unlock rtnl_lock in reset so linkwatch_event can run (bsc#1152457 ltc#174432).\n\n - net/mlx5e: Only support tx/rx pause setting for port owner (networking-stable-19_08_21).\n\n - net/mlx5e: Prevent encap flow counter update async to user query (networking-stable-19_08_08).\n\n - net/mlx5e: Use flow keys dissector to parse packets for ARFS (networking-stable-19_08_21).\n\n - net/mlx5: Use reversed order when unregister devices (networking-stable-19_08_08).\n\n - net/packet: fix race in tpacket_snd() (networking-stable-19_08_21).\n\n - net: sched: Fix a possible NULL pointer dereference in dequeue_func() (networking-stable-19_08_08).\n\n - net/smc: make sure EPOLLOUT is raised (networking-stable-19_08_28).\n\n - NFS4: Fix v4.0 client state corruption when mount (git-fixes).\n\n - nfsd: degraded slot-count more gracefully as allocation nears exhaustion (bsc#1150381).\n\n - nfsd: Do not release the callback slot unless it was actually held (git-fixes).\n\n - nfsd: Fix overflow causing non-working mounts on 1 TB machines (bsc#1150381).\n\n - nfsd: fix performance-limiting session calculation (bsc#1150381).\n\n - nfsd: give out fewer session slots as limit approaches (bsc#1150381).\n\n - nfsd: handle drc over-allocation gracefully (bsc#1150381).\n\n - nfsd: increase DRC cache limit (bsc#1150381).\n\n - NFS: Do not interrupt file writeout due to fatal errors (git-fixes).\n\n - NFS: Do not open code clearing of delegation state (git-fixes).\n\n - NFS: Ensure O_DIRECT reports an error if the bytes read/written is 0 (git-fixes).\n\n - NFS: Fix regression whereby fscache errors are appearing on 'nofsc' mounts (git-fixes).\n\n - NFS: Forbid setting AF_INET6 to 'struct sockaddr_in'->sin_family (git-fixes).\n\n - NFS: Refactor nfs_lookup_revalidate() (git-fixes).\n\n - NFS: Remove redundant semicolon (git-fixes).\n\n - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to wake a waiter (git-fixes).\n\n - NFSv4.1: Fix open stateid recovery (git-fixes).\n\n - NFSv4.1: Only reap expired delegations (git-fixes).\n\n - NFSv4: Check the return value of update_open_stateid() (git-fixes).\n\n - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes).\n\n - NFSv4: Fix a potential sleep while atomic in nfs4_do_reclaim() (git-fixes).\n\n - NFSv4: Fix delegation state recovery (git-fixes).\n\n - NFSv4: Fix lookup revalidate of regular files (git-fixes).\n\n - NFSv4: Fix OPEN / CLOSE race (git-fixes).\n\n - NFSv4: Handle the special Linux file open access mode (git-fixes).\n\n - NFSv4: Only pass the delegation to setattr if we're sending a truncate (git-fixes).\n\n - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend() (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n\n - null_blk: complete requests from ->timeout (bsc#1149446).\n\n - null_blk: wire up timeouts (bsc#1149446).\n\n - nvme: do not abort completed request in nvme_cancel_request (bsc#1149446).\n\n - nvme: fix multipath crash when ANA is deactivated (bsc#1149446).\n\n - nvme: fix multipath crash when ANA is deactivated (bsc#1149446).\n\n - nvmem: Use the same permissions for eeprom as for nvmem (git-fixes).\n\n - nvme-rdma: Allow DELETING state change failure in (bsc#1104967,).\n\n - nvme-rdma: centralize admin/io queue teardown sequence (bsc#1142076).\n\n - nvme-rdma: centralize controller setup sequence (bsc#1142076).\n\n - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446).\n\n - nvme-rdma: fix a NULL deref when an admin connect times out (bsc#1149446).\n\n - nvme-rdma: fix timeout handler (bsc#1149446).\n\n - nvme-rdma: fix timeout handler (bsc#1149446).\n\n - nvme-rdma: remove redundant reference between ib_device and tagset (bsc#149446).\n\n - nvme-rdma: stop admin queue before freeing it (bsc#1140155).\n\n - nvme-rdma: support up to 4 segments of inline data (bsc#1142076).\n\n - nvme-rdma: unquiesce queues when deleting the controller (bsc#1142076).\n\n - nvme-rdma: use dynamic dma mapping per command (bsc#1149446).\n\n - nvme: remove ns sibling before clearing path (bsc#1140155).\n\n - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076).\n\n - nvme-tcp: fix a NULL deref when an admin connect times out (bsc#1149446).\n\n - nvme-tcp: fix timeout handler (bsc#1149446).\n\n - nvme: wait until all completed request's complete fn is called (bsc#1149446).\n\n - PCI: Add ACS quirk for Amazon Annapurna Labs root ports (bsc#1152187,bsc#1152525).\n\n - PCI: Add Amazon's Annapurna Labs vendor ID (bsc#1152187,bsc#1152525).\n\n - PCI: Add quirk to disable MSI-X support for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525).\n\n - PCI: hv: Detect and fix Hyper-V PCI domain number collision (bsc#1150423).\n\n - PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs Root Port (bsc#1152187,bsc#1152525).\n\n - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current (bsc#1051510).\n\n - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to critclk_systems DMI table (bsc#1051510).\n\n - PM: sleep: Fix possible overflow in pm_system_cancel_wakeup() (bsc#1051510).\n\n - PNFS fallback to MDS if no deviceid found (git-fixes).\n\n - pnfs/flexfiles: Fix PTR_ERR() dereferences in ff_layout_track_ds_error (git-fixes).\n\n - pNFS/flexfiles: Turn off soft RPC calls (git-fixes).\n\n - powerpc/64: Make sys_switch_endian() traceable (bsc#1065729).\n\n - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush miss problem with THP (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Fix memory hotplug section page table creation (bsc#1065729).\n\n - powerpc/64s/radix: Fix memory hot-unplug page table split (bsc#1065729).\n\n - powerpc/64s/radix: Implement _tlbie(l)_va_range flush functions (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Improve preempt handling in TLB code (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Improve TLB flushing for page table freeing (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Introduce local single page ceiling for TLB range flush (bsc#1055117 bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161 ltc#181664).\n\n - powerpc/book3s64/mm: Do not do tlbie fixup for some hardware revisions (bsc#1152161 ltc#181664).\n\n - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG feature flag (bsc#1152161 ltc#181664).\n\n - powerpc: bpf: Fix generation of load/store DW instructions (bsc#1065729).\n\n - powerpc/bpf: use unsigned division instruction for 64-bit operations (bsc#1065729).\n\n - powerpc: Drop page_is_ram() and walk_system_ram_range() (bsc#1065729).\n\n - powerpc/irq: Do not WARN continuously in arch_local_irq_restore() (bsc#1065729).\n\n - powerpc/irq: drop arch_early_irq_init() (bsc#1065729).\n\n - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue on POWER9 (bsc#1152161 ltc#181664).\n\n - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161 ltc#181664).\n\n - powerpc/mm/radix: implement LPID based TLB flushes to be used by KVM (bsc#1152161 ltc#181664).\n\n - powerpc/mm: Simplify page_is_ram by using memblock_is_memory (bsc#1065729).\n\n - powerpc/mm: Use memblock API for PPC32 page_is_ram (bsc#1065729).\n\n - powerpc/module64: Fix comment in R_PPC64_ENTRY handling (bsc#1065729).\n\n - powerpc/papr_scm: Fix an off-by-one check in papr_scm_meta_(get, set) (bsc#1152243 ltc#181472).\n\n - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS (bsc#1065729).\n\n - powerpc/powernv/ioda2: Allocate TCE table levels on demand for default DMA window (bsc#1061840).\n\n - powerpc/powernv/ioda: Fix race in TCE level allocation (bsc#1061840).\n\n - powerpc/powernv: move OPAL call wrapper tracing and interrupt handling to C (bsc#1065729).\n\n - powerpc/powernv/npu: Remove obsolete comment about TCE_KILL_INVAL_ALL (bsc#1065729).\n\n - powerpc/pseries: Call H_BLOCK_REMOVE when supported (bsc#1109158).\n\n - powerpc/pseries: Fix cpu_hotplug_lock acquisition in resize_hpt() (bsc#1065729).\n\n - powerpc/pseries/memory-hotplug: Fix return value type of find_aa_index (bsc#1065729).\n\n - powerpc/pseries: Read TLB Block Invalidate Characteristics (bsc#1109158).\n\n - powerpc/ptrace: Simplify vr_get/set() to avoid GCC warning (bsc#1148868).\n\n - powerpc/xive: Fix bogus error code returned by OPAL (bsc#1065729).\n\n - powerpc/xive: Implement get_irqchip_state method for XIVE to fix shutdown race (bsc#1065729).\n\n - powerpc/xmon: Fix opcode being uninitialized in print_insn_powerpc (bsc#1065729).\n\n - power: reset: gpio-restart: Fix typo when gpio reset is not found (bsc#1051510).\n\n - power: supply: Init device wakeup after device_add() (bsc#1051510).\n\n - ppp: Fix memory leak in ppp_write (git-fixes).\n\n - printk: Do not lose last line in kmsg buffer dump (bsc#1152460).\n\n - printk: fix printk_time race (bsc#1152466).\n\n - printk/panic: Avoid deadlock in printk() after stopping CPUs by NMI (bsc#1148712).\n\n - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - quota: fix wrong condition in is_quota_modification() (bsc#1152026).\n\n - r8152: Set memory to all 0xFFs on failed reg reads (bsc#1051510).\n\n - Refresh scsi-qla2xxx-Capture-FW-dump-on-MPI-heartbeat-stop-e.pat ch 882ffc9f07fb ('scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988).') placed the 'vha->hw->fw_dump_mpi = 0' assigment into the __CHECKER__ section. Upstream placed the assigment before this section.\n\n - regulator: lm363x: Fix off-by-one n_voltages for lm3632 ldo_vpos/ldo_vneg (bsc#1051510).\n\n - Remove patches.kabi/kABI-fixes-for-qla2xxx-Fix-inconsistent-DMA\n -mem-allo.patch The qla2xxx driver has been whitelisted by 1d5e8aad6de2 ('kabi/severities: ignore qla2xxx as all symbols are internal')\n\n - Revert 'mwifiex: fix system hang problem after resume' (bsc#1051510).\n\n - rtlwifi: Fix file release memory leak (bsc#1111666).\n\n - scsi: qla2xxx: Add 28xx flash primary/secondary status/image mechanism (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add First Burst support for FC-NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add fw_attr and port_no SysFS node (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add new FW dump template entry types (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add pci function reset support (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add protection mask module parameters (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add Serdes support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add support for multiple fwdump templates/segments (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add support for setting port speed (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Allow NVMe IO to resume with short cable pull (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: allow session delete to finish before create (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Always check the qla2x00_wait_for_hba_online() return value (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when multiqueue is not supported (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: avoid printf format warning (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that Coverity complains about dereferencing a NULL rport pointer (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that lockdep complains about unsafe locking in tcm_qla2xxx_close_session() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if called twice (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop event (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change abort wait_loop from msleep to wait_event_timeout (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change data_dsd into an array (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change the return type of qla24xx_read_flash_data() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change the return type of qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check for FW started flag before aborting (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check for MB timeout while capturing ISP27/28xx FW dump (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check secondary image if reading the primary image fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check the PCI info string output buffer size (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check the size of firmware data structures at compile time (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Cleanup fcport memory to prevent leak (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds during unload (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: cleanup trace buffer initialization (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if a command is released that is owned by the firmware (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if a mailbox command times out (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if a soft reset fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if parsing the version string fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if sp->done() is not called from the completion path (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if waiting for pending commands times out (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain loudly about reference count underflow (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Correct error handling during initialization failures (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Correction and improvement to fwdt processing (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Correctly report max/min supported speeds (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: deadlock by configfs_depend_item (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare fourth qla2x00_set_model_info() argument const (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare local symbols static (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs() static (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare the fourth ql_dump_buffer() argument const (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There are upstream bug reports against 10.01.00.19-k which haven't been resolved. Also the newer version failed to get a proper review. For time being it's better to got with the older version and do not introduce new bugs.\n\n - scsi: qla2xxx: Dual FCP-NVMe target port support (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Enable type checking for the SRB free and done callback functions (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix abort timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a NULL pointer dereference (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a recently introduced kernel warning (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a small typo in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix code indentation for qla27xx_fwdt_entry (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix comment alignment in qla_bsg.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix different size DMA Alloc/Unmap (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix DMA error when the DIF sg buffer crosses 4GB boundary (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix driver reload for ISP82xx (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are connected (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix fcport NULL pointer access (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix flash read for Qlogic ISPs (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix formatting of pointer types (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix fw options handle eh_bus_reset() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix gnl.l memory leak on adapter init failure (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hang in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hardlockup in abort command during driver remove (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe devices (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix LUN discovery if loop id is not assigned yet by firmware (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix message indicating vectors used by driver (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix N2N link reset (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race condition (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NVMe port discovery after a short device port loss (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix possible fcport NULL pointer dereferences (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix premature timer expiration (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix race conditions in the code for aborting SCSI commands (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix read offset in qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix Relogin to prevent modifying scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix routine qla27xx_dump_(mpi|ram)() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix session lookup in qlt_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix spelling mistake 'alredy' -> 'already' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix spelling mistake 'initializatin' -> 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stale mem access on driver unload (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stale session (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stuck login session (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix unbound sleep in fcport delete path (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix unload when NVMe devices are configured (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix use-after-free issues in qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: flush IO on chip reset or sess delete (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Further limit FLASH region write access from SysFS (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Improve Linux kernel coding style conformance (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Improve logging for scan thread (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Include the <asm/unaligned.h> header file from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Increase the max_sgl_segments to 1024 (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Increase the size of the mailbox arrays from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Insert spaces where required (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce qla2xxx_get_next_handle() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce the be_id_t and le_id_t data types for FC src/dst IDs (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce the dsd32 and dsd64 data structures (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Leave a blank line after declarations (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Let the compiler check the type of the SCSI command context pointer (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Log the status code if a firmware command fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make it explicit that ELS pass-through IOCBs use little endian (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_process_response_queue() easier to read (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qlt_handle_abts_completion() more robust (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make sure that aborted commands are freed (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Modify NVMe include directives (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move debug messages before sending srb preventing panic (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: move IO flush to the front of NVME rport unregistration (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move marker request behind QPair (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_clear_loop_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_is_reserved_id() from qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h into a .c file (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids() definition (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h> include directive (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move the port_state_str definition from a .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: no need to check return value of debugfs_create functions (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: on session delete, return nvme cmd (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Optimize NPIV tear down process (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Pass little-endian values to the firmware (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent multiple ADISC commands per session (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent SysFS access when chip is down (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Really fix qla2xxx_eh_abort() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the number of casts in GID list code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the number of forward declarations (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the scope of three local variables in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reject EH_(abort|device_reset|target_request) (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a comment that refers to the SCSI host lock (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove an include directive from qla_mr.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a set-but-not-used variable (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a superfluous forward declaration (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a superfluous pointer check (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: remove double assignment in qla2x00_update_fcport (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove FW default template (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: remove redundant null check on pointer sess (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove set but not used variable 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove superfluous sts_entry_* casts (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove the fcport test from qla_nvme_abort_work() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous if-tests (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unnecessary locking from the target code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unnecessary null check (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unreachable code from qla83xx_idc_lock() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove useless set memory to zero use memset() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove WARN_ON_ONCE in qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Replace vmalloc + memset with vzalloc (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Report invalid mailbox status codes (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Report the firmware status code if a mailbox command fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reset the FCF_ASYNC_(SENT|ACTIVE) flags (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Restore FAWWPN of Physical Port only for loop down (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Retry fabric Scan on IOCB queue full (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Rework key encoding in qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Secure flash update support for ISP28XX (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set remote port devloss timeout to 0 (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is released (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set the responder mode if appropriate for ELS pass-through IOCBs (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set the SCSI command result before calling the command done (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Silence fwdump template message (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Silence Successful ELS IOCB message (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplification of register address used in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify a debug statement (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify conditional check again (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qla24xx_abort_sp_done() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qlt_send_term_imm_notif() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Skip FW dump on LOOP initialization error (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Suppress a Coveritiy complaint about integer overflow (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Suppress multiple Coverity complaint about out-of-bounds accesses (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: target: Fix offline port handling and host reset handling (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Uninline qla2x00_init_timer() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Unregister resources in the opposite order of the registration order (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.13-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.14-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.15-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.16-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.18-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.19-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.20-k (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update flash read/write routine (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use an on-stack completion in qla24xx_control_vp() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use common update-firmware-options routine for ISP27xx+ (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use complete switch scan for RSCN events (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use Correct index for Q-Pair array (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use get/put_unaligned where appropriate (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use __le64 instead of uint32_t for sending DMA addresses to firmware (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use memcpy() and strlcpy() instead of strcpy() and strncpy() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use mutex protection during qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use strlcpy() instead of strncpy() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use tabs instead of spaces for indentation (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use tabs to indent code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Verify locking assumptions at runtime (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: scsi_dh_rdac: zero cdb in send_mode_select() (bsc#1149313).\n\n - scsi: scsi_transport_fc: nvme: display FC-NVMe port roles (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: tcm_qla2xxx: Minimize #include directives (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi_transport_fc: complete requests from ->timeout (bsc#1142076).\n\n - sctp: fix the transport error_count check (networking-stable-19_08_21).\n\n - secure boot lockdown: Fix-up backport of /dev/mem access restriction The upstream-submitted patch set has evolved over time, align our patches (contents and description) to reflect the current status as far as /dev/mem access is concerned.\n\n - sky2: Disable MSI on yet another ASUS boards (P6Xxxx) (bsc#1051510).\n\n - slip: make slhc_free() silently accept an error pointer (bsc#1051510).\n\n - slip: sl_alloc(): remove unused parameter 'dev_t line' (bsc#1051510).\n\n - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's not ours (bsc#1111666).\n\n - SUNRPC fix regression in umount of a secure mount (git-fixes).\n\n - SUNRPC: Handle connection breakages correctly in call_status() (git-fixes).\n\n - SUNRPC/nfs: Fix return value for nfs4_callback_compound() (git-fixes).\n\n - supported.conf: Add vfio_ccw (bsc#1151192 jsc#SLE-6138).\n\n - supported.conf: Mark vfio_ccw supported by SUSE, because bugs can be routed to IBM via SUSE support (jsc#SLE-6138, bsc#1151192).\n\n - tcp: make sure EPOLLOUT wont be missed (networking-stable-19_08_28).\n\n - team: Add vlan tx offload to hw_enc_features (bsc#1051510).\n\n - team: Add vlan tx offload to hw_enc_features (networking-stable-19_08_21).\n\n - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (bsc#1082555).\n\n - tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O funcs (bsc#1111666).\n\n - tun: fix use-after-free when register netdev failed (bsc#1111666).\n\n - Update patches.suse/ext4-unsupported-features.patch (SLE-8615, bsc#1149651, SLE-9243).\n\n - Update patches.suse/powerpc-powernv-Return-for-invalid-IMC-doma in.patch (bsc#1054914, git-fixes).\n\n - Update s390 config files (bsc#1151192). - VFIO_CCW=m - S390_CCW_IOMMU=y\n\n - USB: usbcore: Fix slab-out-of-bounds bug during device reset (bsc#1051510).\n\n - vhost/test: fix build for vhost test (bsc#1111666).\n\n - video: ssd1307fb: Start page range at page_offset (bsc#1113722)\n\n - wcn36xx: use dynamic allocation for large variables (bsc#1111666).\n\n - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family 15h/16h (bsc#1114279).\n\n - x86/fpu: Add FPU state copying quirk to handle XRSTOR failure on Intel Skylake CPUs (bsc#1151955).\n\n - x86/tls: Fix possible spectre-v1 in do_get_thread_area() (bsc#1114279).\n\n - xen/netback: Reset nr_frags before freeing skb (networking-stable-19_08_21).\n\n - xen-netfront: do not assume sk_buff_head list is empty in error handling (bsc#1065600).\n\n - xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (bsc#1065600).\n\n - xen/xenbus: fix self-deadlock after killing user process (bsc#1065600).\n\n - xsk: avoid store-tearing when assigning queues (bsc#1111666).\n\n - xsk: avoid store-tearing when assigning umem (bsc#1111666).", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-10-11T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2019-2308)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18595", "CVE-2019-14821", "CVE-2019-15291", "CVE-2019-9506"], "modified": "2019-12-24T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2019-2308.NASL", "href": "https://www.tenable.com/plugins/nessus/129807", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-2308.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129807);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/24\");\n\n script_cve_id(\"CVE-2017-18595\", \"CVE-2019-14821\", \"CVE-2019-15291\", \"CVE-2019-9506\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2019-2308)\");\n script_summary(english:\"Check for the openSUSE-2019-2308 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2019-15291: There was a NULL pointer dereference\n caused by a malicious USB device in the\n flexcop_usb_probe function in the\n drivers/media/usb/b2c2/flexcop-usb.c driver\n (bnc#1146540).\n\n - CVE-2019-14821: An out-of-bounds access issue was found\n in the way Linux kernel's KVM hypervisor implements the\n Coalesced MMIO write operation. It operates on an MMIO\n ring buffer 'struct kvm_coalesced_mmio' object, wherein\n write indices 'ring->first' and 'ring->last' value could\n be supplied by a host user-space process. An\n unprivileged host user or process with access to\n '/dev/kvm' device could use this flaw to crash the host\n kernel, resulting in a denial of service or potentially\n escalating privileges on the system (bnc#1151350).\n\n - CVE-2017-18595: A double free may be caused by the\n function allocate_trace_buffer in the file\n kernel/trace/trace.c (bnc#1149555).\n\n - CVE-2019-9506: The Bluetooth BR/EDR specification up to\n and including version 5.1 permits sufficiently low\n encryption key length and did not prevent an attacker\n from influencing the key length negotiation. This\n allowed practical brute-force attacks (aka 'KNOB') that\n can decrypt traffic and inject arbitrary ciphertext\n without the victim noticing (bnc#1137865 bnc#1146042).\n\nThe following non-security bugs were fixed :\n\n - ACPI: custom_method: fix memory leaks (bsc#1051510).\n\n - ACPI / PCI: fix acpi_pci_irq_enable() memory leak\n (bsc#1051510).\n\n - ACPI / property: Fix acpi_graph_get_remote_endpoint()\n name in kerneldoc (bsc#1051510).\n\n - alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP\n (bsc#1151680).\n\n - ALSA: aoa: onyx: always initialize register read value\n (bsc#1051510).\n\n - ALSA: firewire-tascam: check intermediate state of clock\n status and retry (bsc#1051510).\n\n - ALSA: firewire-tascam: handle error code when getting\n current source of clock (bsc#1051510).\n\n - ASoC: es8328: Fix copy-paste error in\n es8328_right_line_controls (bsc#1051510).\n\n - ASoC: Intel: Baytrail: Fix implicit fallthrough warning\n (bsc#1051510).\n\n - ASoC: sun4i-i2s: RX and TX counter registers are swapped\n (bsc#1051510).\n\n - ASoC: wm8737: Fix copy-paste error in\n wm8737_snd_controls (bsc#1051510).\n\n - ASoC: wm8988: fix typo in wm8988_right_line_controls\n (bsc#1051510).\n\n - ath10k: adjust skb length in ath10k_sdio_mbox_rx_packet\n (bsc#1111666).\n\n - ath9k: dynack: fix possible deadlock in\n ath_dynack_node_(de)init (bsc#1051510).\n\n - atm: iphase: Fix Spectre v1 vulnerability\n (networking-stable-19_08_08).\n\n - bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA\n (bsc#1051510).\n\n - blk-flush: do not run queue for requests bypassing flush\n (bsc#1137959).\n\n - blk-flush: use blk_mq_request_bypass_insert()\n (bsc#1137959).\n\n - blk-mq: do not allocate driver tag upfront for flush rq\n (bsc#1137959).\n\n - blk-mq: Fix memory leak in blk_mq_init_allocated_queue\n error handling (bsc#1151610).\n\n - blk-mq: insert rq with DONTPREP to hctx dispatch list\n when requeue (bsc#1137959).\n\n - blk-mq: introduce blk_mq_request_completed()\n (bsc#1149446).\n\n - blk-mq: introduce blk_mq_tagset_wait_completed_request()\n (bsc#1149446).\n\n - blk-mq: kABI fixes for blk-mq.h (bsc#1137959).\n\n - blk-mq: move blk_mq_put_driver_tag*() into blk-mq.h\n (bsc#1137959).\n\n - blk-mq: punt failed direct issue to dispatch list\n (bsc#1137959).\n\n - blk-mq: put the driver tag of nxt rq before first one is\n requeued (bsc#1137959).\n\n - blk-mq-sched: decide how to handle flush rq via\n RQF_FLUSH_SEQ (bsc#1137959).\n\n - block: fix timeout changes for legacy request drivers\n (bsc#1149446).\n\n - block: kABI fixes for BLK_EH_DONE renaming\n (bsc#1142076).\n\n - block: rename BLK_EH_NOT_HANDLED to BLK_EH_DONE\n (bsc#1142076).\n\n - bnx2x: Disable multi-cos feature\n (networking-stable-19_08_08).\n\n - bonding/802.3ad: fix link_failure_count tracking\n (bsc#1137069 bsc#1141013).\n\n - bonding/802.3ad: fix slave link initialization\n transition states (bsc#1137069 bsc#1141013).\n\n - bonding: Add vlan tx offload to hw_enc_features\n (networking-stable-19_08_21).\n\n - bonding: set default miimon value for non-arp modes if\n not set (bsc#1137069 bsc#1141013).\n\n - bonding: speed/duplex update at NETDEV_UP event\n (bsc#1137069 bsc#1141013).\n\n - btrfs: fix use-after-free when using the tree\n modification log (bsc#1151891).\n\n - btrfs: qgroup: Fix reserved data space leak if we have\n multiple reserve calls (bsc#1152975).\n\n - btrfs: qgroup: Fix the wrong target io_tree when freeing\n reserved data space (bsc#1152974).\n\n - btrfs: relocation: fix use-after-free on dead relocation\n roots (bsc#1152972).\n\n - ceph: use ceph_evict_inode to cleanup inode's resource\n (bsc#1148133).\n\n - clk: at91: fix update bit maps on CFG_MOR write\n (bsc#1051510).\n\n - clk: sunxi-ng: v3s: add missing clock slices for MMC2\n module clocks (bsc#1051510).\n\n - clk: sunxi-ng: v3s: add the missing PLL_DDR1\n (bsc#1051510).\n\n - Compile nvme.ko as module (bsc#1150846)\n\n - crypto: caam - fix concurrency issue in givencrypt\n descriptor (bsc#1051510).\n\n - crypto: caam - free resources in case caam_rng\n registration failed (bsc#1051510).\n\n - crypto: caam/qi - fix error handling in ERN handler\n (bsc#1111666).\n\n - crypto: cavium/zip - Add missing single_release()\n (bsc#1051510).\n\n - crypto: ccp - Reduce maximum stack usage (bsc#1051510).\n\n - crypto: qat - Silence smp_processor_id() warning\n (bsc#1051510).\n\n - crypto: skcipher - Unmap pages after an external error\n (bsc#1051510).\n\n - dma-buf/sw_sync: Synchronize signal vs syncpt free\n (bsc#1111666).\n\n - dmaengine: dw: platform: Switch to\n acpi_dma_controller_register() (bsc#1051510).\n\n - dmaengine: iop-adma.c: fix printk format warning\n (bsc#1051510).\n\n - drivers: thermal: int340x_thermal: Fix sysfs race\n condition (bsc#1051510).\n\n - drm/i915: Fix various tracepoints for gen2 (bsc#1113722)\n\n - drm/imx: Drop unused imx-ipuv3-crtc.o build\n (bsc#1113722)\n\n - EDAC/amd64: Decode syndrome before translating address\n (bsc#1114279).\n\n - eeprom: at24: make spd world-readable again (git-fixes).\n\n - ext4: fix warning inside\n ext4_convert_unwritten_extents_endio (bsc#1152025).\n\n - ext4: set error return correctly when\n ext4_htree_store_dirent fails (bsc#1152024).\n\n - Fix kabi for: NFSv4: Fix OPEN / CLOSE race (git-fixes).\n\n - floppy: fix usercopy direction (bsc#1111666).\n\n - git-sort: add nfsd maintainers git tree This allows\n git-sort to handle patches queued for nfsd.\n\n - gpio: fix line flag validation in lineevent_create\n (bsc#1051510).\n\n - gpio: fix line flag validation in linehandle_create\n (bsc#1051510).\n\n - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot\n option and blacklist (bsc#1051510).\n\n - gpiolib: only check line handle flags once\n (bsc#1051510).\n\n - gpio: Move gpiochip_lock/unlock_as_irq to gpio/driver.h\n (bsc#1051510).\n\n - hwmon: (lm75) Fix write operations for negative\n temperatures (bsc#1051510).\n\n - hwmon: (shtc1) fix shtc1 and shtw1 id mask\n (bsc#1051510).\n\n - i2c: designware: Synchronize IRQs when unregistering\n slave client (bsc#1111666).\n\n - i40e: Add support for X710 device (bsc#1151067).\n\n - ife: error out when nla attributes are empty\n (networking-stable-19_08_08).\n\n - iio: dac: ad5380: fix incorrect assignment to val\n (bsc#1051510).\n\n - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID\n (bsc#1051510).\n\n - iommu/dma: Fix for dereferencing before null checking\n (bsc#1151667).\n\n - iommu: Do not use sme_active() in generic code\n (bsc#1151661).\n\n - iommu/iova: Avoid false sharing on fq_timer_on\n (bsc#1151662).\n\n - ip6_tunnel: fix possible use-after-free on xmit\n (networking-stable-19_08_08).\n\n - ipv6/addrconf: allow adding multicast addr if\n IFA_F_MCAUTOJOIN is set (networking-stable-19_08_28).\n\n - isdn/capi: check message length in capi_write()\n (bsc#1051510).\n\n - kABI: media: em28xx: fix handler for vidioc_s_input()\n (bsc#1051510). fixes kABI\n\n - kABI: media: em28xx: stop rewriting device's struct\n (bsc#1051510). fixes kABI\n\n - kABI protect struct vmem_altmap (bsc#1150305).\n\n - KVM: PPC: Book3S: Fix incorrect\n guest-to-user-translation error handling (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Check for MMU ready on piggybacked\n virtual cores (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not lose pending doorbell\n request on migration on P9 (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Do not push XIVE context when not\n using XIVE device (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix lockdep warning when entering\n the guest (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Fix race in re-enabling XIVE\n escalation interrupts (bsc#1061840).\n\n - KVM: PPC: Book3S HV: Handle virtual mode in XIVE VCPU\n push code (bsc#1061840).\n\n - KVM: PPC: Book3S HV: XIVE: Free escalation interrupts\n before disabling the VP (bsc#1061840).\n\n - leds: leds-lp5562 allow firmware files up to the maximum\n length (bsc#1051510).\n\n - leds: trigger: gpio: GPIO 0 is valid (bsc#1051510).\n\n - libertas_tf: Use correct channel range in lbtf_geo_init\n (bsc#1051510).\n\n - libiscsi: do not try to bypass SCSI EH (bsc#1142076).\n\n - libnvdimm/altmap: Track namespace boundaries in altmap\n (bsc#1150305).\n\n - libnvdimm: prevent nvdimm from requesting key when\n security is disabled (bsc#1137982).\n\n - lightnvm: remove dependencies on BLK_DEV_NVME and PCI\n (bsc#1150846).\n\n - livepatch: Nullify obj->mod in klp_module_coming()'s\n error path (bsc#1071995).\n\n - mac80211: minstrel_ht: fix per-group max throughput rate\n initialization (bsc#1051510).\n\n - md: do not report active array_state until after\n revalidate_disk() completes (git-fixes).\n\n - md: only call set_in_sync() when it is expected to\n succeed (git-fixes).\n\n - md/raid6: Set R5_ReadError when there is read failure on\n parity disk (git-fixes).\n\n - media: atmel: atmel-isi: fix timeout value for stop\n streaming (bsc#1051510).\n\n - media: dib0700: fix link error for dibx000_i2c_set_speed\n (bsc#1051510).\n\n - media: em28xx: fix handler for vidioc_s_input()\n (bsc#1051510).\n\n - media: em28xx: stop rewriting device's struct\n (bsc#1051510).\n\n - media: fdp1: Reduce FCP not found message level to debug\n (bsc#1051510).\n\n - media: marvell-ccic: do not generate EOF on parallel bus\n (bsc#1051510).\n\n - media: mc-device.c: do not memset __user pointer\n contents (bsc#1051510).\n\n - media: ov6650: Fix sensor possibly not detected on probe\n (bsc#1051510).\n\n - media: ov6650: Move v4l2_clk_get() to\n ov6650_video_probe() helper (bsc#1051510).\n\n - media: replace strcpy() by strscpy() (bsc#1051510).\n\n - media: Revert '[media] marvell-ccic: reset ccic phy when\n stop streaming for stability' (bsc#1051510).\n\n - media: technisat-usb2: break out of loop at end of\n buffer (bsc#1051510).\n\n - media: tm6000: double free if usb disconnect while\n streaming (bsc#1051510).\n\n - media: vb2: Fix videobuf2 to map correct area\n (bsc#1051510).\n\n - mic: avoid statically declaring a 'struct device'\n (bsc#1051510).\n\n - mmc: sdhci-msm: fix mutex while in spinlock\n (bsc#1142635).\n\n - mmc: sdhci-of-arasan: Do now show error message in case\n of deffered probe (bsc#1119086).\n\n - mtd: spi-nor: Fix Cadence QSPI RCU Schedule Stall\n (bsc#1051510).\n\n - mvpp2: refactor MTU change code\n (networking-stable-19_08_08).\n\n - net: bridge: delete local fdb on device init failure\n (networking-stable-19_08_08).\n\n - net: bridge: mcast: do not delete permanent entries when\n fast leave is enabled (networking-stable-19_08_08).\n\n - net: fix ifindex collision during namespace removal\n (networking-stable-19_08_08).\n\n - net/ibmvnic: prevent more than one thread from running\n in reset (bsc#1152457 ltc#174432).\n\n - net/ibmvnic: unlock rtnl_lock in reset so\n linkwatch_event can run (bsc#1152457 ltc#174432).\n\n - net/mlx5e: Only support tx/rx pause setting for port\n owner (networking-stable-19_08_21).\n\n - net/mlx5e: Prevent encap flow counter update async to\n user query (networking-stable-19_08_08).\n\n - net/mlx5e: Use flow keys dissector to parse packets for\n ARFS (networking-stable-19_08_21).\n\n - net/mlx5: Use reversed order when unregister devices\n (networking-stable-19_08_08).\n\n - net/packet: fix race in tpacket_snd()\n (networking-stable-19_08_21).\n\n - net: sched: Fix a possible NULL pointer dereference in\n dequeue_func() (networking-stable-19_08_08).\n\n - net/smc: make sure EPOLLOUT is raised\n (networking-stable-19_08_28).\n\n - NFS4: Fix v4.0 client state corruption when mount\n (git-fixes).\n\n - nfsd: degraded slot-count more gracefully as allocation\n nears exhaustion (bsc#1150381).\n\n - nfsd: Do not release the callback slot unless it was\n actually held (git-fixes).\n\n - nfsd: Fix overflow causing non-working mounts on 1 TB\n machines (bsc#1150381).\n\n - nfsd: fix performance-limiting session calculation\n (bsc#1150381).\n\n - nfsd: give out fewer session slots as limit approaches\n (bsc#1150381).\n\n - nfsd: handle drc over-allocation gracefully\n (bsc#1150381).\n\n - nfsd: increase DRC cache limit (bsc#1150381).\n\n - NFS: Do not interrupt file writeout due to fatal errors\n (git-fixes).\n\n - NFS: Do not open code clearing of delegation state\n (git-fixes).\n\n - NFS: Ensure O_DIRECT reports an error if the bytes\n read/written is 0 (git-fixes).\n\n - NFS: Fix regression whereby fscache errors are appearing\n on 'nofsc' mounts (git-fixes).\n\n - NFS: Forbid setting AF_INET6 to 'struct\n sockaddr_in'->sin_family (git-fixes).\n\n - NFS: Refactor nfs_lookup_revalidate() (git-fixes).\n\n - NFS: Remove redundant semicolon (git-fixes).\n\n - NFSv4.1: Again fix a race where CB_NOTIFY_LOCK fails to\n wake a waiter (git-fixes).\n\n - NFSv4.1: Fix open stateid recovery (git-fixes).\n\n - NFSv4.1: Only reap expired delegations (git-fixes).\n\n - NFSv4: Check the return value of update_open_stateid()\n (git-fixes).\n\n - NFSv4: Fix an Oops in nfs4_do_setattr (git-fixes).\n\n - NFSv4: Fix a potential sleep while atomic in\n nfs4_do_reclaim() (git-fixes).\n\n - NFSv4: Fix delegation state recovery (git-fixes).\n\n - NFSv4: Fix lookup revalidate of regular files\n (git-fixes).\n\n - NFSv4: Fix OPEN / CLOSE race (git-fixes).\n\n - NFSv4: Handle the special Linux file open access mode\n (git-fixes).\n\n - NFSv4: Only pass the delegation to setattr if we're\n sending a truncate (git-fixes).\n\n - NFSv4/pnfs: Fix a page lock leak in nfs_pageio_resend()\n (git-fixes).\n\n - nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds\n (bsc#1051510).\n\n - null_blk: complete requests from ->timeout\n (bsc#1149446).\n\n - null_blk: wire up timeouts (bsc#1149446).\n\n - nvme: do not abort completed request in\n nvme_cancel_request (bsc#1149446).\n\n - nvme: fix multipath crash when ANA is deactivated\n (bsc#1149446).\n\n - nvme: fix multipath crash when ANA is deactivated\n (bsc#1149446).\n\n - nvmem: Use the same permissions for eeprom as for nvmem\n (git-fixes).\n\n - nvme-rdma: Allow DELETING state change failure in\n (bsc#1104967,).\n\n - nvme-rdma: centralize admin/io queue teardown sequence\n (bsc#1142076).\n\n - nvme-rdma: centralize controller setup sequence\n (bsc#1142076).\n\n - nvme-rdma: fix a NULL deref when an admin connect times\n out (bsc#1149446).\n\n - nvme-rdma: fix a NULL deref when an admin connect times\n out (bsc#1149446).\n\n - nvme-rdma: fix timeout handler (bsc#1149446).\n\n - nvme-rdma: fix timeout handler (bsc#1149446).\n\n - nvme-rdma: remove redundant reference between ib_device\n and tagset (bsc#149446).\n\n - nvme-rdma: stop admin queue before freeing it\n (bsc#1140155).\n\n - nvme-rdma: support up to 4 segments of inline data\n (bsc#1142076).\n\n - nvme-rdma: unquiesce queues when deleting the controller\n (bsc#1142076).\n\n - nvme-rdma: use dynamic dma mapping per command\n (bsc#1149446).\n\n - nvme: remove ns sibling before clearing path\n (bsc#1140155).\n\n - nvme: return BLK_EH_DONE from ->timeout (bsc#1142076).\n\n - nvme-tcp: fix a NULL deref when an admin connect times\n out (bsc#1149446).\n\n - nvme-tcp: fix timeout handler (bsc#1149446).\n\n - nvme: wait until all completed request's complete fn is\n called (bsc#1149446).\n\n - PCI: Add ACS quirk for Amazon Annapurna Labs root ports\n (bsc#1152187,bsc#1152525).\n\n - PCI: Add Amazon's Annapurna Labs vendor ID\n (bsc#1152187,bsc#1152525).\n\n - PCI: Add quirk to disable MSI-X support for Amazon's\n Annapurna Labs Root Port (bsc#1152187,bsc#1152525).\n\n - PCI: hv: Detect and fix Hyper-V PCI domain number\n collision (bsc#1150423).\n\n - PCI/VPD: Prevent VPD access for Amazon's Annapurna Labs\n Root Port (bsc#1152187,bsc#1152525).\n\n - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in\n over-current (bsc#1051510).\n\n - platform/x86: pmc_atom: Add Siemens SIMATIC IPC227E to\n critclk_systems DMI table (bsc#1051510).\n\n - PM: sleep: Fix possible overflow in\n pm_system_cancel_wakeup() (bsc#1051510).\n\n - PNFS fallback to MDS if no deviceid found (git-fixes).\n\n - pnfs/flexfiles: Fix PTR_ERR() dereferences in\n ff_layout_track_ds_error (git-fixes).\n\n - pNFS/flexfiles: Turn off soft RPC calls (git-fixes).\n\n - powerpc/64: Make sys_switch_endian() traceable\n (bsc#1065729).\n\n - powerpc/64s/radix: Fix MADV_[FREE|DONTNEED] TLB flush\n miss problem with THP (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Fix memory hotplug section page table\n creation (bsc#1065729).\n\n - powerpc/64s/radix: Fix memory hot-unplug page table\n split (bsc#1065729).\n\n - powerpc/64s/radix: Implement _tlbie(l)_va_range flush\n functions (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Improve preempt handling in TLB code\n (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Improve TLB flushing for page table\n freeing (bsc#1152161 ltc#181664).\n\n - powerpc/64s/radix: Introduce local single page ceiling\n for TLB range flush (bsc#1055117 bsc#1152161\n ltc#181664).\n\n - powerpc/64s/radix: Optimize flush_tlb_range (bsc#1152161\n ltc#181664).\n\n - powerpc/book3s64/mm: Do not do tlbie fixup for some\n hardware revisions (bsc#1152161 ltc#181664).\n\n - powerpc/book3s64/radix: Rename CPU_FTR_P9_TLBIE_BUG\n feature flag (bsc#1152161 ltc#181664).\n\n - powerpc: bpf: Fix generation of load/store DW\n instructions (bsc#1065729).\n\n - powerpc/bpf: use unsigned division instruction for\n 64-bit operations (bsc#1065729).\n\n - powerpc: Drop page_is_ram() and walk_system_ram_range()\n (bsc#1065729).\n\n - powerpc/irq: Do not WARN continuously in\n arch_local_irq_restore() (bsc#1065729).\n\n - powerpc/irq: drop arch_early_irq_init() (bsc#1065729).\n\n - powerpc/mm: Fixup tlbie vs mtpidr/mtlpidr ordering issue\n on POWER9 (bsc#1152161 ltc#181664).\n\n - powerpc/mm/radix: Drop unneeded NULL check (bsc#1152161\n ltc#181664).\n\n - powerpc/mm/radix: implement LPID based TLB flushes to be\n used by KVM (bsc#1152161 ltc#181664).\n\n - powerpc/mm: Simplify page_is_ram by using\n memblock_is_memory (bsc#1065729).\n\n - powerpc/mm: Use memblock API for PPC32 page_is_ram\n (bsc#1065729).\n\n - powerpc/module64: Fix comment in R_PPC64_ENTRY handling\n (bsc#1065729).\n\n - powerpc/papr_scm: Fix an off-by-one check in\n papr_scm_meta_(get, set) (bsc#1152243 ltc#181472).\n\n - powerpc/powernv: Fix compile without CONFIG_TRACEPOINTS\n (bsc#1065729).\n\n - powerpc/powernv/ioda2: Allocate TCE table levels on\n demand for default DMA window (bsc#1061840).\n\n - powerpc/powernv/ioda: Fix race in TCE level allocation\n (bsc#1061840).\n\n - powerpc/powernv: move OPAL call wrapper tracing and\n interrupt handling to C (bsc#1065729).\n\n - powerpc/powernv/npu: Remove obsolete comment about\n TCE_KILL_INVAL_ALL (bsc#1065729).\n\n - powerpc/pseries: Call H_BLOCK_REMOVE when supported\n (bsc#1109158).\n\n - powerpc/pseries: Fix cpu_hotplug_lock acquisition in\n resize_hpt() (bsc#1065729).\n\n - powerpc/pseries/memory-hotplug: Fix return value type of\n find_aa_index (bsc#1065729).\n\n - powerpc/pseries: Read TLB Block Invalidate\n Characteristics (bsc#1109158).\n\n - powerpc/ptrace: Simplify vr_get/set() to avoid GCC\n warning (bsc#1148868).\n\n - powerpc/xive: Fix bogus error code returned by OPAL\n (bsc#1065729).\n\n - powerpc/xive: Implement get_irqchip_state method for\n XIVE to fix shutdown race (bsc#1065729).\n\n - powerpc/xmon: Fix opcode being uninitialized in\n print_insn_powerpc (bsc#1065729).\n\n - power: reset: gpio-restart: Fix typo when gpio reset is\n not found (bsc#1051510).\n\n - power: supply: Init device wakeup after device_add()\n (bsc#1051510).\n\n - ppp: Fix memory leak in ppp_write (git-fixes).\n\n - printk: Do not lose last line in kmsg buffer dump\n (bsc#1152460).\n\n - printk: fix printk_time race (bsc#1152466).\n\n - printk/panic: Avoid deadlock in printk() after stopping\n CPUs by NMI (bsc#1148712).\n\n - qla2xxx: kABI fixes for v10.01.00.18-k (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - qla2xxx: remove SGI SN2 support (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - quota: fix wrong condition in is_quota_modification()\n (bsc#1152026).\n\n - r8152: Set memory to all 0xFFs on failed reg reads\n (bsc#1051510).\n\n - Refresh\n scsi-qla2xxx-Capture-FW-dump-on-MPI-heartbeat-stop-e.pat\n ch 882ffc9f07fb ('scsi: qla2xxx: Capture FW dump on MPI\n heartbeat stop event (bsc#1123034 bsc#1131304\n bsc#1127988).') placed the 'vha->hw->fw_dump_mpi = 0'\n assigment into the __CHECKER__ section. Upstream placed\n the assigment before this section.\n\n - regulator: lm363x: Fix off-by-one n_voltages for lm3632\n ldo_vpos/ldo_vneg (bsc#1051510).\n\n - Remove\n patches.kabi/kABI-fixes-for-qla2xxx-Fix-inconsistent-DMA\n -mem-allo.patch The qla2xxx driver has been whitelisted\n by 1d5e8aad6de2 ('kabi/severities: ignore qla2xxx as all\n symbols are internal')\n\n - Revert 'mwifiex: fix system hang problem after resume'\n (bsc#1051510).\n\n - rtlwifi: Fix file release memory leak (bsc#1111666).\n\n - scsi: qla2xxx: Add 28xx flash primary/secondary\n status/image mechanism (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Add Device ID for ISP28XX (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add error handling for PLOGI ELS\n passthrough (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add First Burst support for FC-NVMe\n devices (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add fw_attr and port_no SysFS node\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add new FW dump template entry types\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add pci function reset support\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add protection mask module parameters\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add Serdes support for ISP28XX\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Add support for multiple fwdump\n templates/segments (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Add support for setting port speed\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Allow NVMe IO to resume with short cable\n pull (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: allow session delete to finish before\n create (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Always check the\n qla2x00_wait_for_hba_online() return value (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid PCI IRQ affinity mapping when\n multiqueue is not supported (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: avoid printf format warning (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that Coverity complains about\n dereferencing a NULL rport pointer (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that lockdep complains about unsafe\n locking in tcm_qla2xxx_close_session() (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Avoid that qla2x00_mem_free() crashes if\n called twice (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Capture FW dump on MPI heartbeat stop\n event (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change abort wait_loop from msleep to\n wait_event_timeout (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Change data_dsd into an array\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change default ZIO threshold (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Change the return type of\n qla24xx_read_flash_data() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Change the return type of\n qla2x00_update_ms_fdmi_iocb() into void (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check for FW started flag before aborting\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: check for kstrtol() failure (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check for MB timeout while capturing\n ISP27/28xx FW dump (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Check secondary image if reading the\n primary image fails (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Check the PCI info string output buffer\n size (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Check the size of firmware data\n structures at compile time (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Cleanup fcport memory to prevent leak\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Cleanup redundant qla2x00_abort_all_cmds\n during unload (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Cleanups for NVRAM/Flash read/write path\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: cleanup trace buffer initialization\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if a command is released that is\n owned by the firmware (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Complain if a mailbox command times out\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if a soft reset fails\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if parsing the version string\n fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain if sp->done() is not called from\n the completion path (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Complain if waiting for pending commands\n times out (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Complain loudly about reference count\n underflow (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Correct error handling during\n initialization failures (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Correction and improvement to fwdt\n processing (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Correctly report max/min supported speeds\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: deadlock by configfs_depend_item\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare fourth qla2x00_set_model_info()\n argument const (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare local symbols static (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla24xx_build_scsi_crc_2_iocbs()\n static (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla2x00_find_new_loop_id() static\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare qla_tgt_cmd.cdb const\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Declare the fourth ql_dump_buffer()\n argument const (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe\n during probe (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Do not corrupt vha->plogi_ack_list\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Downgrade driver to 10.01.00.19-k There\n are upstream bug reports against 10.01.00.19-k which\n haven't been resolved. Also the newer version failed to\n get a proper review. For time being it's better to got\n with the older version and do not introduce new bugs.\n\n - scsi: qla2xxx: Dual FCP-NVMe target port support\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Enable type checking for the SRB free and\n done callback functions (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix abort timeout race condition\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a NULL pointer dereference\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a qla24xx_enable_msix() error path\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a race condition between aborting and\n completing a SCSI command (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix a recently introduced kernel warning\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix a small typo in qla_bsg.c\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix code indentation for\n qla27xx_fwdt_entry (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix comment alignment in qla_bsg.c\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in\n qla2xxx (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix different size DMA Alloc/Unmap\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix DMA error when the DIF sg buffer\n crosses 4GB boundary (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix DMA unmap leak (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix driver reload for ISP82xx\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix driver unload when FC-NVMe LUNs are\n connected (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix fcport NULL pointer access\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix flash read for Qlogic ISPs\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix formatting of pointer types\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix fw dump corruption (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix fw options handle eh_bus_reset()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix gnl.l memory leak on adapter init\n failure (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hang in fcport delete path\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hardirq-unsafe locking (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix hardlockup in abort command during\n driver remove (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix kernel crash after disconnecting NVMe\n devices (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix LUN discovery if loop id is not\n assigned yet by firmware (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix message indicating vectors used by\n driver (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix N2N link reset (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix N2N link up fail (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix Nport ID display value (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NULL pointer crash due to stale CPUID\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NVME cmd and LS cmd timeout race\n condition (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix NVMe port discovery after a short\n device port loss (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix panic from use after free in\n qla2x00_async_tm_cmd (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix possible fcport NULL pointer\n dereferences (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix premature timer expiration\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix qla24xx_process_bidir_cmd()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix race conditions in the code for\n aborting SCSI commands (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix read offset in\n qla24xx_load_risc_flash() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Fix Relogin to prevent modifying\n scan_state flag (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix routine qla27xx_dump_(mpi|ram)()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix session cleanup hang (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix session lookup in qlt_abort_work()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix spelling mistake 'alredy' ->\n 'already' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: fix spelling mistake 'initializatin' ->\n 'initialization' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix SRB allocation flag to avoid sleeping\n in IRQ context (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stale mem access on driver unload\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stale session (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix stuck login session (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix unbound sleep in fcport delete path\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix unload when NVMe devices are\n configured (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Fix use-after-free issues in\n qla2xxx_qpair_sp_free_dma() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: flush IO on chip reset or sess delete\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Further limit FLASH region write access\n from SysFS (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Improve Linux kernel coding style\n conformance (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Improve logging for scan thread\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Include the <asm/unaligned.h> header file\n from qla_dsd.h (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Increase the max_sgl_segments to 1024\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Increase the size of the mailbox arrays\n from 4 to 8 (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Inline the qla2x00_fcport_event_handler()\n function (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Insert spaces where required (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce qla2x00_els_dcmd2_free()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce qla2xxx_get_next_handle()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce the be_id_t and le_id_t data\n types for FC src/dst IDs (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Introduce the dsd32 and dsd64 data\n structures (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Introduce the function qla2xxx_init_sp()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Leave a blank line after declarations\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Let the compiler check the type of the\n SCSI command context pointer (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Log the status code if a firmware command\n fails (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make it explicit that ELS pass-through\n IOCBs use little endian (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Make qla24xx_async_abort_cmd() static\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_abort_srb() again decrease\n the sp reference count (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_mem_free() easier to verify\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qla2x00_process_response_queue()\n easier to read (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make qlt_handle_abts_completion() more\n robust (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Make sure that aborted commands are freed\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Modify NVMe include directives\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move debug messages before sending srb\n preventing panic (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: move IO flush to the front of NVME rport\n unregistration (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move marker request behind QPair\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_clear_loop_id() from\n qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_is_reserved_id() from\n qla_inline.h into qla_init.c (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_set_fcport_state() from a .h\n into a .c file (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move qla2x00_set_reserved_loop_ids()\n definition (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move the <linux/io-64-nonatomic-lo-hi.h>\n include directive (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Move the port_state_str definition from a\n .h to a .c file (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: no need to check return value of\n debugfs_create functions (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: on session delete, return nvme cmd\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Optimize NPIV tear down process\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Pass little-endian values to the firmware\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent memory leak for CT req/rsp\n allocation (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent multiple ADISC commands per\n session (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Prevent SysFS access when chip is down\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: qla2x00_alloc_fw_dump: set ha->eft\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Really fix qla2xxx_eh_abort()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the number of casts in GID list\n code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the number of forward declarations\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Reduce the scope of three local variables\n in qla2xxx_queuecommand() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Reject\n EH_(abort|device_reset|target_request) (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a comment that refers to the SCSI\n host lock (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove an include directive from qla_mr.c\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a set-but-not-used variable\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a superfluous forward declaration\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove a superfluous pointer check\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove dead code (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: remove double assignment in\n qla2x00_update_fcport (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Remove FW default template (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove qla_tgt_cmd.data_work and\n qla_tgt_cmd.data_work_free (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Remove qla_tgt_cmd.released (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: remove redundant null check on pointer\n sess (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove set but not used variable\n 'ptr_dma' (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove superfluous sts_entry_* casts\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove the fcport test from\n qla_nvme_abort_work() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous casts (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous if-tests\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove two superfluous tests (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unnecessary locking from the\n target code (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unnecessary null check\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove unreachable code from\n qla83xx_idc_lock() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Remove useless set memory to zero use\n memset() (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Remove WARN_ON_ONCE in\n qla2x00_status_cont_entry() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Replace vmalloc + memset with vzalloc\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Report invalid mailbox status codes\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Report the firmware status code if a\n mailbox command fails (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Reset the FCF_ASYNC_(SENT|ACTIVE) flags\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Restore FAWWPN of Physical Port only for\n loop down (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Retry fabric Scan on IOCB queue full\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Rework key encoding in\n qlt_find_host_by_d_id() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Secure flash update support for ISP28XX\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set remote port devloss timeout to 0\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set remove flag for all VP (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set the qpair in SRB to NULL when SRB is\n released (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Set the responder mode if appropriate for\n ELS pass-through IOCBs (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Set the SCSI command result before\n calling the command done (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Silence fwdump template message\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Silence Successful ELS IOCB message\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplification of register address used\n in qla_tmpl.c (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify a debug statement (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify conditional check again\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qla24xx_abort_sp_done()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qla24xx_async_abort_cmd()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qlt_lport_dump() (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Simplify qlt_send_term_imm_notif()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Skip FW dump on LOOP initialization error\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Suppress a Coveritiy complaint about\n integer overflow (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Suppress multiple Coverity complaint\n about out-of-bounds accesses (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: target: Fix offline port handling and\n host reset handling (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Uninline qla2x00_init_timer()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Unregister resources in the opposite\n order of the registration order (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.13-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.00.00.14-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.15-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.16-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.18-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.19-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update driver version to 10.01.00.20-k\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Update flash read/write routine\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use an on-stack completion in\n qla24xx_control_vp() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Use ARRAY_SIZE() in the definition of\n QLA_LAST_SPEED (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use common update-firmware-options\n routine for ISP27xx+ (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Use complete switch scan for RSCN events\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use Correct index for Q-Pair array\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use get/put_unaligned where appropriate\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use __le64 instead of uint32_t for\n sending DMA addresses to firmware (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use memcpy() and strlcpy() instead of\n strcpy() and strncpy() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Use mutex protection during\n qla2x00_sysfs_read_fw_dump() (bsc#1123034 bsc#1131304\n bsc#1127988).\n\n - scsi: qla2xxx: Use strlcpy() instead of strncpy()\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use tabs instead of spaces for\n indentation (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Use tabs to indent code (bsc#1123034\n bsc#1131304 bsc#1127988).\n\n - scsi: qla2xxx: Verify locking assumptions at runtime\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: scsi_dh_rdac: zero cdb in send_mode_select()\n (bsc#1149313).\n\n - scsi: scsi_transport_fc: nvme: display FC-NVMe port\n roles (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi: tcm_qla2xxx: Minimize #include directives\n (bsc#1123034 bsc#1131304 bsc#1127988).\n\n - scsi_transport_fc: complete requests from ->timeout\n (bsc#1142076).\n\n - sctp: fix the transport error_count check\n (networking-stable-19_08_21).\n\n - secure boot lockdown: Fix-up backport of /dev/mem access\n restriction The upstream-submitted patch set has evolved\n over time, align our patches (contents and description)\n to reflect the current status as far as /dev/mem access\n is concerned.\n\n - sky2: Disable MSI on yet another ASUS boards (P6Xxxx)\n (bsc#1051510).\n\n - slip: make slhc_free() silently accept an error pointer\n (bsc#1051510).\n\n - slip: sl_alloc(): remove unused parameter 'dev_t line'\n (bsc#1051510).\n\n - spi: spi-fsl-dspi: Exit the ISR with IRQ_NONE when it's\n not ours (bsc#1111666).\n\n - SUNRPC fix regression in umount of a secure mount\n (git-fixes).\n\n - SUNRPC: Handle connection breakages correctly in\n call_status() (git-fixes).\n\n - SUNRPC/nfs: Fix return value for\n nfs4_callback_compound() (git-fixes).\n\n - supported.conf: Add vfio_ccw (bsc#1151192 jsc#SLE-6138).\n\n - supported.conf: Mark vfio_ccw supported by SUSE, because\n bugs can be routed to IBM via SUSE support\n (jsc#SLE-6138, bsc#1151192).\n\n - tcp: make sure EPOLLOUT wont be missed\n (networking-stable-19_08_28).\n\n - team: Add vlan tx offload to hw_enc_features\n (bsc#1051510).\n\n - team: Add vlan tx offload to hw_enc_features\n (networking-stable-19_08_21).\n\n - tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for\n interrupts (bsc#1082555).\n\n - tty: serial: fsl_lpuart: Use appropriate lpuart32_* I/O\n funcs (bsc#1111666).\n\n - tun: fix use-after-free when register netdev failed\n (bsc#1111666).\n\n - Update patches.suse/ext4-unsupported-features.patch\n (SLE-8615, bsc#1149651, SLE-9243).\n\n - Update\n patches.suse/powerpc-powernv-Return-for-invalid-IMC-doma\n in.patch (bsc#1054914, git-fixes).\n\n - Update s390 config files (bsc#1151192). - VFIO_CCW=m -\n S390_CCW_IOMMU=y\n\n - USB: usbcore: Fix slab-out-of-bounds bug during device\n reset (bsc#1051510).\n\n - vhost/test: fix build for vhost test (bsc#1111666).\n\n - video: ssd1307fb: Start page range at page_offset\n (bsc#1113722)\n\n - wcn36xx: use dynamic allocation for large variables\n (bsc#1111666).\n\n - x86/CPU/AMD: Clear RDRAND CPUID bit on AMD family\n 15h/16h (bsc#1114279).\n\n - x86/fpu: Add FPU state copying quirk to handle XRSTOR\n failure on Intel Skylake CPUs (bsc#1151955).\n\n - x86/tls: Fix possible spectre-v1 in do_get_thread_area()\n (bsc#1114279).\n\n - xen/netback: Reset nr_frags before freeing skb\n (networking-stable-19_08_21).\n\n - xen-netfront: do not assume sk_buff_head list is empty\n in error handling (bsc#1065600).\n\n - xen-netfront: do not use ~0U as error return value for\n xennet_fill_frags() (bsc#1065600).\n\n - xen/xenbus: fix self-deadlock after killing user process\n (bsc#1065600).\n\n - xsk: avoid store-tearing when assigning queues\n (bsc#1111666).\n\n - xsk: avoid store-tearing when assigning umem\n (bsc#1111666).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1054914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1104967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1119086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1123034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1127988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1131304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1137982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1140155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1141013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1142076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1146664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1148133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1148712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1148868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1149651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1150846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152975\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.20.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.20.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:24:45", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-31T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-2019-2.0-0189", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20976", "CVE-2019-14821", "CVE-2019-16746", "CVE-2019-17133"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2019-2_0-0189_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/132539", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-2.0-0189. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132539);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\n \"CVE-2018-20976\",\n \"CVE-2019-14821\",\n \"CVE-2019-16746\",\n \"CVE-2019-17133\"\n );\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-2019-2.0-0189\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-189.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-debuginfo-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-devel-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-docs-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-drivers-gpu-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-oprofile-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-aws-sound-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-debuginfo-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-devel-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-docs-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-drivers-gpu-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-debuginfo-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-devel-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-esx-docs-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-oprofile-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-debuginfo-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-devel-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-docs-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-secure-lkcm-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-sound-4.9.201-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", cpu:\"x86_64\", reference:\"linux-tools-4.9.201-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-02-26T15:28:27", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2017-18595: A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).\n\nCVE-2019-14821: An out-of-bounds access issue was found in the way Linux kernel's KVM hypervisor implements the coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system (bnc#1151350).\n\nCVE-2019-15291: There was a NULL pointer dereference caused by a malicious USB device in the flexcop_usb_probe function in the drivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).\n\nCVE-2019-9506: The Bluetooth BR/EDR specification up to and including version 5.1 permitted sufficiently low encryption key length and did not prevent an attacker from influencing the key length negotiation.\nThis allowed practical brute-force attacks (aka 'KNOB') that could decrypt traffic and injected arbitrary ciphertext without the victim noticing (bnc#1137865 bnc#1146042).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-10-21T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2710-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18595", "CVE-2019-14821", "CVE-2019-15291", "CVE-2019-9506"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-debug", "p-cpe:/a:novell:suse_linux:kernel-debug-base", "p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-debug-devel", "p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-obs-qa", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel", "p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default", "p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2019-2710-1.NASL", "href": "https://www.tenable.com/plugins/nessus/130089", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2019:2710-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(130089);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-18595\", \"CVE-2019-14821\", \"CVE-2019-15291\", \"CVE-2019-9506\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2710-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2017-18595: A double free may be caused by the function\nallocate_trace_buffer in the file kernel/trace/trace.c (bnc#1149555).\n\nCVE-2019-14821: An out-of-bounds access issue was found in the way\nLinux kernel's KVM hypervisor implements the coalesced MMIO write\noperation. It operates on an MMIO ring buffer 'struct\nkvm_coalesced_mmio' object, wherein write indices 'ring->first' and\n'ring->last' value could be supplied by a host user-space process. An\nunprivileged host user or process with access to '/dev/kvm' device\ncould use this flaw to crash the host kernel, resulting in a denial of\nservice or potentially escalating privileges on the system\n(bnc#1151350).\n\nCVE-2019-15291: There was a NULL pointer dereference caused by a\nmalicious USB device in the flexcop_usb_probe function in the\ndrivers/media/usb/b2c2/flexcop-usb.c driver (bnc#1146540).\n\nCVE-2019-9506: The Bluetooth BR/EDR specification up to and including\nversion 5.1 permitted sufficiently low encryption key length and did\nnot prevent an attacker from influencing the key length negotiation.\nThis allowed practical brute-force attacks (aka 'KNOB') that could\ndecrypt traffic and injected arbitrary ciphertext without the victim\nnoticing (bnc#1137865 bnc#1146042).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1051510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1061840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1071995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1082555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104967\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109158\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1123034\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1127988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1131304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137069\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137865\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1137982\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1140155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1141013\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142076\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146042\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146519\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146540\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1146664\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148712\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1148868\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149555\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149651\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150423\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1150846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151067\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151350\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151680\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151891\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152024\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152026\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152161\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152187\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152325\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152466\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152972\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152974\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18595/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-14821/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-15291/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-9506/\"\n );\n # https://www.suse.com/support/update/announcement/2019/suse-su-20192710-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1d1faa31\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1:zypper in -t patch\nSUSE-SLE-Product-WE-15-SP1-2019-2710=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2710=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Live-Patching-15-SP1-2019-2710=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Legacy-15-SP1-2019-2710=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-SP1-2019-2710=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-SP1-2019-2710=1\n\nSUSE Linux Enterprise High Availability 15-SP1:zypper in -t patch\nSUSE-SLE-Product-HA-15-SP1-2019-2710=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-kvmsmall-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kselftests-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-debug-livepatch-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-kvmsmall-livepatch-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-livepatch-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-man-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-qa-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-debugsource-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-vanilla-livepatch-devel-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-4.12.14-197.21.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kselftests-kmp-default-debuginfo-4.12.14-197.21.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:22:51", "description": "An update for kernel-alt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203)\n\n* kernel: use-after-free Read in vhost_transport_send_pkt (CVE-2018-14625)\n\n* kernel: Information leak in cdrom_ioctl_drive_status (CVE-2018-16658)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* IPMI use after free issue seen on Marvell ThunderX2 (BZ#1732163)\n\n* kernel: siginfo delivers SEGV_MAPERR instead of SEGV_ACCERR [rhel-alt-7.6.z] (BZ#1757189)\n\nEnhancement(s) :\n\n* [Marvell 7.7 z-stream BUG] CN99xx: DIMM label not extracted in EDAC hw error log (BZ#1721427)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-12-12T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-alt (RHSA-2019:4154)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18203", "CVE-2018-14625", "CVE-2018-16658", "CVE-2019-14821"], "modified": "2019-12-16T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python-perf", "p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2019-4154.NASL", "href": "https://www.tenable.com/plugins/nessus/131979", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:4154. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131979);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/16\");\n\n script_cve_id(\"CVE-2017-18203\", \"CVE-2018-14625\", \"CVE-2018-16658\", \"CVE-2019-14821\");\n script_xref(name:\"RHSA\", value:\"2019:4154\");\n\n script_name(english:\"RHEL 7 : kernel-alt (RHSA-2019:4154)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel-alt is now available for Red Hat Enterprise Linux\n7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es) :\n\n* Kernel: KVM: OOB memory access via mmio ring buffer (CVE-2019-14821)\n\n* kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject()\nallows local users to cause a denial of service (CVE-2017-18203)\n\n* kernel: use-after-free Read in vhost_transport_send_pkt\n(CVE-2018-14625)\n\n* kernel: Information leak in cdrom_ioctl_drive_status\n(CVE-2018-16658)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* IPMI use after free issue seen on Marvell ThunderX2 (BZ#1732163)\n\n* kernel: siginfo delivers SEGV_MAPERR instead of SEGV_ACCERR\n[rhel-alt-7.6.z] (BZ#1757189)\n\nEnhancement(s) :\n\n* [Marvell 7.7 z-stream BUG] CN99xx: DIMM label not extracted in EDAC\nhw error log (BZ#1721427)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:4154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-18203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-14625\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-16658\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-14821\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-18203\", \"CVE-2018-14625\", \"CVE-2018-16658\", \"CVE-2019-14821\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:4154\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:4154\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-abi-whitelists-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debug-devel-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-devel-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kernel-doc-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-headers-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kernel-kdump-devel-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"perf-debuginfo-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-4.14.0-115.16.1.el7a\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"python-perf-debuginfo-4.14.0-115.16.1.el7a\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-25T14:42:34", "description": "An update of the linux package has been released.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 9.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2019-09-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Linux PHSA-209-2.0-0175", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20856", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-15239", "CVE-2019-15926"], "modified": "2019-12-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:linux", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-209-2_0-0175_LINUX.NASL", "href": "https://www.tenable.com/plugins/nessus/128725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-209-2.0-0175. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128725);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/30\");\n\n script_cve_id(\n \"CVE-2018-20856\",\n \"CVE-2019-14283\",\n \"CVE-2019-14284\",\n \"CVE-2019-15239\",\n \"CVE-2019-15926\"\n );\n\n script_name(english:\"Photon OS 2.0: Linux PHSA-209-2.0-0175\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the linux package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-175.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-15926\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-api-headers-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-drivers-gpu-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-oprofile-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-aws-sound-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-drivers-gpu-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-esx-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-oprofile-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-debuginfo-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-devel-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-docs-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-secure-lkcm-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-sound-4.9.189-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"linux-tools-4.9.189-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux\");\n}\n", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}}, {"lastseen": "2023-02-05T15:19:07", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from 2.6.34 to 5.2.x, in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-10-15T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0200)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-1071", "CVE-2019-1073", "CVE-2019-1125", "CVE-2019-14821", "CVE-2019-14835"], "modified": "2022-05-18T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2019-0200_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/129924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2019-0200. The text\n# itself is copyright (C) ZTE, Inc.\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129924);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\"CVE-2019-1125\", \"CVE-2019-14821\", \"CVE-2019-14835\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0200)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - An information disclosure vulnerability exists when\n certain central processing units (CPU) speculatively\n access memory, aka 'Windows Kernel Information\n Disclosure Vulnerability'. This CVE ID is unique from\n CVE-2019-1071, CVE-2019-1073. (CVE-2019-1125)\n\n - An out-of-bounds access issue was found in the Linux\n kernel, all versions through 5.3, in the way Linux\n kernel's KVM hypervisor implements the Coalesced MMIO\n write operation. It operates on an MMIO ring buffer\n 'struct kvm_coalesced_mmio' object, wherein write\n indices 'ring->first' and 'ring->last' value could be\n supplied by a host user-space process. An unprivileged\n host user or process with access to '/dev/kvm' device\n could use this flaw to crash the host kernel, resulting\n in a denial of service or potentially escalating\n privileges on the system. (CVE-2019-14821)\n\n - A buffer overflow flaw was found, in versions from\n 2.6.34 to 5.2.x, in the way Linux kernel's vhost\n functionality that translates virtqueue buffers to IOVs,\n logged the buffer descriptors during migration. A\n privileged guest user able to pass descriptors with\n invalid length to the host when migration is underway,\n could use this flaw to increase their privileges on the\n host. (CVE-2019-14835)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2019-0200\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14835\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14821\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/ZTE-CGSL/release\");\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, \"NewStart Carrier Grade Server Linux\");\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item(\"Host/ZTE-CGSL/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"NewStart Carrier Grade Server Linux\", cpu);\n\nflag = 0;\n\npkgs = {\n \"CGSL CORE 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-core-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.462.gc02854e.lite\"\n ],\n \"CGSL MAIN 5.04\": [\n \"kernel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-doc-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"perf-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"python-perf-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\",\n \"python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.22.459.gdcac6d6\"\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:\"ZTE \" + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:19:55", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2019-14821\n\nMatt Delco reported a race condition in KVM's coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. A local attacker permitted to access /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\nCVE-2019-14835\n\nPeter Pi of Tencent Blade Team discovered a missing bounds check in vhost_net, the network back-end driver for KVM hosts, leading to a buffer overflow when the host begins live migration of a VM. An attacker in control of a VM could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation on the host.\n\nCVE-2019-15117\n\nHui Peng and Mathias Payer reported a missing bounds check in the usb-audio driver's descriptor parsing code, leading to a buffer over-read. An attacker able to add USB devices could possibly use this to cause a denial of service (crash).\n\nCVE-2019-15118\n\nHui Peng and Mathias Payer reported unbounded recursion in the usb-audio driver's descriptor parsing code, leading to a stack overflow. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. On the amd64 architecture this is mitigated by a guard page on the kernel stack, so that it is only possible to cause a crash.\n\nCVE-2019-15902\n\nBrad Spengler reported that a backporting error reintroduced a spectre-v1 vulnerability in the ptrace subsystem in the ptrace_get_debugreg() function.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 4.9.189-3+deb9u1~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-10-02T00:00:00", "type": "nessus", "title": "Debian DLA-1940-1 : linux-4.9 security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15902"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1940.NASL", "href": "https://www.tenable.com/plugins/nessus/129505", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1940-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(129505);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-14835\", \"CVE-2019-15117\", \"CVE-2019-15118\", \"CVE-2019-15902\");\n\n script_name(english:\"Debian DLA-1940-1 : linux-4.9 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2019-14821\n\nMatt Delco reported a race condition in KVM's coalesced MMIO facility,\nwhich could lead to out-of-bounds access in the kernel. A local\nattacker permitted to access /dev/kvm could use this to cause a denial\nof service (memory corruption or crash) or possibly for privilege\nescalation.\n\nCVE-2019-14835\n\nPeter Pi of Tencent Blade Team discovered a missing bounds check in\nvhost_net, the network back-end driver for KVM hosts, leading to a\nbuffer overflow when the host begins live migration of a VM. An\nattacker in control of a VM could use this to cause a denial of\nservice (memory corruption or crash) or possibly for privilege\nescalation on the host.\n\nCVE-2019-15117\n\nHui Peng and Mathias Payer reported a missing bounds check in the\nusb-audio driver's descriptor parsing code, leading to a buffer\nover-read. An attacker able to add USB devices could possibly use this\nto cause a denial of service (crash).\n\nCVE-2019-15118\n\nHui Peng and Mathias Payer reported unbounded recursion in the\nusb-audio driver's descriptor parsing code, leading to a stack\noverflow. An attacker able to add USB devices could use this to cause\na denial of service (memory corruption or crash) or possibly for\nprivilege escalation. On the amd64 architecture this is mitigated by a\nguard page on the kernel stack, so that it is only possible to cause a\ncrash.\n\nCVE-2019-15902\n\nBrad Spengler reported that a backporting error reintroduced a\nspectre-v1 vulnerability in the ptrace subsystem in the\nptrace_get_debugreg() function.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n4.9.189-3+deb9u1~deb8u1.\n\nWe recommend that you upgrade your linux-4.9 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/10/msg00000.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux-4.9\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14835\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-4.9-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-0.bpo.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/10/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-arm\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-amd64\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armel\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-armhf\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-all-i386\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-amd64\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-common-rt\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-marvell\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-686-pae-dbg\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-amd64-dbg\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-armmp-lpae\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-marvell\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-686-pae-dbg\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-4.9.0-0.bpo.7-rt-amd64-dbg\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-4.9\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-4.9.0-0.bpo.7\", reference:\"4.9.189-3+deb9u1~deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T15:15:51", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2019-14821 Matt Delco reported a race condition in KVM's coalesced MMIO facility, which could lead to out-of-bounds access in the kernel. A local attacker permitted to access /dev/kvm could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation.\n\n - CVE-2019-14835 Peter Pi of Tencent Blade Team discovered a missing bounds check in vhost_net, the network back-end driver for KVM hosts, leading to a buffer overflow when the host begins live migration of a VM. An attacker in control of a VM could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation on the host.\n\n - CVE-2019-15117 Hui Peng and Mathias Payer reported a missing bounds check in the usb-audio driver's descriptor parsing code, leading to a buffer over-read. An attacker able to add USB devices could possibly use this to cause a denial of service (crash).\n\n - CVE-2019-15118 Hui Peng and Mathias Payer reported unbounded recursion in the usb-audio driver's descriptor parsing code, leading to a stack overflow. An attacker able to add USB devices could use this to cause a denial of service (memory corruption or crash) or possibly for privilege escalation. On the amd64 architecture, and on the arm64 architecture in buster, this is mitigated by a guard page on the kernel stack, so that it is only possible to cause a crash.\n\n - CVE-2019-15902 Brad Spengler reported that a backporting error reintroduced a spectre-v1 vulnerability in the ptrace subsystem in the ptrace_get_debugreg() function.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-09-25T00:00:00", "type": "nessus", "title": "Debian DSA-4531-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14821", "CVE-2019-14835", "CVE-2019-15117", "CVE-2019-15118", "CVE-2019-15902"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:10.0", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DSA-4531.NASL", "href": "https://www.tenable.com/plugins/nessus/129306", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4531. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(129306);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2019-14821\", \"CVE-2019-14835\", \"CVE-2019-15117\", \"CVE-2019-15118\", \"CVE-2019-15902\");\n script_xref(name:\"DSA\", value:\"4531\");\n\n script_name(english:\"Debian DSA-4531-1 : linux - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2019-14821\n Matt Delco reported a race condition in KVM's coalesced\n MMIO facility, which could lead to out-of-bounds access\n in the kernel. A local attacker permitted to access\n /dev/kvm could use this to cause a denial of service\n (memory corruption or crash) or possibly for privilege\n escalation.\n\n - CVE-2019-14835\n Peter Pi of Tencent Blade Team discovered a missing\n bounds check in vhost_net, the network back-end driver\n for KVM hosts, leading to a buffer overflow when the\n host begins live migration of a VM. An attacker in\n control of a VM could use this to cause a denial of\n service (memory corruption or crash) or possibly for\n privilege escalation on the host.\n\n - CVE-2019-15117\n Hui Peng and Mathias Payer reported a missing bounds\n check in the usb-audio driver's descriptor parsing code,\n leading to a buffer over-read. An attacker able to add\n USB devices could possibly use this to cause a denial of\n service (crash).\n\n - CVE-2019-15118\n Hui Peng and Mathias Payer reported unbounded recursion\n in the usb-audio driver's descriptor parsing code,\n leading to a stack overflow. An attacker able to add USB\n devices could use this to cause a denial of service\n (memory corruption or crash) or possibly for privilege\n escalation. On the amd64 architecture, and on the arm64\n architecture in buster, this is mitigated by a guard\n page on the kernel stack, so that it is only possible to\n cause a crash.\n\n - CVE-2019-15902\n Brad Spengler reported that a backporting error\n reintroduced a spectre-v1 vulnerability in the ptrace\n subsystem in the ptrace_get_debugreg() function.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-14821\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-14835\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-15117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-15118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2019-15902\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2019/dsa-4531\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (stretch), these problems have been\nfixed in version 4.9.189-3+deb9u1.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 4.19.67-2+deb10u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-14835\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/08/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_key
Important kernel security update: Virtuozzo ReadyKernel patch 91.0 for Virtuozzo 7.0 and Virtuozzo Infrastructure Platform 2.5, 3.0
